Magecart Attacks Hit Hundreds Of US Restaurants

Security researchers have found two separate Magecart campaigns that are targeting online ordering platforms in the US. These campaigns are designed for financial gain using Magecart e-skimming software  which enable criminals to exfiltrate payments card details. The attacks have affected at least 311 US restaurants by injecting the software into three platforms - MenuDrive, HarborTouch, and InTouchPOS - all popular domains that host restaurant websites. 

According to Recorded Future, some of those restaurants remain infected and the malicious domains remain active.

As many as 50,000 payment cards have already been identified on the Dark Web as originating from this campaign, and many more may have been exposed. The first campaign targeted MenuDrive and Harbortouch. The campaign began in January 2022 and the attackers hit a large number of partner restaurants using the domain’s services. 

Online ordering platforms for restaurants enable customers to make online food orders and allow restaurants to outsource the burden of developing an ordering system. 

While  well-developed online ordering platforms like Uber Eats and DoorDash dominate the market, there are hundreds of smaller online ordering platforms that serve small, local restaurants, and even small-scale platforms may have hundreds of restaurants as clients. As a result, online ordering platforms have become a high-value target for threat actors conducting Magecart e-skimmer attacks because compromising a single online ordering platform typically results in the exposure of online transactions performed at a significant portion of the restaurants that use the platform.

The second campaign began no later than November 12 2021 and impacted 157 restaurants using InTouchPOS and is thought to have been perpetrated by the same criminals. In total, over 400 e-commerce websites have been infected  since May 2020 and the malicious software could still be present on some of the websites. Customers are advised to be cautious of using their payment card on these sites as the effects of the campaign are not fully mitigated.

When even a single platform is attacked, dozens or even hundreds of restaurants can have their transactions compromised, which allows cyber criminals to steal vast amounts of customer payment card data disproportionate to the number of systems they actually hack. 

With these risks of Magecart and digital supply chain attacks it is suggested that e-commerce companies, such as restaurants, food delivery companies and their payments providers employ focused solutions to protect users’ accounts. 

Recorded Future:   Oodaloop;   Infosecurity Magazine:   SC Magazine:   KonBriefing:    Corero:   National News:

You Might Also Read: 

Why Is Retail Cyber Security So Weak?:

 

« Lives Are At Stake As More US Hospitals Are Hacked
Albanian Government Falls Victim To A Large-Scale Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Miller Group

Miller Group

Miller Group is an IT managed service provider. We proactively monitor and manage your entire business computer network. Services include backup & recovery and cyber security.

MadSec Security

MadSec Security

MadSec Security is a leading consulting company whose expertise are information and cyber security.

Endian

Endian

Endian’s mission is to provide a secure platform that connects distributed people and things, simplifying the digitalization of businesses.

Maticmind

Maticmind

Maticmind is an ICT System Integrator providing solutions and specialized skills in Networking, Security, Unified Communications & Collaboration, Datacenter & Cloud and Application.

Recruit.net

Recruit.net

Recruit.net allows job seekers to instantly find millions of jobs from thousands of web sites with a single search.

CybExer Technologies

CybExer Technologies

CybExer provide an on-premise, easily deployable solution for complex technical cyber security exercises based on experience in military grade ranges.

Tecnalia Research & Innovation

Tecnalia Research & Innovation

Tecnalia is the largest center of applied research and technological development in Spain, a benchmark in Europe and a member of the Basque Research and Technology Alliance.

Cyber Threat Defense (CT Defense)

Cyber Threat Defense (CT Defense)

CT Defense specialize in penetration testing and security assessments.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

AiCULUS

AiCULUS

AiCULUS is a global technology company that specializes in API security and Risk Management products.

Wayra

Wayra

Wayra connects Telefónica and technological disruptors around the world. As their preferred strategic partner, we scale them up to accelerate their business and ours.

INE

INE

INE is a premier provider of Technical Training for the IT industry.

Aristi Technologies

Aristi Technologies

Aristi provides cybersecurity risk and compliance services to help manage your unique cyber risks, safeguarding your systems and data and complying with government and industry standards.

Lancera

Lancera

Lancera provides growth accelerating Software Development, Web Presence and Cybersecurity Solutions with a focus on customer happiness.

Cyral

Cyral

Easily observe, control, and protect your data endpoints in a cloud and DevOps-first world. Discover Data Mesh Security with Cyral.

ABM Technology Group

ABM Technology Group

ABM Technology Group (formerly True IT) provide business information technology services, solutions, and consulting for small to mid-sized organizations.