According to The new report by Trustwave, hackers have intensified attacks on e-commerce sites just before the festive season to steal bank cards and personal information. Magecart attacks, originating in 2015, continue to pose a serious threat to online store owners.
Magecart remains active primarily due to the widespread use of the Magento platform, which serves as the foundation for thousands of online stores worldwide. The shift to online shopping during the 2020 pandemic has expanded the attack surface and augmented the threat.
Attackers employ various methods to gain unauthorized access to websites by exploiting vulnerabilities in the platform, third-party services, or the site’s infrastructure. In 2024, cybercriminals exploited vulnerabilities such as:
- CVE-2024-20720 (CVSS: 9.1) – A critical vulnerability in Magento that led to large-scale hacks starting in April.
- Cosmicsting (CVE-2024-34102 and CVE-2024-2961) – Attackers exploited vulnerabilities to access confidential data, execute remote code, and insert malicious scripts, affecting a significant portion of Adobe Commerce and Magento.
Once access is gained, hackers implant skimmers on key website pages, especially on order pages, to collect user data, including card numbers and CVV codes.
In 2024, instances of abuse of the popular Google Tag Manager (GTM) tool became more frequent. Hackers created their own GTM accounts to insert malicious scripts that run undetected on infected sites, making it harder to identify malicious activity.
The collected data is transmitted to attackers’ servers using various methods, including HTTP requests and WebSocket connections. Data is often encoded in Base64 format to hinder analysis.
To mitigate risks from Magecart attacks, it is recommended to:
- Update platforms