Bushfire Donation Site Compromised By Cyber Criminals



Hackers have shown that they are severely lacking in both ethics and integrity after compromising the website of a website established to accept donations for victims of Australia’s bushfires.


The news comes via researchers working at Malwarebytes who took to Twitter to announce that an unnamed organisation that was raising money specifically for the victims of the Lake Conjola bushfires became a victim of a digital skimming code that was designed to harvest the credit card details of those generous enough to donate money.


According to InfoSecurity Magazine, “in such Magecart-style attacks, hackers typically inject malicious JavaScript into payment pages to harvest card and personal data as it is entered in by shoppers, or in this case, donators to a worthy cause. It is then exfiltrated to an external domain under the attackers’ control.”


“It’s a tried-and-tested method for data theft that lands the attackers with a complete set of information for each victim, worth more on the dark web than individual components,” Phil Muncaster goes on to explain. “In this incident, the malicious script in question was identified as “ATMZOW” and the known bad domain it exfiltrated data to was spotted as vamberlo.com”



By placing its malicious JavaScript skimmers on online payment forms at massive scale, Magecart is threatening the ability of consumers worldwide to shop online safely.” - RiskIQ



Troy Mursch, who works at cybersecurity firm Bad Packets said on Twitter that he identified the same malicious script on just under 40 other websites.


Deepak Patel, security expert with PerimeterX told InfoSecurity Magazine that some attackers are proving their lack of a moral compas with the latest attack on a good cause.

“Given the lack of visibility into such client-side attacks, the website owners often find out about the data breach days or weeks after the code injection. This extended time allows skimmers to monetize the stolen cards to the fullest extent,” he said.


“Any site that processes user PII and accepts payments should take steps to shore up their application security by tracking and monitoring first- and third-party code execution on their sites in real time,” he added.


According to data from RiskIQ, 2019 eventuated more than two-million Magecart detections, showing that there is a growing trend for cybercriminals to turn to the malicious script to achieve financial gain. In a blog post, RiskIQ said that “Magecart is a rapidly growing cybercrime syndicate comprised of dozens of subgroups that specialize in cyberattacks involving digital credit card theft. By placing its malicious JavaScript skimmers on online payment forms at massive scale, Magecart is threatening the ability of consumers worldwide to shop online safely,” they concluded.

Featured Posts
Recent Posts
Archive
Search By Tags
Follow Us
  • YouTube Best Practice Icon
  • LinkedIn Social Icon
  • Facebook Basic Square
  • Instagram Social Icon
  • Twitter Basic Square

© 2019 by Best Practice

  • White YouTube Icon
  • White LinkedIn Icon
  • White Instagram Icon
  • White Facebook Icon
  • White Twitter Icon