{"id":98497,"date":"2019-09-07T12:22:34","date_gmt":"2019-09-07T16:22:34","guid":{"rendered":"http:\/\/rbach.net\/index.php\/"},"modified":"2022-08-09T11:52:30","modified_gmt":"2022-08-09T15:52:30","slug":"2-9m-per-minute-lost-to-cyber-criminals","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/2-9m-per-minute-lost-to-cyber-criminals\/","title":{"rendered":"$2.9M Per Minute Lost to Cybercriminals"},"content":{"rendered":"<p><strong>Updated 10\/27\/2019 &#8211;<\/strong> On October 22, 2019, the <strong>FBI<\/strong> <a href=\"https:\/\/www.fbi.gov\/contact-us\/field-offices\/portland\/news\/press-releases\/oregon-fbi-tech-tuesday-building-a-digital-defense-agaist-e-skimming\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">issued a <strong>warning<\/strong><\/a> about cybercriminals running e-skimming attacks, also known as <a href=\"https:\/\/www.zdnet.com\/article\/how-magecart-groups-are-stealing-your-card-details-from-online-stores\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Magecart<\/strong> attacks<\/a>. These attacks have been happening since 2016, but have intensified during 2018 and 2019. These attacks started out by exploiting vulnerabilities in open-source e-shopping platforms. However, over the past two years, attackers <strong>evolved their attack<\/strong> methodology, and <strong>any online store is now susceptible<\/strong> to attacks, regardless if it runs on top of an open-source platform or a cloud-hosted service.<\/p>\n<p style=\"text-align: center;\">&#8212;<\/p>\n<p><strong><a href=\"https:\/\/www.groupon.ie\/deals\/100-dollar-bill-toilet-paper-roll\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-103264\" title=\"$2.9M Per Minute Lost to Cyber-criminals\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/money_tp-e1567737595968-150x150.jpg?resize=111%2C112&#038;ssl=1\" alt=\"$2.9M Per Minute Lost to Cybercriminals\" width=\"111\" height=\"112\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/money_tp-e1567737595968.jpg?resize=150%2C150&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/money_tp-e1567737595968.jpg?resize=75%2C75&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/money_tp-e1567737595968.jpg?w=416&amp;ssl=1 416w\" sizes=\"auto, (max-width: 111px) 100vw, 111px\" \/><\/a>Cybercriminals cost<\/strong> the global economy <strong>$2.9 million every minute<\/strong> of 2018. This shocking statistic comes from <a href=\"https:\/\/www.riskiq.com\" target=\"_blank\" rel=\"noopener noreferrer\">RiskIQ<\/a>&#8216;s latest Evil Minute report. RiskIQ specializes in online attack surface management, providing threat discovery, intelligence, and mitigation. The San Francisco, CA-based firm figured that a <strong>total of $1.5 trillion<\/strong> was lost to cyber-criminals in 2018. Some of the more ominous info-bits they presented include:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.riskiq.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-103265\" title=\"RiskIQ logo\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/RiskIQ-Logo.png?resize=70%2C67&#038;ssl=1\" alt=\"RiskIQ logo\" width=\"70\" height=\"67\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/RiskIQ-Logo.png?resize=75%2C72&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/RiskIQ-Logo.png?resize=150%2C145&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/RiskIQ-Logo.png?w=437&amp;ssl=1 437w\" sizes=\"auto, (max-width: 70px) 100vw, 70px\" \/><\/a>$25 per minute, the cost to top companies due to security breaches.<\/li>\n<li>$17,700: lost from phishing attacks per minute<\/li>\n<li>$22,184: the projected by-the-minute cost of global ransomware events in 2019<\/li>\n<\/ul>\n<p>Other statistics include:<\/p>\n<ul>\n<li>8,100: identifier records compromised every minute<\/li>\n<li>2.4: phish traversing the internet per minute<\/li>\n<li>0.32: blacklisted apps by-the-minute<\/li>\n<li>0.21: <a href=\"https:\/\/web.archive.org\/web\/20210513152058\/https:\/\/www.darkreading.com\/cloud\/getting-up-to-speed-on-magecart-\/a\/d-id\/1334884\" target=\"_blank\" rel=\"noopener noreferrer\">Magecart<\/a> attacks detected every minute<\/li>\n<\/ul>\n<p>Lou Manousos, CEO of RiskIQ said in the presser, \u201c<em>As the scale of the internet continues to proliferate, so does the threat landscape.<\/em>\u201d<\/p>\n<h3>Magecart hacks<\/h3>\n<p><a href=\"https:\/\/magento.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-103383\" title=\"Magento .logo\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/magento_logo.png?resize=101%2C31&#038;ssl=1\" alt=\"Magento .logo\" width=\"101\" height=\"31\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/magento_logo.png?resize=75%2C23&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/magento_logo.png?resize=150%2C45&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/magento_logo.png?resize=768%2C232&amp;ssl=1 768w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/magento_logo.png?w=894&amp;ssl=1 894w\" sizes=\"auto, (max-width: 101px) 100vw, 101px\" \/><\/a>The report specifically calls out attacks that <strong>target e-commerce. <\/strong>They focus on the <strong><a href=\"https:\/\/web.archive.org\/web\/20220426132701\/https:\/\/www.riskiq.com\/research\/inside-magecart\" target=\"_blank\" rel=\"noopener noreferrer\">Magecart<\/a><\/strong> hacks. Magecart hacks have increased by 20% in the last year. By <a href=\"https:\/\/web.archive.org\/web\/20210516001836\/https:\/\/www.darkreading.com\/attacks-breaches\/ticketmaster-breach-part-of-massive-payment-card-hacking-campaign\/d\/d-id\/1332266\" target=\"_blank\" rel=\"noopener noreferrer\">some estimates<\/a>, the Magecart <a href=\"https:\/\/web.archive.org\/web\/20201102132228\/https:\/\/www.csoonline.com\/article\/3191947\/what-is-a-supply-chain-attack-why-you-should-be-wary-of-third-party-providers.html\" target=\"_blank\" rel=\"noopener noreferrer\">supply chain attacks<\/a> have resulted in the <strong>theft of more credit card information<\/strong> than more infamous breaches at <strong>Home Depot and Target. <\/strong>According to reports, Magecart was behind the 2018 cyber-attacks on British Airways and Ticketmaster which together compromised the info of over 425,000 of the firm&#8217;s customers.<\/p>\n<p>Magecart attack is a <strong>credit card skimmer<\/strong> that intercepts card numbers and information when a payment card is swiped at the point of sale. Unlike gas card or ATM skimmers, there is almost no way for a consumer to determine that Magecart skimming is about to take place. There is no physical manifestation of Magecart and it is not always easy to catch, because it <strong>takes advantage of universal code and other applications not typically related to payments<\/strong>.<\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-103387\" title=\"ecommerace\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/ecommerce-1.jpg?resize=150%2C100&#038;ssl=1\" alt=\"ecommerace\" width=\"150\" height=\"100\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/ecommerce-1.jpg?resize=150%2C100&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/ecommerce-1.jpg?resize=75%2C50&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/ecommerce-1.jpg?resize=768%2C512&amp;ssl=1 768w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/ecommerce-1.jpg?resize=1024%2C683&amp;ssl=1 1024w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/ecommerce-1.jpg?w=960&amp;ssl=1 960w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/ecommerce-1.jpg?w=1440&amp;ssl=1 1440w\" sizes=\"auto, (max-width: 150px) 100vw, 150px\" \/><\/p>\n<p>Magecart is a consortium of at <a href=\"https:\/\/www.csoonline.com\/article\/3400381\/what-is-magecart-how-this-hacker-group-steals-payment-card-data.html\" target=\"_blank\" rel=\"noopener noreferrer\">least six different hacking groups<\/a> that target <strong>flaws in online shopping cart systems. <\/strong>The attackers like <a href=\"https:\/\/magento.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Magento<\/a> to steal customer payment card information. Magento, an open-source e-commerce platform written in open-source PHP. At least initially <a href=\"https:\/\/www.immuniweb.com\/blog\/top-10-open-source-software-flaws-in-2018.html\" target=\"_blank\" rel=\"noopener noreferrer\">attackers exploited<\/a> a <a href=\"https:\/\/web.archive.org\/web\/20190714165732\/https:\/\/www.owasp.org\/index.php\/PHP_Object_Injection\" target=\"_blank\" rel=\"noopener noreferrer\">PHP Object Injection flaw<\/a> (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-4010\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2016-4010<\/a>) in the popular online shopping cart.<\/p>\n<p>In order to run this compromise, the Magecart attacker <strong>substitutes a piece of Javascript code<\/strong>, either by altering the Magento source code or by redirecting the shopping cart using an injection to a website that hosts the malware to steal the credit card and user information.