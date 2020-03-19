Researchers have uncovered a Magecart Group 8 attack against blender vendor NutriBullet that installed credit card stealing malware on the company’s website. Security experts provide insight into this attack.
EXPERTS COMMENTS
Javvad Malik, Security Awareness Advocate, KnowBe4
March 19, 2020
Magecart attacks continue to inject themselves into payment portals on websites, and show no signs of slowing down.
It is why it's important for organisations to embed a culture of security so that each team takes on the responsibility not just to embed security in design and deployment - but factor in continuous security assurance so that any unauthorised changes can be quickly detected and investigated. The fact that the website has been compromised 3 times in as many weeks would indicate some underlying flaw that needs to be addressed urgently.
Ameet Naik, Security Evangelist , PerimeterX
March 19, 2020
This attack was persistent, with a strong foothold on the website.
Magecart attacks are reaching fever pitch with multiple attackers using a variety of techniques to compromise websites and steal credit card numbers. This data is especially valuable on the dark web since it includes all the other information needed to use a stolen credit card online, such as CVV codes, phone numbers, email addresses and ZIP codes. This attack was persistent, with a strong foothold on the website. The attack kept streaming out the stolen data even after several takedown attempts by a third party. Businesses need to be faster to react to attacks in order to avoid negative brand impact and to ensure the protection of customer data. As most consumers are now shopping from home, keeping a safe online shopping experience is a must to businesses looking for continuity.
