Willem de Groot from Sanguine Security told Computer Business Review: “This is the largest number of breaches [of] stores over a 24-hour period, which implies that their operation is highly automated. Victims are from all over the world, so were likely chosen opportunistically.”
He added: “I am still waiting for logs to accurately say how they got compromised, but at first glance it appears to be a PHP object injection exploit for an existing vulnerability.”
Magecart Attacks are Rampant
Among the most high-profile victims: British Airways, which had 380,000 customers’ payment details stolen in a card skimming attack last August (2018).
US-based threat research firm RiskIQ says it has identified seven core Magecart groups; an umbrella term for threat groups using a range of card skimmers.
RiskIQ identified the groups by analysing unique sets of infrastructure (pools of IP addresses, domains and specific server setup fingerprints); skimmers (unique obfuscation techniques and loading strategies) and targeting (each uses different methods to reach their victims).