Magecart Swoops in to Strike Atlanta Hawks Shop

Written by

The online shop for the Atlanta Hawks currently states that it is temporarily down for maintenance, and according to Sanguine Security, the ecommerce site is the latest victim of a Magecart attack.

In the wild, hawks hold their place at the top of the food chain. On the court, the Atlanta Hawks boast 29 wins for the 2018–2019 season. The ecommerce store, though, reportedly has a weak link in its supply chain.

"Yesterday, we were alerted that the host site for HawksShop.com was subject to an isolated attack," a spokesperson for the Hawks organization said. "We take these matters of security and privacy extremely seriously. Upon receiving that information, we disabled all payment and checkout capabilities to prevent any further incident.

"At this stage of the investigation, we believe that less than a handful of purchases on HawksShop.com were affected. We are continuing to investigate and will provide updates as needed."

According to an April 23 post, Magecart thieves injected a payment skimmer in the online store of the Atlanta Hawks. 

As many online stores do, the Atlanta Hawks shop also runs Magento Commerce Cloud 2.2, a commonly used enterprise-grade e-commerce system, owned by Adobe. While Magento itself is quite secure, attackers often use insecure third-party components to gain access to the core of the shop system,” Sanguine Labs wrote.

Leveraging vulnerabilities in third parties has proven successful for the Magecart group, which is also reportedly responsible for infecting hundreds of websites via supply chains. “Cyber-criminals have found that this card-skimming malware is stealth and effective in securing credit card information off of websites. This payment card information can have a huge impact on customers, far beyond the unauthorized use of their cards,” said Ryan Wilk, VP of customer success for NuData Security, a Mastercard company.

“Payment card information, combined with other user data from other breaches and social media, builds a complete profile. Using these real identities, and sometimes fake identities with valid credentials, allows cyber-criminals to take over accounts, apply for loans and much more. This is why more companies today are implementing user verification platforms that include passive biometrics that verify users based on more parameters than just their personally identifiable information.”

Sanguine Labs reported that the time frame for detection is small, with new attacks being discovered each week. In addition to using automation to identify and prevent attacks, “passive biometric technology is making stolen data valueless by verifying users based on their inherent behavior instead of relying on their data. This makes it challenging for bad actors to access illegitimate accounts, as they can't replicate the customer’s inherent behavior,” Zuk said.

What’s hot on Infosecurity Magazine?