The attack with Magecart signature reached about 17 thousand domains and, following the usual objective of the group, had as motto to steal information related to credit cards. Preferred targets: e-commerce stores, which the attackers sought to identify by looking for pages with payment forms.
The campaign targeted buckets of Amazon S3, cloud repositories where companies store data from sites they maintain online. The group has been looking for buckets with configuration failures that make them permeable to external access by any user with an Amazon Web Services account.
The repositories under these conditions allowed not only to see all the content stored there, but also to change it and create new, in this case, insert code that helps to discover the type of information the group is looking for. The scheme was discovered by RiskIQ, which estimates the attack has been underway since April.
It is recalled that Magecart's attack on British Airways left the company in bad shape and in the face of the biggest fine ever decreed by the UK privacy regulator since the entry into force of the new General Regulation on Data Protection: 183 million pounds (almost 204 million euros). At stake is the data exposure of more than half a million users following the attack.