More than 80 global e-commerce sites are reported to be compromised by Magecart groups, according to research released this week. "Magecart" is an umbrella term given to multiple threat groups that use credit card skimming technology to infect e-commerce platforms and websites in order to steal personal and financial information. The group made headlines in 2018 for high-profile mega-breaches of global brands including Ticketmaster, Forbes, British Airways and Newegg.
The research, commissioned by Arxan Technologies and conducted by Aite Group, found 100 percent of the 80 sites discovered had no in-app protection implemented, such as tamper detection or code obfuscation. And, 25 percent of the sites discovered were large, reputable brands in the motorsports industry and luxury apparel.
“Virtual credit card skimmers, [the use of which is] also known as formjacking, are inserted into a web application, often the shopping cart, and are used to steal credit cards to sell on the black market and for shipping scams to traffic goods purchased with stolen cards,” according to a release on the report.
"Once again we're disappointed in what the research uncovered: the systemic lack of web-app protection being used by e-commerce websites and the inability of network and endpoint security solutions to completely protect consumers against this pervasive threat," said Aaron Lint, chief scientist and vice president of research for Arxan.
An estimated 20 percent of websites hit by Magecart become reinfected within five days of remediating the original problem, researchers noted.