Magecart Attacks See Spike in Automation

The latest attack in the long string of Magecart breaches has apparently affected over 900 e-commerce sites in under 24 hours. This increase over the previous attack, which affected 700 sites, suggests that its authors are working on improving the automation of these information-stealing attacks. The results of these types of attacks can be seen in the latest major fines being issued under GDPR, including one to Marriott for $123 million and another to British Airways for a whopping $230.5 million.

Agent Smith Android Malvertiser Spotted

Researchers have been tracking the resurgence of an Android-based malware campaign that disguises itself as any number of legitimate applications to deliver spam advertisements. After being installed from a third-party app store, the malware checks both a hardcoded list and the command-and-control server for available apps to swap out for malicious copies, without alerting the device owner. The majority of targeted devices have been located in southwestern Asia, with other attacks showing up in both Europe and North America.

Third Florida City Faces Ransomware Attack

Almost exactly one month after the ransomware attack on Lake City, Florida, a third Florida city is being faced a hefty Bitcoin ransom to restore their systems after discovering a variant of the Ryuk ransomware. Similar to the prior two attacks, this one began with an employee opening a malicious link from an email, allowing the malware to spread through connected systems. It is still unclear if the city will follow the others and pay the ransom.

British Airways Receives Record GDPR Fine

Following a data breach last year that affected over 500,000 customers, British Airways has been hit with a total fine amount of $230.5 million. The amount is being seen as a warning to other companies regarding the severity of not keeping customer data safe, though it’s still much less than the maximum fine amount of up to 4% of the company’s annual turnover.

Georgia Court System Narrowly Avoids Ransomware Attack

Thanks to the quick work of the IT team from Georgia’s Administrative Office of the Courts (AOC), a ransomware attack that hit their systems was swiftly isolated, leading to minimal damage. Even more fortunate for the AOC, the only server that was affected was an applications server used by some courts but which shouldn’t disrupt normal court proceedings. Just days after the initial attack, the IT teams (aided by multiple law enforcement agencies) were already in the process of returning to normal operations without paying a ransom.

Connor Madsen

About the Author

Connor Madsen

Threat Research Analyst

As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.

Share This