The UK's National Cyber Security Centre (NCSC) recently warned owners of more than 4,000 online stores that their websites were affected by Magecart's attacks and would steal payment information from customers. Magecart attacks, also known as web theft, digital theft, or electronic theft, inject scripts known as credit card thieves into the compromised online store to harvest and steal payments and/or personal information submitted by customers on the checkout page.
Image from Picserver
Attackers will then use this data for various financial and identity theft fraud schemes, or sell it to the highest bidder on hackers or swipe forums. The NCSC said that as of the end of September this year, 4151 online stores had been found to have been attacked and alerted retailers to these security vulnerabilities.
Most of the online stores discovered by the NCSC for stolen goods were compromised through a known vulnerability in the popular e-commerce platform Magento. Since April 2020, the NCSC has monitored these stores and issued warnings to website owners and small and medium-sized businesses (SMEs) after discovering compromised e-commerce sites through its proactive cyber defense program.
Affected online retailers were urged to upgrade magento — and any other software they use — to the latest state to stop attackers from attempting to hack into their servers and compromise information from their online stores and customers during Black Friday and Cyber Monday.
Sarah Lyons, deputy director of the NCSC responsible for the economy and society, said: "We want small and medium-sized online retailers to know how to prevent their websites from being exploited by opportunistic cybercriminals during peak shopping periods. It's important to keep the website as secure as possible, and I urge all business owners to follow our guidelines and make sure their software is up to date."
The agency also offers guidance to individuals and families who want to shop safely online, advising them to shop only in trusted online stores, make online payments with credit cards, and always pay attention to suspicious emails and text messages that don't seem too good to be true. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also provides security tips on how to stay safe while shopping online.