<\/p>\n<p><a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/mirrorthief-group-uses-magecart-skimming-attack-to-hit-hundreds-of-campus-online-stores-in-us-and-canada\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-103386\" title=\"Trend Micro Mirrorthief attack chain\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/magecart-attack-chain.jpg?resize=419%2C293&#038;ssl=1\" alt=\"Trend Micro Mirrorthief attack chain\" width=\"419\" height=\"293\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/magecart-attack-chain.jpg?resize=1024%2C717&amp;ssl=1 1024w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/magecart-attack-chain.jpg?resize=75%2C53&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/magecart-attack-chain.jpg?resize=150%2C105&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/magecart-attack-chain.jpg?resize=768%2C538&amp;ssl=1 768w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/magecart-attack-chain.jpg?w=1334&amp;ssl=1 1334w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/magecart-attack-chain.jpg?w=960&amp;ssl=1 960w\" sizes=\"auto, (max-width: 419px) 100vw, 419px\" \/><\/a>RiskIQ CEO Manousos warns;<\/p>\n<p style=\"text-align: justify; padding-left: 30px;\"><em>Without greater awareness and an increased effort to implement necessary security controls, there will be more attacks using an ever-expanding range of technologies and strategies.<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/web.archive.org\/web\/20200713073047\/https:\/\/www.riskiq.com\/infographic\/evil-internet-minute-2019\/\" target=\"_blank\" rel=\"riskiq infographic noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-103261 size-large\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/Evil-Internet-Minute-RiskIQ-Infographic-2019.jpg?resize=391%2C1024&#038;ssl=1\" alt=\"RiskIQ infographic\" width=\"391\" height=\"1024\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/Evil-Internet-Minute-RiskIQ-Infographic-2019.jpg?resize=391%2C1024&amp;ssl=1 391w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/Evil-Internet-Minute-RiskIQ-Infographic-2019.jpg?resize=29%2C75&amp;ssl=1 29w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/Evil-Internet-Minute-RiskIQ-Infographic-2019.jpg?resize=57%2C150&amp;ssl=1 57w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/Evil-Internet-Minute-RiskIQ-Infographic-2019.jpg?w=630&amp;ssl=1 630w\" sizes=\"auto, (max-width: 391px) 100vw, 391px\" \/><\/a><\/p>\n<p><strong><em>rb-<\/em><\/strong><\/p>\n<p><em>Firms that fall victim to attacks don\u2019t just lose card info. They also lose time and productivity. Restoring hacked data and systems takes time and resources. The damage to a company\u2019s reputation can cost it new and existing customers. Then there are the legal penalties from PCI, HIPAA, and the courts that come with mishandling customer information.<\/em><\/p>\n<p><em>Like I keep saying &#8211; time to go back to the cash economy.<\/em><\/p>\n<h6>Related articles<\/h6>\n<ul>\n<li><a href=\"https:\/\/www.usatoday.com\/story\/money\/2015\/03\/19\/target-breach-settlement-details\/25012949\/\" target=\"_blank\" rel=\"noopener noreferrer\">Few Target victims to benefit from settlement<\/a> (<a href=\"https:\/\/www.usatoday.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">USA Today<\/a>)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em><a title=\"Ralph Bach\" href=\"https:\/\/rbach.net\/index.php\/new-resume\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0<a title=\"Bach Seat\" href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on <a class=\"broken_link\" href=\"http:\/\/www.linkedin.com\/in\/rb48334\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">LinkedIn<\/a>,\u00a0<a href=\"https:\/\/www.facebook.com\/ralph.bach.14\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>,\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/rbach48334\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>. Email the Bach Seat\u00a0<a href=\"mailto:\/\/bach.seat@gmail.com\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>RiskIQ says cybercriminals cost the global economy $2.9M every minute of 2018 lead by Magecart attacks against online shopping carts<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[3161,125,2162,1282,512,2370,612,951,3342,4,3341],"class_list":["post-98497","post","type-post","status-publish","format-standard","hentry","category-security","tag-3161","tag-data-breach","tag-hacking","tag-hipaa","tag-open-source","tag-pci-dss","tag-phishing","tag-pii","tag-riskiq","tag-security","tag-skimmer"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/98497","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=98497"}],"version-history":[{"count":12,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/98497\/revisions"}],"predecessor-version":[{"id":128749,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/98497\/revisions\/128749"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=98497"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=98497"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=98497"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}