Australia Bushfire Donors Affected by Credit Card Skimming Attack
Attackers have compromised a website collecting donations for the victims of the Australia bushfires and injected a malicious script that steals the payment information of the donors.
Mike Bittner, director of digital security and operations at The Media Trust, provided the following comments:
“It’s no surprise that bad actors are taking advantage of a large-scale global event that tugs at human heartstrings. They are in it for the money, and these kind of events draw significant online traffic, making websites ripe targets for Magecart and other skimming activities. As evidenced by the 50+ credit card skimming incidents in 2019, digital assets are popular targets due to the extensive use of digital third and Nth parties to enable basic functionality. To make matters worse, the code third parties supply to these sites aren’t within the control of website operators’ IT teams. In fact, those teams have no way of seeing the code without specialized tools and expertise they likely don’t have. These types of attacks will continue–and everyone is vulnerable–until website operators identify and manage their digital third-party vendors.