If you’re up on the latest in cybersecurity, you’ve heard of Magecart, a sort of cybercrime “group of groups” that digitally skims credit card data from compromised ecommerce sites. Widely publicized breaches from companies like British Airways, Newegg, and Ticketmaster are considered to be the work of Magecart, which remains at large, although security researchers are working hard to learn more about the cybercriminals. For instance, RiskIQ, an attack surface management solution provider, published a joint Magecart-focused report at the end of last year that profiled the groups (there are at least seven of them, according to RiskIQ), as well as their common tactics and their typical targets.
In May, Amazon updated its support page dedicated to securing Amazon S3 buckets and objects. The company advises customers to follow the principle of least privilege, granting only the permissions necessary to complete a task and nothing more. It provides instructions for restricting access to S3 buckets and objects and outlines best practices for securing resources, including encouraging customers to continuously monitor their resources and the actions being taken on them (and providing instructions for doing so).
As usual, education and awareness are necessary to stop this Magecart campaign from affecting more S3 buckets and domains. For AWS customers using S3, this means learning about the campaign and following Amazon’s best practices for protecting their digital assets to a T. If your organization discovers a compromised bucket, the moment of discovery is the moment to act. RiskIQ suggests the following steps: figure out what happened and compile a high-level incident description; investigate how the incident happened by checking logs and file modification timestamps; and, finally, determine the breach’s impact. After taking these steps, it’s time to mitigate the issue at hand and take precautions to ensure it won’t happen again. For the current Magecart campaign, the easiest way to prevent another similar breach in the future is to reign in access control and provide write permissions only to approved users.
Want to tweet about this article? Use hashtags #M2M #IoT #5G #AI #artificialintelligence #machinelearning #bigdata #digitaltransformation #cybersecurity #blockchain #security #Magecart #cybercrime #skimming #data #enterprisesecurity #internetsecurity