Forbes hit by Magecart payment card skimming attack

The threat actors behind the Magecart payment card skimming attacks have claimed another high-profile victim. According to researchers and public communications from the financial website Forbes; a Magecart attack occurred on May 15. The attack was first noticed by the founder of Bad Pockets Report and security researcher Troy Mursch. In a tweet, Mursch detailed the discovery of the Magecart attack while simultaneously contacting Forbes.

As reported in an interview that Mursch did with Kaspersky Lab’s Threatpost, the researcher uncovered a script linked to Magecart on Forbes’ subscription page (which is forbesmagazine.com and is different from the main online page forbes.com). The goal of the threat actors was to steal the payment data from any individual signing up for membership to the magazine. The page was then taken down by Forbes but is back up after being repaired by third-party security professionals trained in incident response.

According to Forbes, the company is “fairly confident” that nobody was affected by the Magecart skimmer. Troy Mursch is not quite as convinced as Forbes, however, as a recent tweet stated that “If you made a purchase on the site while it was compromised, your credit-card information was likely stolen.” To be on the safe side, every person that did business with Forbes should check their payment statements for suspicious activity. It is advisable to continue monitoring your account, for some time into the future, as payment data is passed around on the Dark Web for months to come.

Magecart seems unstoppable at this point in the sense that it keeps infecting well-known targets. While incident response teams are able to handle the malicious code once it’s detected, there still is no concrete method of preventing the infection in the first place. Sure, there are steps like securing your first-party code and mitigating third-party risk, but these are not foolproof. In all honesty this is going to be a major headache for security experts as time goes on.

Unfortunately, Magecart is just getting started.

Featured image: Forbes

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Dell launches selection of new PCs, displays, and software

A line of new Dell PCs, with innovative tech capabilities like AI and 5G, are aimed at both personal and…

4 hours ago

Exchange 2010 upgrade: Migrate or export mail to PST and start fresh?

If you’re on Exchange 2010, you will have to upgrade soon. And while starting from scratch with a new 2016…

7 hours ago

How to repair PST files and import data back to Outlook or Office 365

If your business relies on Outlook, you can’t risk losing mailbox data because of PST files corruption. Here’s how to…

3 days ago

Container security rises to meet the challenges of container vulnerabilities

As container technology becomes ubiquitous, container security has become crucial. Here’s a look at some recent innovations in this growing…

3 days ago

Best of CES 2020: Products, innovations, and services

From flying Ubers to rolling robots, CES 2020 had it all — and then some. Here’s a look at some…

4 days ago

Hardening your technology infrastructure in preparation for a DDoS attack

By establishing these 11 appropriate controls beforehand, your organization will be better positioned to withstand and survive a DDoS attack.

4 days ago