Ongoing Magecart Campaign Targets Online Ordering at Local Restaurants

A massive Magecart e-skimmer campaign has siphoned off the payment records of hundreds of restaurants by attacking their online payment platforms. Targets include MenuDrive, Harbortouch, and InTouchPOS, according to a new advisory.

So far, researchers at Insikt Group, Recorded Future’s threat research division, Magecart attackers have posted more than 50,000 stolen order payment records from at least 311 restaurants – and they’re offering them for sale on the underground Web. Researchers warn they expect that number to rise.

The report added that the compromised records include payment card data, as well as billing and contact details.

The three platforms in question are a departure from Magecart’s usual target, the Magento e-commerce platform. During the pandemic, many local restaurants rushed to implement online ordering and payment, and they may not be paying attention to patching vulnerabilities or shoring up security in general for their new lines of business.

“Cybercriminals often seek the highest payout for the least amount of work,” the Tuesday Magecart campaign report said. “This has led them to target restaurants’ online ordering platforms; when even a single platform is attacked, dozens or even hundreds of restaurants can have their transactions compromised, which allows cybercriminals to steal vast amounts of customer payment card data disproportionate to the number of systems they actually hack. “

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

A massive Magecart e-skimmer campaign has siphoned off the payment records of hundreds of restaurants by attacking their online payment platforms. Targets include MenuDrive, Harbortouch, and InTouchPOS, according to a new advisory.

So far, researchers at Insikt Group, Recorded Future’s threat research division, Magecart attackers have posted more than 50,000 stolen order payment records from at least 311 restaurants – and they’re offering them for sale on the underground Web. Researchers warn they expect that number to rise.

The report added that the compromised records include payment card data, as well as billing and contact details.

The three platforms in question are a departure from Magecart’s usual target, the Magento e-commerce platform. During the pandemic, many local restaurants rushed to implement online ordering and payment, and they may not be paying attention to patching vulnerabilities or shoring up security in general for their new lines of business.

“Cybercriminals often seek the highest payout for the least amount of work,” the Tuesday Magecart campaign report said. “This has led them to target restaurants’ online ordering platforms; when even a single platform is attacked, dozens or even hundreds of restaurants can have their transactions compromised, which allows cybercriminals to steal vast amounts of customer payment card data disproportionate to the number of systems they actually hack. “

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

A series of vulnerabilities on the popular asset management platform Device42 could be exploited to give attackers full root access to the system, according...

Top 5 best backup practices

Give yourself peace of mind by implementing a new backup strategy with our tips....

Indian Power Sector targeted with latest LockBit 3.0 variant

Estimated reading time: 5 minutesAfter the infamous Conti ransomware group was disbanded, its former members began to target the energy and power sectors...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!