When it comes to the security of websites, and security in general, there is a lot of focus on catchy names for things, not a lot on actual security. A great example of that is Magecart. What is Magecart? Well, it really isn’t anything. Instead, it is a term used for a whole host of different things, which makes it useful selling security services and creating press coverage, but not for actually resolving the underlying issues.
Here is one description of Magecart from security news outlet, CSO Online:
Magecart is a consortium of malicious hacker groups who target online shopping cart systems, usually the Magento system, to steal customer payment card information.
Elsewhere, a security news outlet described it as being competing groups:
here’s no clearer indicator that the Magecart scene is getting crowded than discovering that some groups are now sabotaging each other’s code
Elsewhere it is described not as an entity, but as a type of attack:
Every day we hear about some new threat or vulnerability in technology, and the data harvesting attack known as “Magecart” is the latest threat.
Elsewhere, in a security news outlet that is part of a security company, you will find it claimed that only impacts Magento websites:
But the very next paragraph mentions “high-profile targets”, which didn’t run on Magento:
Once believed to be the work of a single cybercrime gang hitting high-profile targets including Ticketmaster and British Airways, Magecart-style attacks have now evolved and have been adopted by numerous threat groups.
We could go on, but you get the point.
What You Can’t See is Ignored
Even what you can detect is only the end result of a hack, so while you will find lots of stories about Magecart, there is very little on how the hack occurred. If you don’t focus on how they occurred, they you are not likely to address those issues. Not surprisingly, the hacks keep occurring. That is bad for just about everybody except the people pushing the Magecart narrative, since security companies can sell more products and services this way (which don’t resolve the issue seeing as the hacks continue) and journalists get easy stories.
Indirect Protection at Best
With e-commerce displaying no signs of slowing down since the start of the COVID-19 pandemic, the Magecart cyber-criminal syndicate is thriving. By evolving their web skimmers to become harder to detect and avoid, they have been successful in breaching several high-profile businesses.
After years of discovery and research by the cybersecurity industry, we are at a stage now where companies have started looking for effective protection against this serious threat. Typically, when security teams understand how web skimming attacks operate and how they take advantage of the huge security blindspot that is the client-side, they first turn to CSP (Content Security Policy).
Focusing on the client-side would be, at best, an indirect way to handle this and wouldn’t handle the situation at all if hacker collects the data when it is submitted to the website. There is simple reason why that person might present that as the focus, the company they work for provides client-side solutions.
Need Help Securing a Magento Website?
If you have a Magento website that is hacked, we can help you to actually get it cleaned and secured. If need someone to handle keeping Magento up to date, which goes a long way to keeping it secure, we can take care of that for you.