Magecart Attacks Hit Hundreds Of US Restaurants

Security researchers have found two separate Magecart campaigns that are targeting online ordering platforms in the US. These campaigns are designed for financial gain using Magecart e-skimming software  which enable criminals to exfiltrate payments card details. The attacks have affected at least 311 US restaurants by injecting the software into three platforms - MenuDrive, HarborTouch, and InTouchPOS - all popular domains that host restaurant websites. 

According to Recorded Future, some of those restaurants remain infected and the malicious domains remain active.

As many as 50,000 payment cards have already been identified on the Dark Web as originating from this campaign, and many more may have been exposed. The first campaign targeted MenuDrive and Harbortouch. The campaign began in January 2022 and the attackers hit a large number of partner restaurants using the domain’s services. 

Online ordering platforms for restaurants enable customers to make online food orders and allow restaurants to outsource the burden of developing an ordering system. 

While  well-developed online ordering platforms like Uber Eats and DoorDash dominate the market, there are hundreds of smaller online ordering platforms that serve small, local restaurants, and even small-scale platforms may have hundreds of restaurants as clients. As a result, online ordering platforms have become a high-value target for threat actors conducting Magecart e-skimmer attacks because compromising a single online ordering platform typically results in the exposure of online transactions performed at a significant portion of the restaurants that use the platform.

The second campaign began no later than November 12 2021 and impacted 157 restaurants using InTouchPOS and is thought to have been perpetrated by the same criminals. In total, over 400 e-commerce websites have been infected  since May 2020 and the malicious software could still be present on some of the websites. Customers are advised to be cautious of using their payment card on these sites as the effects of the campaign are not fully mitigated.

When even a single platform is attacked, dozens or even hundreds of restaurants can have their transactions compromised, which allows cyber criminals to steal vast amounts of customer payment card data disproportionate to the number of systems they actually hack. 

With these risks of Magecart and digital supply chain attacks it is suggested that e-commerce companies, such as restaurants, food delivery companies and their payments providers employ focused solutions to protect users’ accounts. 

Recorded Future:   Oodaloop;   Infosecurity Magazine:   SC Magazine:   KonBriefing:    Corero:   National News:

You Might Also Read: 

Why Is Retail Cyber Security So Weak?:

 

« Lives Are At Stake As More US Hospitals Are Hacked
Albanian Government Falls Victim To A Large-Scale Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Code Decode Labs

Code Decode Labs

Code Decode Labs provides consulting for IT Technology, Cyber Security, Advanced Defense & Policing Technologies, Intelligent Networks, and Information Security.

DLA Piper

DLA Piper

DLA Piper is a global law firm with offices throughout the Americas, Asia Pacific, Europe and the Middle East. Practice areas include Cybersecurity.

Cipher Security

Cipher Security

Cipher Security provides unique robustness tests and penetration tests, as well as customizable development services for vendors and providers.

CodeOne

CodeOne

CodeOne provides solutions for website and web app security.

Tevora

Tevora

Tevora is a specialized management consultancy focused on cyber security, risk, and compliance services.

IQ Solutions

IQ Solutions

IQ Solutions is a Digital Integrator and an ICT Services Provider, focusing on innovative Cyber Secured ICT managed solutions tailored to the needs of the Maritime Industry.

Crypto4A Technologies

Crypto4A Technologies

Crypto4A quantum-ready cybersecurity solutions significantly improve protection for Cloud, loT, Blockchain, V2X, government and military application deployments.

DataDome

DataDome

DataDome offers real-time AI protection against all OWASP automated threats, including credential stuffing, layer 7 DDoS attacks, SQL injection & intensive scraping.

DreamIt Ventures

DreamIt Ventures

DreamIt Ventures is an early stage venture fund that accelerates startups building transformative tech products in the fields of Healthtech, Securetech, and Urbantech.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

CyberAcuView

CyberAcuView

CyberAcuView is a company dedicated to enhancing cyber risk mitigation efforts across the insurance industry.

Valence Security

Valence Security

Valence manages and secures your Business Application Mesh by delivering visibility, reducing unauthorized access and preventing data loss.

Abu Dhabi Digital Authority (ADDA)

Abu Dhabi Digital Authority (ADDA)

Abu Dhabi Digital Authority enable, support and deliver a digital government that is proactive, personalised, collaborative and secure.

GreenPages Technology Solutions

GreenPages Technology Solutions

GreenPages provide expert strategic guidance and proven cloud-era solutions for our clients. Every day we help organizations leverage the cloud securely with less risk and cost.

Sirti

Sirti

Sirti is Italy's leading technology company in the design and production of network infrastructures and telecoms system integration.