Inside Magecart - their web skimming tactics revealed presented at BSidesLondon 2019

by Terry Bishop,

Summary : Magecart is an umbrella term given to at least a dozen cybercriminal groups that are placing digital credit card skimmers on compromised e-commerce sites at an unprecedented rate and with frightening success. In a few short months, Magecart has gone from relative obscurity to dominating international headlines and ascending to the top of the e-commerce industry's public enemy list.Responsible for recent high-profile UK breaches of British Airways, Sotheby’s, Cancer Research UK and Vision Express UK in which its operatives intercepted thousands of consumer credit card records, Magecart is only now becoming a household name. However, its activity isn't new and points to a complex and thriving criminal underworld that has operated in the shadows for years.In this session we'll cover the evolution of the groups from 2014/2015 to the present day, detailing their the current tactics and techniques used to compromise website JavaScripts.