Magecart - A Growing Threat to E-Commerce Sites
Simon Kenin, Ziv Mador at Global AppSec Tel Aviv 2019
In the last two years, we’ve observed a growing threat for e-commerce sites: Magecart. By using a cocktail of 0-days and known de-serialization bugs in the Magento platform and Magento extensions it managed to impact major web sites such as British Airways, TicketMaster and NewEgg as well many thousands online shops. Attackers compromised third-party servers that hosted JavaScript code that major websites “re-used”, leading the malicious code to run on client computers and skim data directly back to the bad guys. This talk will describe the techniques used by these cybercriminals, discuss the nature of vulnerabilities that allowed these attacks and present possible defense and detection measures.
Simon Kenin
Security Researcher, Trustwave Spider Labs
Simon Kenin is a security researcher in Trustwave SpiderLabs. He’s responsible for vulnerability analysis, malware analysis and developing detection logic for web-based attacks both for server and client sides.
Ziv Mador
VP, Security Research, Trustwave SpiderLabs
Ziv manages the global security research team at Trustwave, covering research areas such as vulnerability assessment and scanning, analysis of attacks against Web servers and Web clients, malware reverse engineering, IDS/IPS research, SIEM correlation and reporting, spam and phishing.
Simon Kenin
Security Researcher, Trustwave Spider Labs
Simon Kenin is a security researcher in Trustwave SpiderLabs. He’s responsible for vulnerability analysis, malware analysis and developing detection logic for web-based attacks both for server and client sides.
Ziv Mador
VP, Security Research, Trustwave SpiderLabs
Ziv manages the global security research team at Trustwave, covering research areas such as vulnerability assessment and scanning, analysis of attacks against Web servers and Web clients, malware reverse engineering, IDS/IPS research, SIEM correlation and reporting, spam and phishing.