Hackers from the Mirrorthief group used a “Magecart” style attack on the PrismWeb eCommerce platform to successfully steal the payment card details from the e-commerce systems of 201 American and Canadian universities. The information stolen includes cardholder names, as well as card numbers, expiration dates, and card verification number’s (CVN). The number of accounts compromised is not currently known.
TrendMicro, a cyber threat and vulnerability company, uncovered the hack.
Magecart attacks place malicious JavaScript code directly onto the checkout pages of eCommerce stores. The code gives fraudsters the ability to collect the data entered onto the pages by shoppers, which can then be re-sold to cyber thieves on the dark web.
“The attacker injected their skimming script into the shared JavaScript libraries used by online stores on the PrismWeb platform,” TrendMicro said in a statement. “We confirmed that their scripts were loaded by 201 campus book and merchandise online stores, which serves 176 colleges and universities in the U.S. and 21 in Canada. The amount of payment information that was stolen is still unknown.”
TrendMicro brought the vulnerability to the attention to PrismRBS, the owner of the PrismWeb platform. In a statement, PrismRBS claims they fixed the problem, and is now taking steps to contact affected customers and inform them their data was compromised.
“We are proactively notifying potentially impacted customers to let them know about the incident, the steps we are taking to address the situation, and steps they can take to protect their end users. We deeply regret any concern or frustration this incident may cause,” the statement said.
Magecart eCommerce fraud attacks are currently on the rise across the internet. However, TrendMicro states their research did not uncover any relationship between this attack and any previously known cybercrime groups. And in a deviation from the norm, the attack specifically targeted the PrismWeb platform and not online payment forms generally.
In its statement, TrendMicro also suggested online fraud prevention best practices merchants can use to protect themselves against Magecart attacks.
“Website owners should regularly check and strengthen their security with patches and server segregation, employ robust authentication mechanisms, restrict or disable outdated components, and habitually monitor websites and applications for any indicators of suspicious activity,” the company said.
Source: