How to Protect Against Magecart

How to Protect Against Magecart

This topic has been getting a lot of interest this year. Amid the COVID-19 crisis, Magecart attacks are rising. In fact, over the weekend of September 11th, the largest Magecart attack ever recorded took place- hacking almost 2000 online stores that were on Magento 1.

With online shopping at its highest ever and the holiday shopping season approaching, it will continue to hurt businesses and customers alike. With Magecart attacks being the current biggest threat to cyber commerce in 2020 it's imperative to understand how to protect against Magecart, especially for those still utilizing Magento 1.

What are Magecart Attacks?

Magecart is an umbrella term for at least seven known different cybercriminal groups. These groups skim data, ultimately looking to grab customer credit card numbers or other personal information that they can use and sell on the dark web. 

With digital commerce on the rise, brands are innovating faster than ever to keep up with competitors. Unfortunately, quick innovation can also mean speed bumps along the way. In order to create a rich interactive user experience, we have shifted from the server-side to the client-side to do this. All the code that used to run in well-secured data centers, now this code is running on your user's browser, meaning you don’t have the front end visibility to the user's data any longer. 

Many brands are using 3rd party scripts to create the best user experience possible.  These third-party providers can unknowingly expose a site to a Magecart attack without the site owner even knowing. 

It takes on average 22 days to detect Magecart attacks. They use client-side browsers to access information, making them hard to detect because the site owner can’t always see what's happening. Over 2 million incidents have already been detected, hitting approximately 20,000 websites and domains, including some very big brands in retail. 

Why and How Do Magecart Attacks Happen?

Magecart is a danger to all businesses, with the COVID-19 pandemic increasing the surge in these cyber attacks. Let’s dig into why and how these attackers are able to get in.

There is a number of ways Magecart Attackers can get in. First party scripts is a traditional security hack where someone is gaining access to a system or server inside your environment. Commonly used open-source libraries can also become compromised by attackers inserting Malware without detection. Third-party scripts are also an often used gateway because the majority of eCommerce sites now use them. These scripts are a lucrative target for hackers because they can comprise a number of domains in one stroke.

How many third party services are present on your eCommerce website?

Detecting Magecart Attacks

Detecting Magecart attacks can be very difficult because you can’t always see them. This is a sophisticated eco-system of hackers for a few reasons.

  1. Highly obfuscated code- this means they are running the malicious code through their engine and they are completely modifying the code. A human wouldn’t readily know what this code is doing.
  2. Mimicking known domains- they often use known domains with small changes that the human eye can easily miss. 
  3. Tripwire mechanisms- Malware can often sense if it's being watched or not, so it won’t show. Instead of you watching them, it turns into them watching you.  

Make sure your eCommerce site is secure.

Contact Us.

Keep reading to learn about how to prevent Magecart Attacks in 2020.

Common Solutions to Detect MageCart Attacks

You can’t detect what you can’t see. However, there are several common methods available to detect attacks.

  1. Inspect code in build and deploy: This is still a very important step in detecting MageCart attacks, but it isn’t the only approach you should take. Take time for early detection before hitting production because changes in production can spot vulnerabilities. The downside is that this malicious code can be activated client-side, which you won’t have eyes on. 
  2. External scanners: These scanners or bots will provide ongoing monitoring, pretending to be a user basically. You can run this as often as you want and it can help flag vulnerabilities. The challenge with this approach is a lot of Magecart malware is highly conditional. For example, they will only load malicious scripts on every 1000th user. If your scanner isn’t the right user it will not see the malware. It is an alert solution, but it won’t mitigate.
  3. Content security policies: Client browsers can be sent a set of security policies of what it can and can not do. This is a great approach if your site isn't often changing and does not carry third party code. It allows for a strict code review process. However, it is difficult for eCommerce sites because of the continuous optimization and third parties needed. 

Required Capabilities to Prevent Magecart Attacks in 2020

In order to prevent Magecart attacks from happening to your site, you need to have several capabilities in place. This will allow you to captures the full context of what is going on with your web application.

  1. Detection of when your site starts changing
  2. Alerting on JS behavioral anomalies that are indicative of an attack
  3. Live Monitoring of JS actions to understand timelines

Protect Against Magecart Attacks With Echidna

How confident do you feel about your current solutions preventing you against Magecart Attacks? It’s okay to answer unsure. If you aren’t confident or not sure, contact the experts at Echidna today to see what the right approach for your business is. Our senior developers ensure security patches have applied properly and examine vulnerabilities common to your eCommerce platform, detecting viruses and malware before they become problematic. As a result, you can reduce the possible impact caused by a breach to minutes instead of days, weeks, or even months.

Contact Us.