Threat Watch

“Keeper” Hacking Group Breaches More Than 570 Online Stores

Since April 2017, the hacking group “Keeper” is believed to have been responsible for breaches at more than 570 online e-commerce portals. Originally discovered by Gemini Advisory, Keeper used Magecart-style attacks to gain illegal access to online store backends and inserted malicious scripts to skim payment card details entered by customers during the checkout process. While Keeper mainly attacked small-scale operations, they also hit some big-name stores, including sites that drew between 500,000 to 1,000,000 monthly visitors.

ANALYST NOTES

Companies that operate online shopping websites should be aware of the ways attackers infiltrate servers to modify JavaScript code and hide malicious functions in unusual places. Servers should be protected using strong Multi-Factor Authentication (MFA) and monitored around the clock for unusual logins, anomalous behavior by administrator accounts, and unexpected changes to HTML or JavaScript files. These attacks happen on legitimate sites and are very difficult for consumers to detect, so when shopping online, Binary Defense recommends using virtual credit cards set with a limit just slightly larger than the purchase amount, so that if the card number is stolen, it cannot be used for fraud. A virtual credit card is a service that allows online shoppers to mask their credit card’s sensitive information by using a uniquely generated card number, expiration date, and security code.

https://www.zdnet.com/article/keeper-hacking-group-behind-hacks-at-570-online-stores/