Member Article

All e-commerce platforms a target for web-skimming groups like Magecart

RiskIQ this week released research exposing web skimming attacks on e-commerce sites running third-party payment platforms like OpenCart.

A rash of breaches by web-skimming groups under the infamous Magecart umbrella have made national headlines for targeting the Magento platform. However, the research shows the threat of web skimming goes well beyond Magento to dozens of third-party payment platforms used by hundreds of thousands of stores around the world.

“Organisations need to understand that skimming groups can prey on any web environment and we see every online shopping platform targeted in our telemetry data,” said Yonathan Klijnsma, RiskIQ threat researcher. “Skimming attacks on any platform is a critical issue because while payment data is currently the focus, we’re already seeing moves to skim login credentials and other sensitive information. This widens the scope of potential Magecart victims far beyond e-commerce.”

The rise of web-skimming coincides with the development and evolution of online shopping platforms that power not only large e-tailers but thousands of smaller stores. While breaches of prominent brands like British Airways and Ticketmaster have become infamous, it’s the lesser-known stores that help Magecart thrive since they are more prone to security flaws.

This was posted in Bdaily's Members' News section by RiskIQ .