3 Web Third-Party Related Events from the Web You Don’t Want to Miss – October 2019
Welcome to Reflectiz team news pick from September and October 2019. As usual, our staff highlighted few news events, dealing with third-party risks, Magecart attacks and other relevant cybersecurity updates. Read on!
Akamai planned acquisition of ChameleonX shows how serious the Magecart threat really is
First, we would like to wish our friends at ChameleonX good luck for the new planned acquisition of by Akamai. Like ChameleonX, Reflectiz also shares the same landscape and beyond, protecting websites against Magecart threats, offering innovative third-party risks mitigation solutions and defending websites against the credit-card skimming plague. This announcement from Akamai shows once again the importance of third-party risk mitigation as a whole, and why “traditional” security methods need a fresh approach. Even though it is not aiming at us directly, we consider it as vote of confidence on what we, at Reflectiz, do. Indeed, it has been a busy year for us! We have seen how third-party risk issues and Magecart threats became crucial and how the awareness from large scale security enterprises, business partners as well as well as companies we work with and even investors and VCs.
Read more: Akamai – ChameleonX notice
Magecart Credit Card Skimmers are Expanding Their Boundaries
According to recent findings, Malwarebytes and security firm HYAS researchers have found patterns that link Magecart Group 4 with the Cobalt Hacking Group, also known as FIN7 or Carbanak Group.
The Cobalt Group is active from 2015 and like the Magecart skimmers, this group is also financially motivated. The findings indicate that Magecart Group 4 also exploits server side in addition to its client-side skimming activities.
The Magecart escalation doesn’t end with Group 4 and FIN7, while according to IBM Magecart Group 6 is connected with another hacking group – FIN6.
2,086,529 Magecart Attacks and More Interesting Facts
A recent report by RiskIQ indicates that Magecart attacks have crossed the 2 Million mark.
According to the report “among the 2,086,529 attacks, it had detected 18,000 hosts that were directly breached.” Another interesting fact mentioned in the report refers to the average length of a Magecart breach: “The average length of a Magecart breach is 22 days with many lasting years, or even indefinitely”. The report also mentions that the firm has detected 9,688 vulnerable Magento hosts.