IT

Magecart attacks Focus Camera

Focus Camera, the photography and imaging retailer, has been hacked by Magecart, a cybercrime syndicate that specializes in digital skimming.  Unveiled by Juniper (https://juni.pr/3aEhFa8), Focus Camera was breached in late December 2019, resulting in customer payment details being compromised.

Commenting on the attack, Fabian Libeau, VP EMEA at RiskIQ (www.riskiq.com) says, “Magecart has been threatening the ability for consumers worldwide to shop safely online for years, by stealthily intercepting their credit card data via their browsers.  In 2020, its credit card skimming tactics will continue to evolve and remain a headline issue worldwide. It is also worth keeping an eye out for possible side moves, from card skimming to more general form skimming, as this would be an easy step for Magecart threat actors to make.”

“Businesses that provide online merchant services, such as Focus Camera, must maintain a continued focus on visibility into their internet-facing attack surface, as well as and increased scrutiny of the third-party services used in their web applications, as these are another common target for Magecart actors.  The continued success of this style of attack calls into question the effectiveness of current security investments in dealing with browser-based attacks," says Libeau.  "What's required is a new kind of monitoring that looks that things from the perspective of the end-user . While the malicious code is hidden on the server, it's execution along with the data exfiltration takes place in the user's browser."