The campaign started on January 18, 2022, targeting 80 restaurants using MenuDrive and 74 restaurants using the Harbortouch platform. InTouchPOS, on the other hand, was targeted by another MageCart campaign on November 12, 2021, which resulted in e-skimmer infections in 157 restaurants using the platform. It was observed that 50,000 bank card information seized in the campaign, which affected 311 restaurants in total, was put up for sale on Dark Web platforms.
Advanced digital security technologies must be used to prevent Magecart attacks. Data Breach Monitoring services are a preferable solution to protect e-commerce sites against potential breaches. Additionally, for e-commerce providers, It is recommended to ensure that the software, hardware, and tools being used are up-to-date, request third-party service providers to have their code checked, and apply HTTP Content-Security-Policy principles which provide an additional layer of protection against potential attacks. The precautions that customers using e-commerce services should take in order not to be affected by similar security breaches are as follows;
- Personal information should not be entered on unreliable/suspicious websites,
- Virtual cards created for e-commerce transactions should be used,
- Make sure that the visited page is not a fake domain with a similar name created by threat actors,
IOC findings such as IP addresses and domains known to be used by threat actors in these campaigns should be blocked from security solutions in use.