Inside Magecart: the history behind the covert card-skimming assault on the e-commerce industry

Presented at VB2019, Oct. 2, 2019, noon (30 minutes).

The credit-card-skimming game started with physical skimmers on ATMs and has evolved to memory skimming on point-of-sale terminals. Since 2014, skimmers have successfully been targeting e-commerce platforms at an alarming rate, stealing from consumers shopping in the perceived safety of their own homes. Over the past years, *RiskIQ* has been publishing details on a set of groups under the umbrella name "Magecart", profiling their attacks on e-commerce businesses from small shops to major online merchants like *Ticketmaster* and *British Airways*. In this talk, we will discuss how the Magecart threat evolved, break down its high-profile attacks in detail, and show how the criminals monetize their plunder. We'll also explain how their uncanny ability to adapt to their environment and get smarter makes them such a formidable adversary for security teams.

Presenters:

  • Yonathan Klijnsma - RiskIQ
    Yonathan Klijnsma Yonathan Klijnsma is the lead of threat research within RiskIQ and, with the help of RiskIQ's expansive data sets, uncovers and hunts down threats. Both his work and his hobbies focus on threat intelligence in the form of profiling threat actors as well as analysing and taking apart the means by which they perform their digital crimes. @ydklijnsma

Links:

Similar Presentations: