The National Cyber Security Centre (NCSC) in the United Kingdom has issued a warning to the owners of over 4,000 online retailers that their sites had been penetrated in Magecart attempts to steal consumers’ financial information.
As reported by BleepingComputer, the threat actors inject credit card skimmers (also known as payment card skimmers or web skimmers) into compromised online stores in Magecart attacks (also known as web skimming, digital skimming, or e-Skimming) to harvest and steal payment and/or personal information submitted by customers at the checkout page.
Small online retailers are being encouraged to protect their customers and profits from the threat of callous shopping skimmers who could target them on Black Friday and Cyber Monday.
The activity of skimming exploits a vulnerability in software used at the checkout page on shopping sites to divert payments and steal details of unsuspecting customers. The National Cyber Security Centre – a part of GCHQ – proactively identified 4,151 compromised online shops up to the end of September and alerted retailers to these security vulnerabilities.
The majority of the online shops used for skimming identified by the NCSC had been compromised via a known vulnerability in Magento, a popular e-commerce platform.