Story image

Ticketmaster breach part of massive digital credit card skimming campaign

12 Jul 18

The recent breach of Ticketmaster was not a one-off event as initially reported, but part of a digital credit card-skimming campaign by the threat group Magecart affecting over 800 e-commerce sites around the world.

Digital threat management company RiskIQ revealed these findings in a report by its researchers today.

According to Ticketmaster’s official statement, the breach impacted Ticketmaster International, Ticketmaster UK, GETMEIN! and TicketWeb from February 2018 until June 23rd of 2018, but RiskIQ researchers found evidence the skimmer was active on additional Ticketmaster websites including Ireland, Turkey, and New Zealand since as early as December 2017.

The report highlights how Magecart has evolved tactically from hacking sites directly, to now targeting widely used third-party components.

This approach grants them access to even more victims - sometimes 10,000 or more instantly.

According to RiskIQ researchers, Magecart likely breached the systems of Inbenta and SociaPlus, both third-party suppliers integrated with Ticketmaster websites, and added to or replaced custom javascript modules with their digital credit card skimmer code.

Like physical skimmers that criminals hide in compromised POS machines, gas pumps, and ATMs, digital card skimmers steal credit card data from unwitting customers via scripts injected into e-commerce websites to record the credit card data they enter into online payment forms.

RiskIQ has been tracking Magecart’s activities since 2015 and studying how its credit card skimming attacks have been continuously ramping up in frequency, sophistication, and impact.

RiskIQ researchers found that other suppliers, web analytics provider PushAssist, CMS Clarity Connect, Annex Cloud, and likely many others, were also compromised by the Magecart actor.

RiskIQ has been tracking a highly-targeted Magecart campaign dubbed SERVERSIDE, which has used access to these third-party components to claim over a 100 top-tier victims including some of the world's largest online brands.

RiskIQ threat researcher Yonathan Klijnsma says, "While Ticketmaster received the publicity and attention, the Magecart problem extends well beyond them."

"We believe it's cause for far greater concern. Magecart is bigger than any other credit card breach to date and isn’t stopping any day soon.”

Many of the publicly reported breaches are wrongly interpreted as individual events but are in reality part of the SERVERSIDE campaign, and often not individual breaches at all.

RiskIQ researchers also found that the Command and Control server used in the Ticketmaster attack has been active since December 2016.

Three ways to improve mental health support in the workplace
“Instead of scrambling into action after a crisis, employers need to be more proactive in supporting employees."
Kordia launches Women in Tech scholarship at the University of Waikato
The scholarship is established to acknowledge and support up-and-coming female talent and future technology leaders.
Samsung joins a global league of AI experts
“As a member of the PAI, Samsung will strive to facilitate the ongoing progress of artificial intelligence.”
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
Kiwis concerned about being scammed – survey
This unease is warranted given the growing sophistication of scammers and their activities, and numbers of attempted fraud.
With a mighty roar, Rocket Lab blasts off to space
Success! It definitely was business time for Rocket Lab yesterday as its Electron launch vehicle blasted off from the Māhia Peninsula yesterday (November 11).
Trust us, we’re Nvidia: GeForce RTX 20-series GPU preview
When I caught up with Brian Burke, Nvidia’s gaming tech PR guy, at PAX AUS in Melbourne, I didn’t hold back. I asked him why should Kiwis part with such a huge amount of money for something that, right now, doesn’t do a lot.
Xiaomi fans bubble over at Mi Store grand opening
The fans filled Auckland’s Westfield Sylvia Park to take advantage of the opening specials and get their hands on some Xiaomi tech.