RiskIQ finds Ticketmaster breach part of massive credit card skimming campaign affecting over 800 e-commerce sites

ID: 1538323
recent pressrelease next pressrelease

(businesspress24) - London, UK - July 10, 2018 - RiskIQ, the leader in digital threat management, today revealed that its researchers have discovered that the recent breach of Ticketmaster was not a one-off event as initially reported, but part of a massive digital credit card-skimming campaign by the threat group Magecart affecting over 800 e-commerce sites around the world.

The report highlights how Magecart has evolved tactically from hacking sites directly, to now targeting widely used third-party components. This approach grants them access to even more victims-sometimes 10,000 or more instantly. According to RiskIQ researchers, Magecart likely breached the systems of Inbenta and SociaPlus, both third-party suppliers integrated with Ticketmaster websites, and added to or replaced custom javascript modules with their digital credit card skimmer code.

Like physical skimmers that criminals hide in compromised POS machines, gas pumps, and ATMs, digital card skimmers steal credit card data from unwitting customers via scripts injected into e-commerce websites to record the credit card data they enter into online payment forms. Magecart is well-known to RiskIQ, which has been tracking the group''s activities since 2015 and studying how its credit card skimming attacks have been continuously ramping up in frequency, sophistication, and impact.

RiskIQ researchers found that other suppliers, web analytics provider PushAssist, CMS Clarity Connect, Annex Cloud, and likely many others, were also compromised by the Magecart actor. RiskIQ has been tracking a highly-targeted Magecart campaign dubbed SERVERSIDE, which has used access to these third-party components to claim over a 100 top-tier victims including some of the world''s largest online brands.

"While Ticketmaster received the publicity and attention, the Magecart problem extends well beyond Ticketmaster," said Yonathan Klijnsma, Threat Researcher at RiskIQ. "We believe it''s cause for far greater concern-Magecart is bigger than any other credit card breach to date and isn''t stopping any day soon."



Many of the publicly reported breaches are wrongly interpreted as individual events but are in reality part of the SERVERSIDE campaign-and often not individual breaches at all. According to Ticketmaster''s official statement, the breach impacted Ticketmaster International, Ticketmaster UK, GETMEIN! and TicketWeb from February 2018 until June 23rd of 2018, but RiskIQ researchers found evidence the skimmer was active on additional Ticketmaster websites including Ireland, Turkey, and New Zealand since as early as December 2017. RiskIQ researchers also found that the Command and Control server used in the Ticketmaster attack has been active since December 2016.

For a full analysis of this campaign, including a list of compromised components and IOCs, visit the report here: https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/



More information:
http://https://www.realwire.com/releases/RiskIQ-finds-Ticketmaster-breach-part-of-massive-credit-card-skimming



Keywords (optional):

riskiq, ticketmaster, credit-card, skimming, magecart, skimmer, e, commerce, research,



Company information / Profile:

RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence and mitigation of threats associated with an organization''s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, RiskIQ''s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk and take action to protect the business, brand and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures.

Visit https://www.riskiq.com/ or follow us on Twitter. Try RiskIQ Community Edition for free by visiting https://www.riskiq.com/community/

(C) 2018 RiskIQ, Inc. All rights reserved. RiskIQ is a registered trademark of RiskIQ, Inc. in the United States and other countries. All other trademarks contained herein are the property of their respective owners.

PressRelease by

Requests:



PressContact / Agency:

Richard Scarlett, Gemma White, Gabriel Hedengren
Finn Partners
RiskIQ(at)finnpartners.com
020 3217 7060



published by: RealWire
print pressrelease  send to a friend  

Date: 07/10/2018 - 06:52
Language: English
News-ID 1538323
Character count: 3001
Kontakt-Informationen:
Firma: RealWire
Ansprechpartner: Fran Cator Feedback to businesspress24.com about Pressrelease-id:
Stadt: Lincoln
Telefon: +44 (0)1522 883640

Meldungsart: bitte
Versandart: Veröffentlichung
Freigabedatum:
Comments:



Number of hits: 1048

Linking-Tips:



Direct Link to this PressRelease:






We would appreciate a link in your News-, Press- or Partner-Site.

Comments on this PressRelease






All members: 9 251
Register today: 0
Register yesterday: 4
Members online: 0
Guests online: 56


Don't have an account yet? You can create one. As registered user you have some advantages like theme manager, comments configuration and post comments with your name.