Vision Direct Breach Expanded, Magecart Crawls for Admin Credentials

According to RiskIQ, Group 11 of the Magecart threat group was responsible for a much larger data breach of Vision Direct than initially projected in November. The breach was thought to be confined to their UK website, but has extended to include their websites for Italy, Spain, Ireland, France, Belgium, and Netherlands as well, all of which resolved to the same IP address.  Furthermore, Group 11 is using a new tactic that seeks to gather the credentials of website administrators. The group is utilizing a new keyword filtering method that searches for the words “admin,” “account,” “login,” and “password.” This feature attempts to reach out beyond payment forms to login and administrative pages for information gathering. This new tactic indicates that Magecart poses an increased threat to e-commerce sites. The NJCCIC recommends that site owners avoid using third-party JavaScript when possible and refer to the Security Boulevard article for mitigation techniques to prevent Magecart attacks.

AlertNJCCIC