British Airways hackers used same tools behind Ticketmaster breach

The British Airways web hack wasn't an isolated incident. Analysts at RiskIQ have reported that the breach was likely perpetrated by Magecart, the same criminal enterprise that infiltrated Ticketmaster UK. In both cases, the culprits used similar virtual card skimming JavaScript to swipe data from payment forms. For the British Airways at tack, it was just a matter of customizing the scripts and targeting the company directly instead of going through compromised third-party customers.

RiskIQ also suspected that BA may have fallen victim earlier than claimed. While the air carrier said the data was compromised starting August 21st, Magecart received the SSL certificate used in the hack (to pose as a legitimate operation) on August 15th. Unless it simply waited to act, there's a chance it could have been active on the 15th, if not earlier.

It may be difficult to catch the intruders. The hacks have relied on service providers in Lithuania and Romania, and there's a good possibility the culprits are located somewhere else. This shows that the attacks are likely part of a coordinated campaign, however, and suggests that you could see comparable high-profile breaches in the near future.

Via: The Verge

Source: RiskIQ



via Engadget RSS Feed https://ift.tt/2N8QEmX
RSS Feed

If New feed item from http://www.engadget.com/rss-full.xml, then send me


Unsubscribe from these notifications or sign in to manage your Email Applets.

IFTTT

Comments

Popular posts from this blog

Evernote cuts staff as user growth stalls

The best air conditioner

We won't see a 'universal' vape oil cartridge anytime soon