It has been reported that French fashion online store Sixth June is offering shoppers more than the latest in apparel as the site was infected with code that steals payment card info at checkout. These types of scripts as MageCart because they initially targeted sites using the Magento e-commerce platform. They are also called e-skimmers because they collect data from a card when it is used for online purchases. Similar to the physical skimmers copying card data when used at an ATM to withdraw cash, an e-skimmer reads and stores the info from the checkout page and sends it to the attacker.
Commenting on this, Yossi Naar, Co-founder and Chief Visionary Officer at Cybereason, said “The Sixth June breach is a stark reminder that no matter how much money organisations throw at security awareness training, improving their overall hygiene and strengthening their IT systems, they will suffer data breaches. In an attempt to at least level the playing field, companies need to immediately pay more attention to post-breach detection and mitigation and assume they will be breached and start protecting their data accordingly. A few simple steps include encrypting all data that is deemed sensitive, limiting employee access to networks and reducing large collections of data in widely accessible systems.
(6)
Article Link: http://digitalforensicsmagazine.com/blogs/?p=2856