Akamai’s Security Intelligence Group has detected a new Magecart
web skimming campaign that employs “advanced concealment techniques,”
including one involving the targeted website’s default 404 error page.
The technique involves hiding malicious code in a comment in the 404
page. The campaign has been targeting Magento and WooCommerce websites.
The idea is to have the browser executing malicious JavaScript, which means the protection falls to the endpoint, either via disablement of JavaScript or other EDR protections. As a service owner, your best protection is to prevent the addition of the malware via software updates, secure configurations and web application firewalls to intercept attempted malfeasance, rather than rely on the endpoint not executing malicious code. Note that there are now two controls in PCI/DSS version 4.0, intended to address Magecart attacks: requirement 6 "Development and Maintain Secure Systems and Software" and requirement 11 "Test Security of Systems and Networks Regularly." These are currently PCI/DSS best practices, not becoming mandatory until early 2025, you may want to look at early adoption.
The headline doesn’t do this much justice because, on the surface, it appears it’s just a rehash of an older news story that’s been making the rounds forever. However, I'd look through some interesting technical details in this case. The fact that there are several novel variations that attackers are using listed in the article makes for an interesting read.
Read more in:
- www.akamai.com: The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages
- www.darkreading.com: Magecart Campaign Hijacks 404 Pages to Steal Data
No comments:
Post a Comment