Threat Watch

Warner Music Group Struck With Months-Long Magecart Style Attack

Multiple e-commerce sites belonging to Warner Music Group have suffered Magecart style attacks according to a breach notification letter that was filed yesterday with the California Attorney Generals Office. The music mogul said the attacks happened between April 25th and August 5th and affected sites that used a third-party hosting company. Warner also added “Any personal information you entered into one or more of the affected websites between April 25, 2020 and August 5, 2020 after placing an item in your shopping cart was potentially acquired by the unauthorized third party. This could have included your name, email address, telephone number, billing address, shipping address, and payment card detail.” They did reassure that payments made through PayPal were not affected, however. Many users were irritated because the breach notification letter did not disclose which e-commerce sites were impacted, so it was difficult for users to determine if their information may have been compromised. Free credit monitoring is being offered through Warner by Kroll for anyone who may have been affected.

ANALYST NOTES

Users who believe they could be affected should keep a close eye on their credit card statements and report any unknown charges. The use of the free credit monitoring provided by Warner should be taken advantage of as well. Operators of e-commerce sites need to carefully monitor activity on the webserver that hosts the checkout page, in order to take quick action if an unauthorized change is made to HTML or JavaScript. All such changes should be carefully reviewed to determine if they represent a threat. This requires careful attention to detail, because threat actors have hidden malicious JavaScript code in unlikely places, including the metadata of icon image files. Another method of protection when dealing with these attacks is a service such as Binary Defense’s typo-squatting monitoring, which involves searching for any registered domains that are similar to a company’s legitimate domain names and could be used for malicious purposes. In some previous cases, attackers have set up a fake version of a website on a look-alike domain name to trick customers into entering their password or personal information on the attackers’ site.
Source: https://www.zdnet.com/article/warner-music-discloses-months-long-web-skimming-incident/