17000 domains attacked by skimming codes that targeted payment data

Cybercriminals (using Magecart technique) have invaded over 17000 domains with JavaScript files present in misconfigured Amazon S3 buckets and have attacked them with payment skimming codes.

By using programmed attacks that triggered JavaScript code, invasion of such domains were made easier and possible, irrespective of noticing about loaded a payment section or not.

Various websites such as Amazon’s cloud storage were unable to protect their websites access control and the “spray and pray” campaign made most of such disturbing situations.

An investigating company RiskIQ has been observing all Magecart attacks for a longer time and the researcher working in this firm claim that aggravated the discovery of S3 buckets that enabled writing permit to anyone approaching them.

According to Yonathan Klijnsma's points mentioned in a report, over 17000 domains were reported to have been attacked including sites with around 2,000 Alexa ranking. However, only a few of them used JavaScript on payment pages, showing that no payment data would be taken by the skimming code.

Restricting write permissions to authorized persons only in Amazon S3 can help get rid of such attackers and get rid of unofficial editing.


Klijnsma says that not everyone has the capability of changing the content even if a bucket is accessible openly.
The actors behind these compromises have automated the process of compromising websites with skimmers by actively scanning for misconfigured Amazon S3 buckets. These buckets are un-secure because they are misconfigured, which allows anyone with an Amazon Web Services account to read or write content to them.
Willem de Groot, a researcher at Sanguine Security (that tracks skimming, fraud, online transactions), says that automation can be a factor of development for Magecart malware.

Sanguine Security presented a detailed report on Large-scale Magecart campaign these days that attacked almost 962 online websites.

Magecart 7 is said to be the face behind this campaign and this hacker is said to have spoiled various stores in the past, according to Klijnsma.

Magecart Hacking Group Hits 17,000 Domains
Photo: Matejmo / Getty Images

Read next: Gone Phishing: How Email Became The Weakest Link (infographic)
Previous Post Next Post