Inside Magecart: the history behind the covert card-skimming assault on the e-commerce industry

Wednesday 2 October 12:00 - 12:30, Green room

Yonathan Klijnsma (RiskIQ)



The credit-card-skimming game started with physical skimmers on ATMs and has evolved to memory skimming on point-of-sale terminals. Since 2014, skimmers have successfully been targeting e-commerce platforms at an alarming rate, stealing from consumers shopping in the perceived safety of their own homes. Over the past years, RiskIQ has been publishing details on a set of groups under the umbrella name "Magecart", profiling their attacks on e-commerce businesses from small shops to major online merchants like Ticketmaster and British Airways.

In this talk, we will discuss how the Magecart threat evolved, break down its high-profile attacks in detail, and show how the criminals monetize their plunder. We’ll also explain how their uncanny ability to adapt to their environment and get smarter makes them such a formidable adversary for security teams.

 

Yonathan-Klijnsma-web.jpg

Yonathan Klijnsma

Yonathan Klijnsma is the lead of threat research within RiskIQ and, with the help of RiskIQ's expansive data sets, uncovers and hunts down threats. Both his work and his hobbies focus on threat intelligence in the form of profiling threat actors as well as analysing and taking apart the means by which they perform their digital crimes.

@ydklijnsma



Back to VB2019 Programme page

Other VB2019 papers

APT cases exploiting vulnerabilities in region-specific software

Shusei Tomonaga (JPCERT/CC)
Tomoaki Tani (JPCERT/CC)
Hiroshi Soeda (JPCERT/CC)
Wataru Takahashi (JPCERT/CC)

Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation state adversary

Alex Hinchliffe (Unit 42, Palo Alto Networks)

Let's translate firewall/endpoints for you: XAI on security products

Tongbo Luo (JD.com)
Jimmy Su (JD.com)
Kailiang Ying (Syracuse University)
Xinyu Ma (Flappypig Team)
Zhaoyan Xu (Palo Alto Networks)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.