Media Coverage

In a brand new RiskIQ and Flashpoint joint report, ‘Inside Magecart,‘ we build a timeline of the Magecart phenomenon from the inception of digital credit-card skimming—its evolution from a Cart32 shopping cart software backdoor to Magecart’s current all-out assault on e-commerce that compromises thousands of sites directly and via breaches of third-party suppliers. We’ll also profile the six leading Magecart groups along with notable related unclassified threat groups, highlighting their skimmers, tactics, targets, and what makes them unique. As we felt it was not our position to ingest this data, we partnered with two non-commercial organizations, AbuseCH and Shadowserver, which perform the sinkholing and reporting. We are merely a data provider; they do the heavy lifting.

A joint report released today by cyber-security firms RiskIQ and Flashpoint provides a 60-page deep technical dive into the activities of several cyber-criminal groups that have been active in the past three years hacking online stores to secretly log and steal payment card details entered inside checkout forms. The report refers to these hacks and cyber-criminal groups using the term Magecart. RiskIQ, the company that’s been tracking most of these attacks since 2015, says it’s currently working with AbuseCH and the Shadowserver Foundation to take down the server infrastructure of most of these groups.

National Vulnerability Databases (NVDs) can be slow and miss things. Use these sources to supplement your threat and vulnerability intelligence efforts.

Keeping the Internet hygiene good can be challenging. There is a lot of badness around, harming not only internet users, organisations or corporate networks but also services that rely on the internet and sometimes even the integrity and stability of the internet itself. It is therefore essential to keep a certain level of internet hygiene. Among other things, internet services providers (ISPs) and national computer emergency response teams (CERTs) try to achieve that by collecting information about infected computers (so-called “bots”) in order to notify the associated broadband subscriber or network owner about compromised machines. To deliver information about infected machines to network owners and national CERTs, abuse.ch partners with Shadowserver and Spamhaus.

Sergey Yarets, also known as Ar3s, a hacker arrested last year for running an instance of the Andromeda botnet, was released by Belarusian authorities with nothing more than a slap on the wrist. Authorities dropped all charged after Yarets cooperated with investigators, and after he handed over all the profits he made from renting the Andromeda botnet to other cybercriminals. The sum accounted to around 11,000 Belarusian rubles (~$5,400).

In an amusingly told, but ultimately worrying presentation Mirko Manske, first detective chief inspector from the German Federal Criminal Police Office detailed how he – and a cast of what seemed like thousands, tracked down and ultimately incarcerated the cyber-criminal who caused telecom services to crash for 1.2 million Deutsche Telekom users.

Everyone is talking about VPNFilter, but there is little information to know if my customers, my staff, or my own home is at risk? How do can I get plugged in? Understanding if you are at risk would be helpful to know if you need to drop everything and fix it now, fix it this weekend, or not worry about a fix.

The Justice Department announced Wednesday that it had seized an internet domain that’s at the center of a Kremlin-backed hacking campaign, largely thwarting the potential weaponization of a network of more than half a million web-connected devices across the globe, experts say. The network of infected devices, or botnet, was one of the largest of its kind, cybersecurity experts say, and capable of intelligence gathering as well as disruptive denial-of-service attacks, which could have cut off internet access to hundreds of thousands of people. The Shadowserver Foundation, will work to scrub and restore them, the Justice Department said.

If you’ve been reading the news lately, you might have seen headlines like “FBI to America: Reboot Your Routers, Right Now” or “F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware”. These headlines can be pretty alarming, and you may find yourself thinking, “things must be pretty bad if the FBI is putting out such an urgent warning.”

The FBI is urging small businesses and households to immediately reboot routers following Cisco’s report that 500,000 infected devices could be destroyed with a single command.