Join me to learn more about Magecart attacks – and how to defend against them

Register for a free webinar discussing the alarming rise in Magecart, and how it can be countered.

Graham Cluley
Graham Cluley
@[email protected]

Join me to learn more about Magecart attacks - and how to defend against them

If you have been following the security headlines in the last year you cannot fail to have noticed the alarming rise in reports of Magecart.

Magecart is a family of Javascript malware, used to skim credit card data and personal information from innocent internet users as they interact with websites.

Traditionally malware infects users’ computers, opening backdoors through which hackers can remotely access files, steal resources, or spy on their victims.

Sign up to our free newsletter.
Security news, advice, and tips.

In a typical data breach, hackers break into company servers, access databases and steal large amounts of information – perhaps including encrypted passwords, email addresses, telephone numbers, and maybe even limited financial information.

CVVWhat you don’t normally see in a data breach, however, is full payment card information stolen.

That’s because most companies don’t store your full credit card details – such as your CVV security code. If they did, data breaches would be much more serious, as it would be easier for hackers to monetise the data that they’ve stolen.

What’s so dangerous about Magecart’s attacks are that it doesn’t matter that a company hasn’t stored your credit card details.

A Magecart attack doesn’t have to break into your customer database. Instead, its malicious script lurks on a company’s website watching the information entered by customers as they checkout from your online shop, and skimming it away.

Typically the malicious code will be hosted on a third-party site, and the webpage’s HTML source code will just contain a single reference running the dangerous script.

In the past six months there have been numerous companies impacted by Magecart, including Ticketmaster, British Airways, Feedify, Umbro, Vision Direct, Newegg… the list goes on and on.

Magecart timeline

Hundreds of millions of customers have been affected. And if you operate a website today, you are most likely susceptible to this type of attack.

So, what are you going to do about it?

Join me on a webinar

You can hear me talk more about the threat posed by Magecart, and hear about the pros and cons of different ways to defend against the threat, in a webinar I am speaking at with the experts from Source Defense.

    Title: Mitigating Magecart Attacks – Why Real-Time Prevention Is Your Best Option
    Date: Wednesday, February 27, 2019
    Time: 12:00 PM Eastern Standard Time
    Duration: 1 hour

Register now, and learn more about these browser session attacks that can silently skim payment data and personally identifiable information. If you can’t attend the webinar “live”, register anyway and I’m sure they’ll send you a link to the recording afterwards.

I’m looking forward to it, and hope to see some of you there.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.