One Magecart group decided that helping cancer victims is not enough of a reason to deter them from hitting the American Cancer Society’s online store with skimming malware.
Sanguine Security found the malware on www.shop.cancer.org/ hiding behind the GoogleTagManager code. The store sells t-shirts emblazoned with the organization’s logo.
“It searches for “’checkout’ (Y2hlY2tvdXQ=) and will then load the actual skimming code from thatispersonal.com/assets/cancer.js (copy). This server is hosted in Irkutsk, a Russian network that is popular among skimming groups,” the company said.
Sanguine has
contacted the American Cancer Society, but has not yet received a response.
The various Magecart crews have hit a wide variety of organizations, companies and retailers ranging from British Airways to Ticketmaster to Newegg.
Jonathan Deveaux, head of enterprise data protection, comforte AG, said that while these attacks are very sophisticated there are defensive measures one can put in place.
“Companies
can improve their webpage monitoring, file integrity checking, and blocking of
untrusted external sources to defend against this type of sophisticated
attack. Additionally, organizations can
deploy data-centric security, which can anonymize sensitive data at its
earliest point of entry into their enterprise, which is a major step to
dramatically reduce risks associated with data breaches and sensitive data
exfiltration,” he said.
Mounir
Hahad, head of Juniper Threat Labs at Juniper Networks, also noted that there
is a simple answer to this problem.
“Website
owners should periodically check the integrity of their script code, which can
be as simple as calculating a checksum every few minutes to look for an
unexpected change,” he said.
Gloss