An ecommerce platform providing payment facilities to multiple high-profile organisations was compromised by a Magecart skimmer for two-and-a-half years.
That's according to Sanguine Security, which claims that the attacker ran keyloggers to intercept customer payment data, adding that the platform had been so open it had multiple threat actors fighting over the platform.
The platform in question supported the online stores of ESPN magazine and US military website Stars and Stripes.
"Based on the code style, the observed malware can be grouped into seven different families of keyloggers. At times, multiple different keyloggers were present concurrently, sending the intercepted customer data to multiple servers across the globe," claims Sanguine.
It added: "The different modus operandi and concurrent theft suggest that numerous hacking factions had access to the platform."
This skimmer was allowed to operate undisturbed for 18 months, but was replaced in July 2018 with a completely different skimmer, according to Sanguine, linked to a popular ‘sniffer' kit that can be bought online for $950.
A month later, it was replaced by a third skimmer, which was replaced less than two weeks later by a fourth.
In total, Sanguine counted eight different skimmers, pointing to multiple domains, with two skimmers operating at the same time at one point.
"We can tie skimmer 1 (webstatvisit.com) to onlineclouds.info, another known skimmer domain that played an important role in a skimming feud that we reported in 2018. In that feud, the onlineclouds operator sabotaged their less-advanced rival. At that time, the onlineclouds.info domain was used to steal data from brands such as Elisabetta Franchi, Everlast and Umbro," reports Sanguine.
The apparent ease with which ecommerce sites can be compromised and the lackadaisical response of ecommerce companies has made web skimming a lucrative crime. Tens of thousands worldwide have been affected, according to security group RiskIQ. Furthermore, Magecart gangs typically operate in countries like Russia, where the authorities will leave them alone as long they don't compromise organisations within their jurisdiction.
More than 100,000 bug hunters have made hacking a full-time career, while for others it's the route into a lucrative IT role
Improperly secured AWS ElasticSearch database contained ‘treasure trove’ of employee data, which may include UK staff
State-backed cyber warfare is intended to sow confusion and disillusion people across the democratic world, writes Professor Peter Cochrane
WhatsApp's private links aren't so private any more
ToTok boomed in popularity in the United Arab Emirates - after the government had banned all other messaging apps