As we enter the holiday season and with Black Friday and Cyber Monday behind us, C8 has engaged in a flurry of activity with many of our cyber security clients as we have warned about the perils of online shopping and increased credit card activity. It’s a fact that crime of all kinds increases during the holiday season and in particular over the years we have seen a sharp uptick in cyberattacks.
The recent Marriott Hotel breach is a sombre example amongst many, whereby an end user (i.e. Marriott) has fallen foul of a 4-year breach – with the data of 500 million guests being stolen.
Inside the Magecart Report
To this point we recently released the Magecart report, which was jointly authored by our client, business risk intelligence company Flashpoint, and cyber security company, RiskIQ. The Inside Magecart report profiles the groups behind the front-page credit card breaches and the criminal underworld that harbours them, providing in-depth details on a number of criminal groups.
For those less familiar, Magecart is an umbrella term given to at least seven cybercriminal groups that are placing digital credit card skimmers on compromised e-commerce sites at an unprecedented rate and with frightening success. Responsible for recent high-profile breaches of global brands Ticketmaster, British Airways and Newegg, Magecart is only now becoming a household name. However, its activity isn’t new and points to a complex and thriving criminal underworld that has operated in the shadows for years.
The report provides the Magecart backstory with Magecart beginning from a single group in 2015 that compromised the National Republican Senate Committee and international sports/fashion brands.
The report details the current six actor groups that make up the majority of Magecart attacks, from the high-profile group that hits numerous global brands, to groups hitting payment processors and supply chains with varying levels of advanced capabilities and targeting. It maps the underground supply chain and cash out ecosystem, including shops selling skimmers, carding shops and mule/drop projects. It details disruption efforts being taken to slow the spread of attacks and advice for retailers on how to stay vigilant.
Pitching to the Media
C8 was tasked with pitching this high profile story out to broadcasters, nationals and our trades and we were delighted to secure a number of top hits including: The Telegraph, The Mail, The Week and some of our most respected trades such as The Inquirer and Infosecurity magazine. Key to pitching the story out effectively was knowing which journalists to target who would be interested in taking the story, but also knowing that those journalists would honour the embargo and not leak our story early.
We are still seeing coverage coming through now and this is just one great example of many different types of reports that we have been pitching to key media at this very busy and lucrative time for the cybercriminal community. Magecart provides a fascinating insight into the criminal underworld, so if you have time over this holiday season do indulge in reading the full report and take heed of some of the great advice!