Last year, the website of popular photography and imaging retailer, Focus Camera, was hit by MageCart cyber criminals.
Late December 2019, Juniper employee Mounir Hahad, discovered that the site had been hacked after an acquaintance of his had received a notification from their credit card company about a suspicious transaction.
Following a thorough investigation into the acquaintances transaction history, Hahad discovered that the website focuscamera.com had been targeted by MageCart attackers
“I started by adding an item to my shopping cart and proceeded to check out. At that point, a combination of Chrome’s developer tools and wireshark captures were the only tools I needed to identify any unusual connection that should not be happening,” explained Hahad. “Going through the network connections, it didn’t take long to realize that credit card data was being submitted to two different sites.”
In order to hide malicious traffic, attackers had registered the domain “zdsassets.com”, resembling that of ZenDesk’s legitimate “zdassets.com.”
The information stolen included customer names, emails, billing and shipping addresses, phone numbers and card details.
“Based on some DNS telemetry we have access to, this C&C domain has been resolved 905 times since it was created, which may be an indication of the number of victims of this card skimming operation.”
There is a possibility that the same C&C domain is being utilised across other compromised shopping sites, however without any telemetry there is no way to prove this.
Juniper Threat Labs immediately reached out to the site owners after discovering the breach and a couple of days later the malicious code was removed from the site.
“MageCart continues to pose significant risk to online shopping and is expected to be one of the top cyber security stories of 2020. It is possible for site owners to guard against this attack by ensuring the integrity of their site’s source code.”
The post #Privacy: MageCart attackers target retailer Focus Camera appeared first on PrivSec Report.