Threat Watch

Magecart Campaign Compromises 960 E-Commerce Sites in 24 Hours

Magecart: A new campaign tied to Magecart has been discovered to have compromised 962 e-commerce stores around the world over a 24-hour period.  Magecart is a conglomeration of multiple cyber-criminal groups who all utilize the same malware for the purpose of compromising payment systems. While the exact details of how the systems were exploited are currently unknown, it is believed that it possibly stemmed from a vulnerability in the Magento platform, although that has yet to be confirmed.  This is the largest number of breaches in such a short period of time to ever take place.  It currently appears that the victims were more targets of opportunity rather than part of a targeted attack campaign.  It is currently believed that there are seven core groups operating as part of Magecart though.

ANALYST NOTES

Because of the significant overlap in tools, targets, and techniques, it is difficult to be sure just how widespread the Magecart umbrella is. As logs from each of the victims are analyzed, it will likely become clearer how this current campaign was carried out.