Leading Cyber Risk and Intelligence Teams Profile the Criminal Underworld Behind Large-Scale Credit Card Breaches
RiskIQ, the global leader in digital risk management, released a joint report with Flashpoint, the global leader in Business Risk Intelligence (BRI), analyzing Magecart, an umbrella term given to at least seven prolific cybercriminal groups placing digital credit card skimmers on thousands of compromised e-commerce sites.
The first-of-its-kind, in-depth report details seven individual Magecart groups with an analysis of their unique skimmer, tactics, and targets. The paper also analyzes the connection between this web-based activity and a thriving criminal underworld that enables these groups to operate. Readers will learn how Magecart groups monetize their campaigns via the sale and distribution of stolen cards on underground shops and a shadowy supply chain offering skimmer kits and compromised e-commerce sites-as-a-service.
The report also builds a timeline of the Magecart phenomenon from the inception of digital credit card skimming to Magecart’s current all-out assault on e-commerce that claimed thousands of small and mid-sized online shops—and several giants—as victims.
“The Modus Operandi of the web-skimming Magecart groups has evolved significantly and has been ramping up over the past two years,” said Yonathan Klijsnma, Head Researcher at RiskIQ. “With the number of criminal groups operating these skimming campaigns, it’s likely one of the biggest threats facing e-commerce right now.”
“The cybercriminal underground continues to provide a vibrant platform for buying and selling various credit card sniffer toolkits, as well as other critical criminal services meant to cash out the stolen cards,” said Vitali Kremez, Director of Research at Flashpoint. “As we explore these groups, it is important to keep in mind that the most profitable ventures—those that inflict the greatest damage on the e-commerce and financial industry—are run by experienced career criminals who have, over the years, developed extended networks of trusted criminal suppliers.”
The comprehensive report combines RiskIQ’s global surface web visibility, which first exposed Magecart threat activity in 2016 and continues to track it, and Flashpoint’s expertise in monitoring illicit communities, which ultimately reveals the commercial side of Magecart operations. This report provides powerful new intelligence that can help private and public sector organizations, including law enforcement, develop a more effective strategy to counter Magecart’s growing threat.
RiskIQ, which detects internet-scale threats, is alerted to new Magecart breaches hourly, a clear indication that the group is extremely active and continues to be a critical threat to all organizations offering online payment facilities. With online sales predicted to rise 17-22 percent over the upcoming holiday season, Magecart’s criminal activities may intensify.