According to a Cyberpion study, several of the world's top corporations in retail, finance, healthcare, power, and many other industries, including Fortune 500, Global 500, and governments, are struggling to avoid Magecart assaults. Magecart is a term used to describe a type of cyber attack wherein cybercriminals compromise third-party code (typically Javascript that runs in browsers) to grab, or scrape, details such as credit card information from web applications (e.g., online checkout software) or webpages that incorporate the code.
Over the previous two years, the researchers examined over 30,000 flaws and discovered huge shortcomings in existing security platforms and mechanisms for detecting and mitigating Magecart assaults.
There have also been significant gaps in firms revealing to their customers' security vulnerabilities or exploits happening throughout their digital supply chains, putting all linked organizations at risk of a breach.
“Our conclusion from the analysis is that as of today, organizations fail to face Magecart threats and detect the vulnerabilities and exploits that hackers leverage to conduct these attacks,” said Cyberpion CEO Nethanel Gelernter.
“Victims are often the last to know as it’s only later that organizations find that their data was sold or exploited, with the problem extending beyond any single vendor or client relationship. For enterprises, in particular, Magecart attacks pose a significant challenge because it is problematic to set up a solution at scale.”
Alongside Web, skimming has also been on the surge. It is indeed a danger to online businesses and customers, with cyberattacks significantly affecting firms such as British Airways and Ticketmaster in 2018, Forbes in 2019, as well as local US government portals and messaging app Telegram in 2020.
At least one of the top five firms in a variety of industries – retail, insurance, financial services, pharma, media, security, and others – were discovered to be susceptible or exploited. And over 1000 online stores are exposed, putting their consumers at risk of being skimmed. Many of the most widely circulated worldwide newspapers were discovered to be susceptible, frequently via their main page.
Some weak or mistreated businesses deploy anti-Magecart solutions, however, they may be circumvented. Vendor architecture exposes numerous other linked businesses to Magecart, but suppliers frequently fail to notify customers early enough so that preventative action may be taken. In one example, a major internet advertising network impacted 15 worldwide insurance firms, as well as hundreds of smaller businesses.
