Magecart claims another victim in Newegg merchant data theft
Magecart, the notorious hacking group behind the Ticketmaster and British Airways data breaches, has now victimized popular computer hardware and consumer electronics retailer Newegg.
Magecart hacking group managed to infiltrate the Newegg website and steal the credit card details of all customers who entered their payment card information between August 14 and September 18, 2018, according to a joint analysis from Volexity and RiskIQ. The Magecart hacking group, which has been active since 2015, registered a domain called neweggstats.com. Being similar to Newegg's legitimate domain, newegg.com, it was likely registered to appear as a genuine extension of the true domain.
The attack affected both desktop and mobile customers, though it is still unclear how many customers were actually hit by this credit card breach. However, considering that more than 50 million shoppers visit Newegg every month and that the malicious code was there for over one month, it could be assumed that this Magecart newest card skimming campaign has possibly stolen the payment information on millions of Newegg customers, even if only a fraction of those visitors make purchases.
But where would this payload come from? Newegg itself. Around the same day, the cyberattackers were able to infiltrate Newegg systems and drop payment card skimmer code into the e-retailer's checkout process.
How do we solve the problem? There is no silver bullet, but some security measures definitely make it harder for the attacker: 1) Define a (strict) Content-Security-Policy (CSP) 2) Trust your 3rd parties, but verify with Subresource Integrity (SRI) 3) Make sure all assets on sensitive pages use SRI through...CSP.