"Digital Skimming is Now the Preserve of Non-Magecart Groups"
According to new research at RiskIQ, less than a fifth of digital skimming activity at the start of the year was linked to Magecart groups, as cheap tools lowered the barrier to entry for less sophisticated cybercriminals. Researchers analyzed the cybercrime underground and customer environments across the first quarter of 2022 to better understand the latest trends in a market that used to be dominated by Magecart. The researchers found that just 18% of detections in the quarter were traced back to one of the several groups using Magecart skimmers. By contrast, 40% were attributed to “generic, potentially modular, or commodity skimmer kits.” That’s more than double the figure for March 2021. Magecart refers to several distinct cybercrime groups that virtually pioneered the use of malicious JavaScript to steal credit card details. The malicious code is injected onto the payment pages of e-commerce sites either directly or via the victim organization’s supply chain partners. Its name comes from Magento, the first type of third-party shopping software targeted back in 2016. Big-name victims over the years include Ticketmaster and British Airways. The researchers noted that the availability of cheap, easy-to-use skimmers is changing the underground market. The researchers stated that the recent growth of commodity malware and ransomware highlights a natural progression into commodity and kit skimmers. The researchers noted that easily modifiable with high profitability potential, skimmers with relatively simple functionality can be altered in minor ways to suit new criminals. The researchers claimed that this is not to say Magecart is in permanent decline: RiskIQ observed twice as many detections related to Magecart’s C&C infrastructure in Q1 2022 compared to March 2021. Magecart Group 7, Group 12, and Group 8 remain highly active while changing very little in their operations.
Infosecurity reports: "Digital Skimming is Now the Preserve of Non-Magecart Groups"