Why Modernization Is Not A Good Thing
It is likely that the hackers had access to the BA.com site, and modified the code to insert a backdoor.
Overall the hackers modified the modernizr-2.6.2.min.js script so that it captured a mouse event, and then gathered the form data and sent it to baways.com (and where it even had a digital certificate on the site):
The Magecart group have also been pin-pointed, too, for a recent hack on Ticketmaster, and which was reported on Wednesday 27 June 2018. It affected around 40,000 users, and included credit card payment data, addresses, name and phone numbers.
The detection of the breach was on 23 June 2018, and within dates of the announcement, there were already reports of users being scammed. Every user on the site was then advised to change their password, if they used the same password on other sites. This worried many, as Ticketmaster were hinting that their hashing method used to store password could have been crackable.
It is likely that the breach had been occurring for several months, and it was detected by a third party (Monzo). Monzo have since defined that they detected the frauds on 6 April 2018, and where around 70% of its users who reported a fraud, had also bought tickets (and where just less than 1% of their customers were using Ticketmaster at that time).
Monzo told Ticketmaster about this … and Ticketmaster did very little about it:
Our investigation shows no evidence of a breach, and we don’t believe we’re the source of this’ and now several months later, it comes up that they’ve been breached all this time.
But the statistics were showing that there was an extremely high probability that a hack had occurred. Monzo then issued new cards for all the affected users. The facts are that Ticketmaster had not been hacked, but it was a subcontractor: Inbenta Technologies.
- Continually monitor the usage of pages to spot changes or unusual behaviour.
- Companies processing payments on sites need to have good threat intelligence.
- Sandboxing of the pages to analyse their operation should be run on a continual basis.
- Strong linkages are required with third party organisations, in order to spot credit card frauds at an early stage.