Experts Comments On Magecart Attack On Hotel Websites Through The Supply Chain

Roomleader, a digital marketing and web development services provider that helps hospitality companies build out their online booking functionality through their library module which saves viewed hotel information in visitors’ browser cookies, was the victim of a magecart attack according to a Trend Micro Report. The hackers injected malicious code into Roomleader’s “Viewed Hotels” module initiating a supply chain attack that has so far infected two hotel chains, one with 107 hotels in 14 countries and the other has 73 hotels in 14 countries


EXPERTS COMMENTS
Usman Rahim, Digital Security and Operations Manager,  The Media Trust
September 20, 2019
The only way to protect users is to know who’s providing what code and what that code does to users.
Managing the digital supply chain is difficult because it requires the right tools and expertise. When third party code suppliers deliver code to users through browser and not through a tool that the website publisher/owner uses, the owner has little control of what happens and can't monitor when something's afoot. If a third party provides or supports the web application, iframes will fall victim ....
[Read More >>]
Matan Or-El, Co-Founder and CEO,  Panorays
September 20, 2019
To avoid these attacks, organizations obviously need to do a better job securing their own servers.
This latest attack on Roomleader shows that Magecart isn’t going away anytime soon. The attack was designed to steal data from payment forms, including credit card details, names and addresses. To accomplish this, attackers even went so far as to translate their fraudulent forms into eight different languages and create a replacement form that asked for Card Verification Code (CVC) numbers. To a ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article