Over the past three years the name Magecart appears regularly in the news surrounding data breaches and is especially relevant as British Airways was recently fined a record £20m for the 2018 data breach that exposed customers’ personal information. However, there is a lot of misunderstanding on Magecart and what it really is.
Magecart is not actually a vulnerability but rather an association of multiple hacker groups. You can think of Magecart as a private cooperative vulnerability and exploit sharing network. Magecart targets popular PHP-based e-commerce platforms such as Magneto and WordPress mainly through code injection giving them full power over a website – which is what makes it so dangerous.
Traditional defenses are reactive, meaning any Magecart attacks that are discovered or get flagged take time to be classified as malicious. In the time between flagging and malicious identification, attackers are still able to inject code that the target system believes is legitimate approved code. To add insult to injury, once Magecart plants scripts in servers and systems, it can be a long time before they are discovered and eradicated. The only way to detect any changes is to compare the entire e-commerce code stack line-by-line to see what has changed.
Fortunately, there is another way to stop these attacks before they start and even detect them when they occur. Polyscripting removes the mechanism that otherwise enable hackers to execute injected code on a server, making this entire threat category futile. Polyscripting transparently scrambles the syntax and grammar of PHP, thereby preventing any non-approved code written in regular PHP, from executing at all.
When a Polyscripting defense works, it enables multiple responses, both short-term tactical, and long-term permanent:
To learn more about Magecart and how Polyscripting mitigates these threats, read our whitepaper Mitigating Magecart.