Businesses incur reputational and financial damages such as loss of customer trust and market share, lawsuits, and punitive regulatory fines.
The breach, analyzed by RiskIQ threat research group in September 2018, was carried out by one of the most sophisticated Magecart cybercriminal groups.
“Many organizations have almost no visibility into their web assets, third-party web resources, and the way their customers and employees interact with them,” said Elias Manousos, RiskIQ CEO and co-founder.
The Verizon report also states: “Payment card web application compromises are well on their way to exceeding physical terminal compromises in payment card-related breaches. Data from one of our contributors, the National Cyber-Forensics and Training Alliance (NCFTA), substantiates this shift appears to have already occurred, and our larger data set is also trending that way.”
The Magecart actors have been active since 2015 and have never retreated from their chosen criminal activity. Instead, they have continually refined their tactics and targets to maximize the return on their efforts.
“Actors like Magecart are responsible for some of the most high-profile breaches in recent history, and thousands of businesses have been targeted with stealthy attacks on their e-commerce web assets,” Manousos said.