Some of the world’s largest companies in retail, banking, healthcare, energy, and many other industries including Fortune 500, Global 500 and governments fail to prevent attacks Magecart, revealed a Cyberpion study.
Research has analyzed over 30,000 vulnerabilities over the past two years and found significant weaknesses in modern security platforms and processes to identify and mitigate exploits related to Magecart attacks.
There have also been serious gaps in disclosing to their customers any vulnerabilities or security exploits occurring along their digital supply chains, putting all connected organizations at risk of breach.
Data skimming technique has become an unstoppable threat
Web skimming continues to be a real threat to merchants and online shoppers, with attacks severely affecting organizations such as British Airways and Ticketmaster in 2018, Forbes in 2019, as well as local US government portals. and the Telegram 2020 messaging service.
“Our conclusion from the analysis is that to date, organizations fail to deal with Magecart threats and detect vulnerabilities and exploits that hackers exploit to carry out these attacks,” said Cyberpion CEO . Nethanel gelernter.
“Victims are often the last to know, because it is only later that organizations find out that their data has been sold or exploited, with the problem extending beyond a simple supplier or customer relationship. For businesses in particular, Magecart attacks represent a significant challenge because it is problematic to implement a large-scale solution.
Magecart vulnerabilities still plague websites and apps
- At least one of the top five companies in many verticals – retail, insurance, financial services, pharmaceuticals, media, security and others – has been found to be vulnerable or abused.
- More than 1,000 online stores are vulnerable, exposing their customers to skimming. Some of the most popular international newspapers have proven to be vulnerable, often through their home page.
- Some vulnerable or abused companies use anti-Magecart solutions, but these could be bypassed.
- Vendor infrastructure exposes many other organizations connected to Magecart, but vendors often do not notify them early enough for them to take preventative action. In one case, a leading online advertising network reached 15 global insurance brands alongside hundreds of other companies.