Europol Highlights Continued Threats, but Magecart Demands Focus on Web Security

Print Friendly, PDF & Email

When it comes to the threat landscape it’s very easy to get distracted by the more eye-catching attacks. But while these might make for good headlines, and could even help some niche vendors to sell “silver bullet” solutions, there’s actually more continuity in terms of the cyber threats facing firms today than one might think. That fact is borne out by Europol’s latest annual Internet Organised Crime Threat Assessment (IOCTA) report. While there aren’t many surprises in there, it represents a sober assessment of the situation on the ground.

Europol’s IOCTA has one goal in mind: “to stop cyber-criminals from making you their next victim.” @philmuncaster discusses the report in this Barracuda blog post. Click To Tweet

If nothing else, it should be another prompt for organisations to ensure they have suitable measures in place to cope with ransomware, DDoS, phishing and the like. This should be complemented by web server and other controls to mitigate an emerging threat to e-commerce providers: digital skimming.

Ransomware set to last

Europol’s IOCTA is a pretty accurate assessment of the past 12 months. It claims to have one goal in mind: “to stop cyber-criminals from making you their next victim.” As such, the warnings are of ransomware as the leading financially motivated attack technique used today, beating banking trojans into second place. Europol claims this trend will continue over the coming years. Exploit kits have continued to wane in popularity of late as social engineering, including phishing, and even brute-forcing of RDP become more popular threat vectors. Crypto-jacking and mobile malware are emerging, says Europol, while DDoS is a growing threat thanks to the flourishing cybercrime economy which is making attacks even easier, lower-risk and lower-cost.

In fact, the apparent resilience of the global underground economy should be noted by all security professionals. While there remains a huge enabling dark web platform and a financial incentive for cyber-criminals, attacks will continue unabated. Even though law enforcers have succeeded in some high profile take-downs of late, this has only led to a surge in smaller “vendor shops” and secondary markets catering to specific language groups or nationalities, according to the report.

This makes it more important than ever to ensure your cybersecurity is fit for purpose. But that’s not all. While IOCTA represents a good round-up of recent threat trends, there is one notable omission: Magecart.

'Crypto-jacking and mobile malware are emerging, says @Europol, while DDoS is a growing threat thanks to the flourishing cybercrime economy which is making attacks even easier, lower-risk and lower-cost.' ~@philmuncaster Click To Tweet

Focus on web security

Magecart is the name given to a specific piece of malicious JavaScript code which, when inserted into a target site, works like a digital skimmer, lifting customer card details and exfiltrating them as they are entered. It’s unclear whether the attacks are the work of one group or several. What is more certain, however, is that they have arguably become more sophisticated of late.

Initially the attacks focused on the supply chain, inserted into the JavaScript of third-party providers, such as Ticketmaster partner Inbenta Technologies. One vendor discovered a major campaign using these tactics which it said had affected 800+ e-commerce providers as a result. More recently, the same code has been inserted directly into the websites of some major brands including BA and US retailer Newegg.

Experts suspect some form of cross-site scripting, although it’s unclear exactly how the victim organisations’ web servers ended up getting compromised. That said, it’s probably another good opportunity to revisit some security basics. These include:

  • Pen testing web infrastructure
  • Vulnerability testing and regular patching of servers
  • Employee phishing awareness training/education
  • Log analysis to spot signs of unusual behaviour
  • Multi-factor authentication on admin accounts and restricted access controls/privileges
  • Scanning/assessment of any third-party code
  • Properly configured Content Security Policy (CSP) headers to stop cross-site scripting
  • IPS/IDS to block exfiltration of stolen data to third-party domain

It’s believed that millions of customers may have been affected by these digital skimming attacks. They’re designed to stay hidden, so the hackers can monetise the data before security teams even discover the snippet of malicious code sitting on their site. That’s bad news all around, especially in the new GDPR era.

Magecart most definitely falls under the “eye-catching” category of threats. But attacks are coming thick and fast, so if you accept payments, it’s worth revisiting your web security controls. That said, this multi-layered security message also applies to virtually every threat highlighted by Europol. Ultimately, the extra effort and investment required to mitigate evolving cyber risk is the price we pay for digital transformation. 

For a free trial of Barracuda security solutions, visit

'The leading financially motivated attack technique used today is ransomware, pushing banking trojans into second place.' @philmuncaster on the @europol #IOCTA report dataClick To Tweet


Scroll to top