1) direct entrance ( exploiting bugs or non-updated software, trying password-username combinations)
2) getting in through 3-party distributors / partners.
Use Case: Ticketmaster & British Airways
In June 2018 Ticketmaster were hit by a massive cyper attack. They got a £5 million fine for the data breach and up to 40.000 UK Ticketmaster customers were believed to have had some personal information stolen. (650 customers that directly stood up in court having their money stolen). The breach was not discovered by Ticketmaster for months and they discovered it only when banks started to speak out about money being stolen. Ticketmaster did not notice because everything in their system was up to date and there was no indicators of any attacks. Not until they found out that the attackers got in though a 3-party supplier known as Inbenta. Later RiskIQ announced that the attacks were done by a group named “Magecart”. (known by RiskIQ), and that the attack is a part of a wider campaign targeting 800 suppliers. Read more
In august 2018 (a month later) British Airways were targeted by the same group (Magecart), and it became one of the biggest breaches in modern history. Magecart set up a custom targeted infrastructure to blend in with the British Airways website and got acces that way. The breach was open for 15 days and 380.000 customers got their card information stolen. The breach was skimming transactions on both pc’s and mobile devices. BA had a massive £183M fine for this, and the event caused a lot of distrust and negative speech, and caused them to lose ~ 50% market value over the next months.
Tip of the iceberg.
These incidents had a lot of publicity and attention, but the Magecart problem extends to e-commerce sites well beyond those, and RiskIQ believes that there are much more to come. They’ve identified 800 victim sites , by that 100 top-tier victims. They get smarter every day and by utilizing 3-party suppliers they can acces very big firms and in some cases instantly get acces to 10.000 victims. It’s spreading faster and wider than ever before. This list contains some of the firms that has been target by Magecart’s eSkimming (June 2018)
2) Detect js-injection
3) Detect eSkimming traces
With CONNECT firms are secured that even if a supplier have a breach, the firm websites and servers can’t be targeted.