For Magecart groups and other credit-card skimmers, old and new opportunities abound

Written by
Mar 21, 2022 | CYBERSCOOP

At a time when big cybercrime headlines typically involve embattled ransomware gangs or cryptocurrency heists, a less-dramatic activity like online credit-card skimming can be an afterthought. The security researchers who track skimmer groups, though, say these pesky crooks shouldn’t be overlooked.

In mid-February, the cybersecurity companies Sansec and Malwarebytes warned about a specific series of intrusions on e-commerce sites by Magecart hackers — the umbrella term for criminal groups who specialize in capturing people’s credit-card data when they make purchases online. Hundreds of sites were affected by the skimmers, reports said, and most of them were running old, unsupported payment software.

It was a reminder that years of warnings hadn’t reached some corners of the e-commerce world. It was also the latest sign that a threat identified a half-decade ago was not fading away. Sansec called the latest attack methods “clever,” and Malwarebytes said Magecart groups were continuing to “expand and diversify their methods.”

February’s discoveries showed that the “low-hanging fruit” is still available for these hackers, said Steve Ginty, director of threat intelligence at Microsoft-owned RiskIQ, which wrote the first definitive report on Magecart groups in 2018 with

Read More: