University Cyber Security Report: Automated Magecart Campaign Analysis

Verified

Added on 2022/11/19

AI Summary

This report discusses the automated Magecart campaign cyberattack that occurred between January and July 2019, which breached over 960 e-commerce stores. The report details the payment card skimming issue, where Magecart groups injected malware to steal payment data. The attack involved injecting customized JavaScript into websites to create fake credit card payment sections, leading to data breaches including cardholder names, phone numbers, and billing addresses. The report highlights the need for PCI DSS compliance and intrusion protection systems to mitigate such threats. It emphasizes the importance of understanding merchant responsibilities for enhancing infrastructure robustness. The report concludes that the automated Magecart campaign poses a significant threat to business management, emphasizing the need for PCI DSS compliance and NNT implementation to address data breaches. The report provides references to support the findings and analysis of the cyberattack.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: AUTOMATED MAGECART CAMPAIGN
AUTOMATED MAGECART CAMPAIGN
Name of the Student
Name of the University
Author note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1AUTOMATED MAGECART CAMPAIGN
Introduction
This report will be discussing about the cyber-attack that has occurred in between
January and July 2019. The attack that has been considered for completion of the report is
Automated Magecart Campaign that has raised to over 960 stores that has got breached.
Discussion
Large scale payment card skimming movement have recorded breaching over 962 e-
commerce stores. This issue was initially detected by Sanguine Security, which was discovered
by Magneto security. Payment card skimming was the main issue that was faced during
occurrence of the cyber-attack. Magecart campaign had injected 962 payment card skimming
issue. Magecart has been an umbrella for the criminal groups who have been attacking the web
shops. This organization was mainly focused regarding the processing of injecting malware. The
main aspect that is considered in this case is that scanning of the web based domains regarding
specification of vulnerabilities are also performed (Gyódi et al, 2019). Despite commence of the
vulnerabilities research process have not confirmed the flaws. The attack that was performed are
on the stores that are comparatively small in nature. Websites of the stores are performed with
the help of breaching of website. This breaching of website has been the major issue that will
instance the functioning process of business management. Issues have been arisen regarding
processing of payment details which includes breaching of data from full credit card data. Data
regarding name of the owner of the card along with the phone number of the owner. Billing
address of the owner is also fetched during this operation (Hannula 2018). Cyber attackers
introduce customized Javascript in several e –commerce websites. This has been a major
instance that processing of the several websites have been breached. With the help of the
introduction of the customized Javascript performs data breaching. This section introduces fake

2AUTOMATED MAGECART CAMPAIGN
credit payment section and hence this resulted in gathering data collection of the clients from the
e-commerce payment details. This attack is considered as the largest data breaching attack that
includes fetching of data from the payment processes. Before this attack data breaching of a total
of 700 e-commerce stores had taken place (Michels & Walden 2018). As per the data that is
received it is expected that the cyber attackers have had only 24 hours for completing the entire
attack. It is seen that the entire process was performed withy introduction of skimming codes.
After proper analysis the main aspect that is considered for the mitigating this situation is
that proper abidance to the PCI DSS Compliance standard is needed to be maintained (Raulot
2019). With proper maintenance of the intrusion protection system, understanding of the
requirement along with the merchant responsibility is needed to be performed for increasing the
robustness of the infrastructure.
Conclusion
From the above report, it can be stated that processing of business management is always
under the threat of automated Magecart campaign. In case of occurrence of this cyber-attack,
data breaching is the major issue that affects the functional process. It is expected that usage of
PCI DSS Compliance along with introduction of NNT is needed to be performed for mitigating
the issues.

3AUTOMATED MAGECART CAMPAIGN
References
Gyódi, K., Nawaro, Ł., Paliński, M., & Wilamowski, M. (2019). Informing Policy with Text
Mining: Technological Change and Social Challenges. Available at SSRN 3362487.
Hannula, T. (2018). A framework for securing internal business-critical infrastructure services: A
structured approach for reducing systemic security gaps.
Michels, J. D., & Walden, I. (2018). How Safe is Safe Enough? Improving Cybersecurity in
Europe's Critical Infrastructure Under the NIS Directive. Improving Cybersecurity in
Europe's Critical Infrastructure Under the NIS Directive (December 7, 2018). Queen
Mary School of Law Legal Studies Research Paper, (291).
Raulot, A. (2019). Bypassing phishing protections with email authentication.