Magecart attacks hit thousands of UK SMBs ahead of Black Friday

News
By published

NCSC shares guidance to help businesses secure online stores

Someone typing at a keyboard, with an ecommerce shopping cart symbol floating in the air.
(Image credit: Song_About_Summer / Shutterstoc)

The UK's National Cyber Security Centre (NCSC) has warned over 4000 small business websites about the compromised payment portals on their ecommerce platforms, as it put out a guidance for online retailers to help protect themselves and their customers from Magecart attacks.

In a typical Magecart attack, threat actors use a vulnerability in an ecommerce platform to inject a malicious code into the website that will intercept the payment information of unsuspecting customers. The attackers will then use this data for various financial and identity theft fraud schemes or sell it to the highest bidder on hacking or carding forums.

"On Black Friday and Cyber Monday the hackers will be out to steal shoppers' cash and damage the reputations of businesses by making their websites into cyber traps,” shared Steve Barclay, the Chancellor of the Duchy of Lancaster.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

As part of its efforts to protect customers, the NCSC identified and notified 4,151 compromised online shops that were running platforms with security vulnerabilities. 

Batten down the hatches

The compromised shopping websites were identified by the NCSC’s Active Cyber Defence programme, which seeks to remove malicious websites and scams from the internet before they harm the public. 

The majority of the online shops notified by the NCSC had been compromised via a known vulnerability in Magento, a popular open source e-commerce platform.

Besides urging retailers to ensure that Magento, or any other software they use to power their ecommerce websites, is fully up to date, the NCSC guidance also points online retailers to its guidance on running a secure website, including moving businesses from the physical to the digital.

“We want small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period….“It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date,” said Sarah Lyons, NCSC Deputy Director for Economy and Society.

Build a digital moat around your network using one of these best firewall apps and services, and protect your computers against all kinds of cyber-attacks with these best endpoint protection tools

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Casio logo
Casio’s online store hit by bogus credit card stealing checkout form
Concept art representing cybersecurity principles
Cybercriminals cashing in on holiday sales rush
A person holding a credit card in one hand while typing on a laptop keyboard with the other.
Google system abused by hackers to hijack ecommerce stores
A person holding a credit card in one hand while typing on a laptop keyboard with the other.
WordPress users targeted by devious new credit card skimmer malware
A close-up of an interent search bar with &#039;http://ww&#039; visible
Major website hijacking scam sees over 35,000 sites attacked, redirected to gambling sites, so be on your guard
A person holding a credit card in one hand while typing on a laptop keyboard with the other.
European Space Agency hack sees official store hijacked to steal customer details
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Frank Castle pinning Matt Murdock against a locker in Daredevil: Born Again episode 4

What time is Daredevil: Born Again episode 5 going to be released on Disney+?
See more latest
Most Popular
Frank Castle pinning Matt Murdock against a locker in Daredevil: Born Again episode 4
What time is Daredevil: Born Again episode 5 going to be released on Disney+?
AMD Ryzen 9950X
I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.
Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Google Gemini AI
Gemini can now see your screen and judge your tabs
iFi iDSD Valkyrie in gold, on a beige desk
iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting