RiskIQ and Flashpoint Release Comprehensive Report on Magecart’s Assault on E-Commerce
Leading Cyber Risk and Intelligence Teams Profile the Criminal Underworld Behind Large-Scale Credit Card Breaches
RiskIQ, the global leader in digital risk management, released a joint report with Flashpoint, the global leader in Business Risk Intelligence (BRI), analyzing Magecart, an umbrella term given to at least seven prolific cybercriminal groups placing digital credit card skimmers on thousands of compromised e-commerce sites.
The first-of-its-kind, in-depth report details seven individual Magecart groups with an analysis of their unique skimmer, tactics, and targets. The paper also analyzes the connection between this web-based activity and a thriving criminal underworld that enables these groups to operate. Readers will learn how Magecart groups monetize their campaigns via the sale and distribution of stolen cards on underground shops and a shadowy supply chain offering skimmer kits and compromised e-commerce sites-as-a-service.
Read More: Interview with Angel Gambino, CEO and Founder of Sensai
The report also builds a timeline of the Magecart phenomenon from the inception of digital credit card skimming to Magecart’s current all-out assault on e-commerce that claimed thousands of small and mid-sized online shops—and several giants—as victims.
“The Modus Operandi of the web-skimming Magecart groups has evolved significantly and has been ramping up over the past two years,” said Yonathan Klijsnma, Head Researcher at RiskIQ. “With the number of criminal groups operating these skimming campaigns, it’s likely one of the biggest threats facing e-commerce right now.”
Read More: Interview with Jeffrey Kofman, CEO and Founder at Trint
“The cybercriminal underground continues to provide a vibrant platform for buying and selling various credit card sniffer toolkits, as well as other critical criminal services meant to cash out the stolen cards,” said Vitali Kremez, Director of Research at Flashpoint. “As we explore these groups, it is important to keep in mind that the most profitable ventures—those that inflict the greatest damage on the e-commerce and financial industry—are run by experienced career criminals who have, over the years, developed extended networks of trusted criminal suppliers.”
The comprehensive report combines RiskIQ’s global surface web visibility, which first exposed Magecart threat activity in 2016 and continues to track it, and Flashpoint’s expertise in monitoring illicit communities, which ultimately reveals the commercial side of Magecart operations. This report provides powerful new intelligence that can help private and public sector organizations, including law enforcement, develop a more effective strategy to counter Magecart’s growing threat.
Read More: The Top 5 “Recipes” That Give AI Projects a Higher Likelihood of Success
RiskIQ, which detects internet-scale threats, is alerted to new Magecart breaches hourly, a clear indication that the group is extremely active and continues to be a critical threat to all organizations offering online payment facilities. With online sales predicted to rise 17-22 percent over the upcoming holiday season, Magecart’s criminal activities may intensify.
Read More: Fluor Uses IBM Watson to Deliver Predictive Analytics Capability for Megaprojects
Copper scrap inspection and grading Copper scrap export services Metal scrap retrieval
Copper cable export, Metal reclaiming Yard, Copper wire scrap