Magecart attacks hit thousands of UK SMBs ahead of Black Friday

Someone typing at a keyboard, with an ecommerce shopping cart symbol floating in the air.
(Image credit: Song_About_Summer / Shutterstoc)

The UK's National Cyber Security Centre (NCSC) has warned over 4000 small business websites about the compromised payment portals on their ecommerce platforms, as it put out a guidance for online retailers to help protect themselves and their customers from Magecart attacks.

In a typical Magecart attack, threat actors use a vulnerability in an ecommerce platform to inject a malicious code into the website that will intercept the payment information of unsuspecting customers. The attackers will then use this data for various financial and identity theft fraud schemes or sell it to the highest bidder on hacking or carding forums.

"On Black Friday and Cyber Monday the hackers will be out to steal shoppers' cash and damage the reputations of businesses by making their websites into cyber traps,” shared Steve Barclay, the Chancellor of the Duchy of Lancaster.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

As part of its efforts to protect customers, the NCSC identified and notified 4,151 compromised online shops that were running platforms with security vulnerabilities. 

Batten down the hatches

The compromised shopping websites were identified by the NCSC’s Active Cyber Defence programme, which seeks to remove malicious websites and scams from the internet before they harm the public. 

The majority of the online shops notified by the NCSC had been compromised via a known vulnerability in Magento, a popular open source e-commerce platform.

Besides urging retailers to ensure that Magento, or any other software they use to power their ecommerce websites, is fully up to date, the NCSC guidance also points online retailers to its guidance on running a secure website, including moving businesses from the physical to the digital.

“We want small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period….“It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date,” said Sarah Lyons, NCSC Deputy Director for Economy and Society.

Build a digital moat around your network using one of these best firewall apps and services, and protect your computers against all kinds of cyber-attacks with these best endpoint protection tools

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.