Magecart Attacks Hit Hundreds Of US Restaurants

Security researchers have found two separate Magecart campaigns that are targeting online ordering platforms in the US. These campaigns are designed for financial gain using Magecart e-skimming software  which enable criminals to exfiltrate payments card details. The attacks have affected at least 311 US restaurants by injecting the software into three platforms - MenuDrive, HarborTouch, and InTouchPOS - all popular domains that host restaurant websites. 

According to Recorded Future, some of those restaurants remain infected and the malicious domains remain active.

As many as 50,000 payment cards have already been identified on the Dark Web as originating from this campaign, and many more may have been exposed. The first campaign targeted MenuDrive and Harbortouch. The campaign began in January 2022 and the attackers hit a large number of partner restaurants using the domain’s services. 

Online ordering platforms for restaurants enable customers to make online food orders and allow restaurants to outsource the burden of developing an ordering system. 

While  well-developed online ordering platforms like Uber Eats and DoorDash dominate the market, there are hundreds of smaller online ordering platforms that serve small, local restaurants, and even small-scale platforms may have hundreds of restaurants as clients. As a result, online ordering platforms have become a high-value target for threat actors conducting Magecart e-skimmer attacks because compromising a single online ordering platform typically results in the exposure of online transactions performed at a significant portion of the restaurants that use the platform.

The second campaign began no later than November 12 2021 and impacted 157 restaurants using InTouchPOS and is thought to have been perpetrated by the same criminals. In total, over 400 e-commerce websites have been infected  since May 2020 and the malicious software could still be present on some of the websites. Customers are advised to be cautious of using their payment card on these sites as the effects of the campaign are not fully mitigated.

When even a single platform is attacked, dozens or even hundreds of restaurants can have their transactions compromised, which allows cyber criminals to steal vast amounts of customer payment card data disproportionate to the number of systems they actually hack. 

With these risks of Magecart and digital supply chain attacks it is suggested that e-commerce companies, such as restaurants, food delivery companies and their payments providers employ focused solutions to protect users’ accounts. 

Recorded Future:   Oodaloop;   Infosecurity Magazine:   SC Magazine:   KonBriefing:    Corero:   National News:

You Might Also Read: 

Why Is Retail Cyber Security So Weak?:

 

« Lives Are At Stake As More US Hospitals Are Hacked
Albanian Government Falls Victim To A Large-Scale Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Maureen Data Systems

Maureen Data Systems

Maureen Data Systems (MDS) services cover Data Centres, Cloud Computing, Cyber Security, Mobility, Virtualisation, Managed Services.

GrammaTech

GrammaTech

GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions.

Zymr

Zymr

Zymr specialize in cloud computing solutions including Cloud Security, Cloud Mobility, Cloud Apps, Cloud Infrastructure and Cloud Orchestration.

Kount

Kount

Kount's “decision engine” platform is ideal for managing fraud in online/telephone channels that process payments and onboard new customers.

Sasa Software

Sasa Software

Sasa Software is a cybersecurity software developer specializing in the prevention of file-based network attacks.

The Security Awareness Company (SAC)

The Security Awareness Company (SAC)

The Security Awareness Company provides cyber security awareness training programs for companies of all sizes.

Viasat

Viasat

Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets.

bwtech@UMBC

bwtech@UMBC

The bwtech@UMBC Cyber Incubator is an innovative business incubation program that delivers business and technical support to start-up and early-stage cybersecurity/IT products and services companies.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

Cynexlink

Cynexlink

Cynexlink offers Managed IT Services with Security, Network, Storage & Cloud solutions for all size of business.

CyberCyte

CyberCyte

CyberCyte provides a disruptive built-in integrated physical, network and perimeter security solution framework.

TwoThreeFour

TwoThreeFour

ThreeTwoFour provide tailored cyber security solutions, delivered by highly-skilled, experienced consultants who respond to the real needs of you and your business.

Infostream

Infostream

Infostream is a leading integrator of Digital Transformations Solutions (DTS); Public, Private, and Hybrid Cloud; Cybersecurity; Data Integrity; DevOps, DevSecOps, and Infrastructures.

InterSec Inc.

InterSec Inc.

InterSec Inc. is a cybersecurity company that offers a variety of services to small and medium-sized businesses including CMMC Compliance, Program Management, Governance, & Cybersecurity.

Inside-Out Defense

Inside-Out Defense

Inside-Out Defense is a privilege governance platform built for Continuous Validation of Trust. We make it possible to govern access privileges in real-time across your multi and hybrid environments.

ITQ Latam

ITQ Latam

ITQ Latam are specialists in cybersecurity, in a convergent ecosystem of technological solutions in infrastructure, cloud and security networks.