With the MageCart e-skimmer campaigns targeting three online ordering platforms, MenuDrive, Harbortouch, and InTouchPOS, bank card information of 50,000 customers of 311 restaurants serving in the USA was seized. Online ordering platforms for restaurants allow customers to order food online and outsource the burden for restaurants to develop an ordering system. Due to its widespread use, online ordering platforms have become a high-value target for threat actors carrying out Magecart e-skimmer attacks. Magecart malware is JavaScript code that collects credit card data and other identifying information when online shoppers enter the payment page.

The campaign started on January 18, 2022, targeting 80 restaurants using MenuDrive and 74 restaurants using the Harbortouch platform. InTouchPOS, on the other hand, was targeted by another MageCart campaign on November 12, 2021, which resulted in e-skimmer infections in 157 restaurants using the platform. It was observed that 50,000 bank card information seized in the campaign, which affected 311 restaurants in total, was put up for sale on Dark Web platforms.

magecart e-skimmer attacks targeted 311 restaurants in the usa — MageCart E-Skimmer Attacks Targeted 311 Restaurants in the USA

Advanced digital security technologies must be used to prevent Magecart attacks. Data Breach Monitoring services are a preferable solution to protect e-commerce sites against potential breaches. Additionally, for e-commerce providers, It is recommended to ensure that the software, hardware, and tools being used are up-to-date, request third-party service providers to have their code checked, and apply HTTP Content-Security-Policy principles which provide an additional layer of protection against potential attacks. The precautions that customers using e-commerce services should take in order not to be affected by similar security breaches are as follows;

Personal information should not be entered on unreliable/suspicious websites,
Virtual cards created for e-commerce transactions should be used,
Make sure that the visited page is not a fake domain with a similar name created by threat actors,

IOC findings such as IP addresses and domains known to be used by threat actors in these campaigns should be blocked from security solutions in use.

Harbortouch InTouchPOS MageCart E-Skimmer Attacks MenuDrive

MageCart E-Skimmer Attacks Targeted 311 Restaurants in the USA

MageCart E-Skimmer Attacks Targeted 311 Restaurants in the USA

European Focused Threat Actors – Who Actively Continue Their Strategies

Critical 0-Day Alarm in Microsoft Exchange Server

European Focused Threat Actors – APT Groups

Multiple Vulnerabilities Detected in Solarwinds Orion

Security News – Week 39

Zebrocy Malware Technical Analysis Report

Related Posts

Critical 0-Day Alarm in Microsoft Exchange Server

Multiple Vulnerabilities Detected in Solarwinds Orion

Critical RCE Alarm in Sophos Firewall Solutions

AffectMe: The Critical Vulnerability in Oracle Cloud Infrastructure

We know what hackers know about you

Solutions

Use Case

Partners

Company