Misconfigured Amazon S3 Buckets: Magecart Hackers Infect Numerous Sites


The Cyber security researchers have lately identified yet another supply-chain attack that has been carried out by payment card hackers against over 17,000 web domains, which also include websites in the top 2,000 of Alexa rankings. As the matter of fact, Magecart is neither a single group nor a specific malware instead is an umbrella term given to all those cybercriminal groups and individuals who inject     digital card skimmers on compromised websites, while stating that it is not necessary for every one of them to use similar techniques with the same sophistication. A new report shared with one of the mirrors prior to its release details a new supply-chain attack campaign wherein the hackers are using shotgun approach instead of targeted attacks to infect a broad spectrum of websites, preferring larger infection reach as possible over accuracy.

Almost two months ago, the security researchers from RiskIQ had discovered supply-chain attacks involving credit card skimmers placed on several web-based suppliers, including AdMaxim, CloudCMS, and Picreel intending to infect as many websites as possible within a short span of time. However, upon continuous monitoring of their activities, the researchers found that the actual scale of this campaign, which started in early April 2019, is much larger than the previously reported. As per the researchers, since the beginning of the campaign, this group of the Magecart attackers or hackers has continuously been scanning the Internet for misconfigured Amazon S3 buckets, which permits anyone to view and edit files it contains and injecting their digital card skimming code at the bottom of every JavaScript file they find. Since the hackers don’t always have the idea if the overwritten JavaScript files being used by a website or a project, it’s more like shooting an arrow in the dark.

Moreover, it appears that many of the infected JavaScript files were not even a part of the payment page, which is the primarily targeted location from where the digital skimmers capture users’ payment card details and send them to an attacker-controlled server. Hardly a week goes by without hearing about a company that left its sensitive data exposed on the Internet, and unfortunately, most of them are the one that failed to configure [1, 2] their Amazon S3 buckets properly or frequently.

In the meantime, in a separate report released recently by the Zscaler ThreatLabZ research team, the researchers had disclosed details of a newly discovered Magecart campaign where the hackers are using a sophisticated and targeted approach to steal credit and debit card details from e-commerce sites. As the report states, instead of making use of digital skimming code in plain JavaScript, the group has been found using a heavily obfuscated version of its card-skimmer with encrypted payloads in an attempt to prevent the researchers from easily identifying the compromised websites.

Magecart has made headlines last year after payment card hackers conducted several high-profile attacks against major international companies including British Airways, Ticketmaster, and Newegg. For failing to protect the personal information of around half a million of its customers during last year’s security breach, Britain’s Information Commissioner’s Office (ICO) just recently hit British Airways with a record fine of £183 million.

Source: The Hacker News

Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.

Tags: #Deep_Web_directories #Hidden_Wiki_Links #Deep_Web_Links_and_Web_Sites #Dark_Web_Links #Best_Dark_web_Websites


Please enter your comment!
Please enter your name here