Inside Magecart: the history behind the covert card-skimming assault on the e-commerce industry

Wednesday 2 October 12:00 - 12:30, Green room

Yonathan Klijnsma (RiskIQ)



The credit-card-skimming game started with physical skimmers on ATMs and has evolved to memory skimming on point-of-sale terminals. Since 2014, skimmers have successfully been targeting e-commerce platforms at an alarming rate, stealing from consumers shopping in the perceived safety of their own homes. Over the past years, RiskIQ has been publishing details on a set of groups under the umbrella name "Magecart", profiling their attacks on e-commerce businesses from small shops to major online merchants like Ticketmaster and British Airways.

In this talk, we will discuss how the Magecart threat evolved, break down its high-profile attacks in detail, and show how the criminals monetize their plunder. We’ll also explain how their uncanny ability to adapt to their environment and get smarter makes them such a formidable adversary for security teams.

 

Related links

 

Yonathan-Klijnsma-web.jpg

Yonathan Klijnsma

Yonathan Klijnsma is the lead of threat research within RiskIQ and, with the help of RiskIQ's expansive data sets, uncovers and hunts down threats. Both his work and his hobbies focus on threat intelligence in the form of profiling threat actors as well as analysing and taking apart the means by which they perform their digital crimes.

@ydklijnsma


   Read paper    Watch video

Back to VB2019 Programme page

Other VB2019 papers

Curious tale of 8.t used by multiple campaigns against South Asia

Niranjan Jayanand (Microsoft)
Ivan Macalintal (Microsoft)
Debalina Ghosh (Microsoft)

A vine climbing over the Great Firewall: a long-term attack against China

Lion Gu (Qi An Xin Threat Intelligence Center)
Bowen Pan (Qi An Xin Threat Intelligence Center)

VB2019 opening address

Martijn Grooten (Virus Bulletin)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.