Payment Pages Are Being Compromised To Steal Data  - Olmec Skip to main content

Payment Pages Are Being Compromised To Steal Data 

By October 9, 2018June 3rd, 2022Cybersecurity

Symantec’s most recent statistics have revealed a disturbing trend.  Malware designed to compromise checkout pages is seeing a big spike in use, with the company reporting a staggering 248,000 attempts since August 13th of this year, with more than a third of them (36 percent) between September 13th through September 20th. As disturbing as those numbers are, that’s just the tip of the iceberg.

As Symantec notes on their website:

“If we compare the week of September 13 to 20 to the same week in August, the number of instances of formjacking attacks blocked by Symantec more than doubled, jumping from just over 41,000 to almost 88.500 – a percentage increase of 117 percent.”

Leading the surge is a particularly nasty strain of malware known as “Magecart.”  Magecart campaigns are quite robust that begin by breaching the target website, then injecting malicious scripts into it that are designed to scrape card details and other customer information provided during the checkout process. This is an attack that’s alternately known as formjacking, payment card scraping, and web-based skimming.

Symantec isn’t the only company to take note of the trend.  RiskIQ has been sink holing domains associated with Magecart infrastructure for much of the month and alerting companies compromised by Magecart attacks as they find them.

Kevin Beaumont, an independent security researcher, had this to say via Twitter:
“#TrackingMagecart I’ve updated the IoCs to double the number of domains, now tracking over 1000 objects – some of the domains have now been sink holed.  Recommend InfoSec vendors block/flag domains.”

Magecart isn’t new.  Security researchers have been tracking it since 2015, and independent researcher Willem de Groot has created a malware scanning website called MageReport, which allows business owners to check to see if their Magento-based webshop is vulnerable to this type of attack.  If you think you might be, it certainly bears making use of.

At present, the one thing that’s not known is the reason behind the sudden spike.  Only that it’s happening.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.