Magecart

Cast your minds back to September 6th 2018 and you may recall that British Airways announced the theft of customers data, including payment information, over about a week in late August. About 380,000 customers had their information lifted from the website, but this wasn’t a typical breach where the company servers were infiltrated, this was more like a purely digital version of the card skimmers that were used to get your card details when you used an ATM.

The hackers used code injected into the payment website to lift your details, including card details and the 3-digit security number, as you entered them direct from the webpage. The code came from infected third party servers that handled part of the payment processing or advertising, and meant that BA’s website was not directly compromised.

The attack, known as Magecart, has been used in similar techniques on other websites previously (Such as Ticketmaster and Feedify) and has been active since 2015.

The attack on BA was much more taylored and made the attack much harder to spot, including the use multiple domain names with genuine SSL certificates, giving the appearance of a genuine trustworthy site. Modern browsers that notify of invalid SSL certificates would have given the payment sight a green light. The network of servers for deploying the rogue code and receiving the stolen data was also highly sophisticated and organised.

Even the infected code, which first checks that a genuine user is loading the page before running the card skimming code (making it harder for web analysts or automated tools to detect the code) showed new levels of organisation.

Protecting yourself

It’s difficult for AV products to spot the code, although many do scan for these types of attacks now. You should consider using a script-blocker, something like NoScript, ScriptSafe or uBlock Origin which prevent third-party scripts from running until you give them permission.

You should also keep a close ene on your bank and credit card statements. Us your providers apps to keep a daily check on transactions, look out for seemingly small transactions, and set alerts for any large transactions. Notify your provider at once if you spot anything you don’t recognise.

#WeCanHelp

If you need help configuring your browser to block third party scripts, or choosing and configuring an antivirus or other security product, contact us today. #WeCanHelp

IT Support and Services for you and your business | DPA2018 & GDPR Compliance | Firewalls | Data Backup | Migration | Data Storage | Networks | WiFi | Workstations | Databases | Servers | Hosted Servers | The Cloud | Mobile Security | Hardware | Operating Systems | Application Management | Advice | VoIP | Remote Access | VPN | Streaming | Broadband | Media Servers | Social Media Training | Business Branding | Safety Online | Software Tuition | Hardware Repairs | Data Recovery | Usage Policy