Magecart hackers compromised the online shop of the
American Cancer Society and may have had access to all online payments made by
visitors. The e-skimming attack was caught early, but it’s not known how much
data was intercepted.
An e-skimming group named Magecart inserted malicious
code into the cancer society’s Cancer.org shop. The sole purpose of the
intrusion was to intercept credit card payments, with personal data most likely
ending up on the dark web.
Magecart is comprised of a series of criminal groups that
focus on e-skimming attacks, designed to infiltrate websites and capture credit
card information. They can gain entry through leaked credentials, a phishing
campaign, or known vulnerabilities found in backend software used by the
companies.
The intrusion was detected by researcher Willem de Groot, who explained to TechCrunch that the attackers mimicked legit analytics code to cover their tracks. Even if the code was obfuscated, the researcher figured out that a third-party server was receiving the information.
The American Cancer Society has yet to make an official
statement, but researchers saw that the small piece of code was removed after a
few days.
Interestingly enough, the FBI recently issued an advisory regarding the potential impact of e-skimming on small and medium businesses. The American Cancer Society intrusion goes to show that all types of organizations, and not just companies, are open to this kind of attack.