If you have been following the news of what has been deemed one of the largest data breaches of the year, the Ticketmaster credit card breach that affected tens of thousands of people in the UK and “some international customers,” you will have likely also caught wind of the recent discoveries that the incident is part of a larger card-skimming campaign. Magecart was identified as the hacking group that hit Ticketmaster as part of a much larger campaign, hacking over 800 ecommerce sites.
News of the original incident by The Register reported that the malware was discovered within a Ticketmaster chat function wherein the malicious code was able to access personal customer information including names, addresses, email addresses, phone numbers, login details, and payment information. The chat software, hosted by third-party Inbenta Technologies, was utilized by several of the Ticketmaster websites. Ticketmaster revealed that this sophisticated malware affected approximately 40,000 victims between September 2017 and June 23, 2018, a formidable 5 percent of their customer base.
The unfolding of these devastating breaches and the connection by intel firm RiskIQ, to a much larger episode of malicious malware activity that has identified PushAssist, CMS Clarity Connect, and Annex Cloud and other organizations as casualties of the credit card skimming attacks. The Magecart campaign called SERVERSIDE uses access to third-party components to generate what is being named the largest credit card breach to date. News that the breach extends to a much a larger scope than originally conceived has additionally included the information that the Magecart servers have been active since December 2016, indicating a likelihood of much more extensive activity than previously discovered.
With the news surrounding this latest breach incident, the real takeaway is a warning around third-party suppliers. Quoted in an article from Threatpost, security manager Jeannie Warner comments:
"In an ideal world, any company that creates applications should empower developers to code with security best practices in mind throughout the entire software development life cycle (SDLC)…[every] plugin which interacts with a transactional site deserves a security review in the decision process (code vs. buy). Hackers are finding that smaller companies that create useful plugin software are even easier to hack than the main site, due to the lack of rigor often found in smaller development shops without a mature SDLC."
Hackers are aware of the disconnect and lack of security assurance in this common scenario involving the interplay between business operations of organizations and the third-party software solutions employed to assist in the supply chain, bringing services to consumers. Contracting outside services is a necessary function for most businesses today and the associated risks that became one of the largest breaches yet in history are a prime example of the modern need to be more diligent than ever about security practices. Be meticulous and have your security operations team audit any third-party web services before allowing them access to your cloud infrastructure.
Vendor security standards should be set with best practices before engaging with third-party services. If you need help with IT management, infrastructure projects, or IT security, engage Crossroads Technologies today. For more information about technology solutions or to speak with our Advisory Services Division, contact us at 1 (866) 216-4366 or email This email address is being protected from spambots. You need JavaScript enabled to view it..
Articles You Might Find Interesting:
7 Things Every CEO Should Know About the Cloud-Video
5 Things Every CEO Should Know About the GDPR
Is Shadow IT Infiltrating Your Business without Your Knowledge?
Your June 2018 Cybersecurity Recap-Video
Share this article: