The PCI Security Standards Council and Retail and Hospitality ISAC have issued a joint bulletin to warn about the rise of online skimming attacks like Magecart campaigns. Magecart is an umbrella term for various criminal groups that attack web shops with the aim of injecting them with card skimming malware.
The bulletin states that the attacks are very hard to detect. They target e-commerce websites directly or via software libraries provided by third parties that “may not be aware of the risk they create for their customers if they are not focused on security and the potential threats targeting them.”
New data by Malwarebytes shows that in July alone, the security vendor blocked 65,000 Magecart card skimming attempts.