Pinkerton Insights Podcast

Security researchers at RiskIQ in France recently reported a new group as part of the Magecart collective which recently targeted French advertising agency Adverline. The new group, known as Magecart Group 12, conducted their attack by injecting malicious code into a JavaScript library that controls retargeting advertising. The malicious code, similar to previous Magecart attacks, contains a web-based skimmer which steals credit card information. As a result of the attack, Trend Micro identified over 270 e-commerce sites with the skimmer installed, across a range of commerce lines. Some affected sites included those used for travel, cosmetics, healthcare, and apparel. As noted by security researchers, the skimmer code prevents deobfuscation and analysis by conducting frequent internal integrity checks.  We assess that given the ongoing success of Magecart attacks, they will continue in the immediate to long term. Additionally, with a new threat group joining the Magecart collective, we assess it likely that t