Magecart Attacks Expand to CSS

Categories
Tech

It wasn’t all that long ago that the idea of spending money online by entering your credit card details on a website sounded fraught with risk. Today, in an age in which the biggest retailers predominantly exist online rather than offline, this doesn’t seem such a big threat anymore. Buying an item over the internet is seamless and, so long as you trust the company or vendor you’re purchasing from, it doesn’t seem any riskier than spending money elsewhere.

Most of the time,
that’s entirely accurate. Unfortunately, there are still scenarios in which
payment data can be stolen — even in instances where the vendor you’re making
a purchase from is eminently trustworthy. This is where the cyber security threat of web skimming comes into play.

Definition of a web skimmer

A web skimmer
refers to a specific type of internet credit card-related fraud in which
attackers compromise a website by using malicious code in order to steal
payment information. With websites growing more complex all the time, it’s
possible for attackers to insert this fraudulent code, and for it to sit there
on websites for a sustained period of time, siphoning off customer information
as it does.

These attacks can
even affect major retailers — such as when British Airways had approximately
380,000 customer card details stolen in 2018. During the web skimming attack in
question, which lasted for around three weeks, malicious code on both the
airline’s website and its mobile app meant customers purchasing plane tickets
had their credit card information — along with names, billing address, and
email — forwarded to a private server in Romania.

A similar attack,
which affected 40,000 customers, was targeted at ticket vendor company
Ticketmaster.

The Magecart consortium

The most famous
web skimming entity is Magecart, a consortium of hackers who go after online
shopping cart systems — most frequently Magento — in order to steal payment
card data. These attacks, which are also referred to as supply chain attacks,
can provide a lucrative reward for hackers by providing them with a stream of
data they can use to enrich themselves.

As with any
cyberattack, over time web skimmers have changed up the way they operate in
order to avoid detection, and take advantage of new vulnerabilities they can
capitalize on. One recent example of this is hackers hiding web skimmers in websites’
CSS files
. CSS files refer
to Cascading Style Sheets. They’re a cornerstone of internet technology, much
like JavaScript and HTML, which describe the presentation of documents written
in markup language like HTML. CSS files contain code detailing the different
colors of page elements, font settings, text size, and similar.

Over the past 10
years, CSS language has grown increasingly complex as CSS has become a more
powerful tool in its own right. Unfortunately, hackers have been taking
advantage of this by finding ways to modify CSS files using malicious code —
thereby allowing their data-swiping attacks to go undetected. This is because
embedding their code in CSS files is one way to get around automated security
scanners, and maybe even manual security code checks, without raising the
alarm.

Do a good job of protecting yourself

The use of
Magecart attacks exploiting CSS files is just one more example of how
cyberattackers continue to evolve. For this reason, vendors must do a better
job of regularly inspecting the code running on their websites in order to
protect customers (and themselves) against such attacks. This kind of source
code review is a “must” for any vendor operating an online store.

To make
protecting yourself more straightforward, it’s strongly advisable that vendors
consider a tool like a Web Application Firewall (WAF). WAFs can be deployed as
a means of inspecting incoming and outbound HTTP/S traffic to a web
application, and filtering out any malicious traffic. A good WAF will utilize
threat intelligence, based on things like known attack patterns, in order to
work out which traffic shouldn’t be able to reach a particular application. In
the case of Magecart attacks, WAFs can detect and block attacks that target vulnerabilities
known as being exploited by cyberattackers. A Web Application Firewall is
therefore a very valuable tool that could make a major difference when it comes
to a business that’s under attack.

Web skimming
attacks can be devastating. They harm both customers and vendors alike, and are
only becoming more of a problem as time goes on. During the current COVID-19
coronavirus pandemic, more people than ever are relying on the internet as
essential infrastructure that allows them to do their shopping. This only
further incentivizes wrongdoers who seek to capitalize on the opportunity to
steal valuable data.

By deploying the
approaches described here, you can help fight back against them. For the good
of the people who want to do business with you, it’s the best, smartest and —
in some ways the only — option that’s available. Use it as best you can.

The post Magecart Attacks Expand to CSS appeared first on .