8/9/19, "Baseball Hall Of Fame Website Hacked With Credit Card Stealing Malware," Forbes, Len Mathews
"On July 21, the National Baseball Hall of Fame inducted its 2019 honorees: Harold Baines, Roy Halladay, Edgar Martinez, Mike Mussina,
Mariano Rivera, and Lee Smith. It's the biggest weekend of the year for
the Hall, and this year it happened to line up with a less joyous event.
Just three days earlier, the Hall of Fame discovered that its online store, shop.baseballhall.org, had been compromised by cyberattackers.
Hackers had injected a malicious script designed to harvest personal
information and payment card details from unsuspecting online shoppers.
The official breach disclosure
is painted with pretty broad strokes. The malicious script, it notes,
was planted some time between November 15, 2018 and May 14, 2019. That means the Hall's web customers may have been targeted for as long as 13 months. Notifications are being sent out to any customers who were known
to have entered personal information during the time the malware was
active on the site.
A Clever Disguise
Whoever planted the script on the Hall of Fame shop took a great deal of care to ensure the malware would avoid detection. One of their tactics: making the card-scraping code appear to be Google Analytics code. The scripts makes several references to GoogleAnalytics and uses
the letters GA repeatedly. The hacker(s) even served up an additional
payload from googletagstorage.com. That may look like an official Google thing, but it's definitely not.
Just One in an Ongoing Series of Attacks
The National Baseball Hall of Fame's web store is not the only site
to have discovered a script injection attack that was stealing data from customers as they checked out. Sophisticated hacking syndicates have
been seeking out vulnerable instances of popular e-commerce solutions.
Security researchers have dubbed these attackers Magecart, and it's believed that there are at least seven distinct groups carrying out the attacks.
Low-level groups take a "spray and pray" approach, while more elite
groups are more selective. Some will target sites with high customer
volumes, others will look for weaknesses in third-party payment
processors that handle checkouts. The most sophisticated Magecart hackers
go after only top-tier targets, which have included Newegg and British Airways.
Hacking activity linked to Magecart dates back to at least 2015, and it shows no signs of slowing down."
No comments:
Post a Comment