Magecart Detection

Detect client-side security breaches, Magecart attacks, website skimming, form-jacking, and supply chain attacks.
Protect your customer’s data, prevent massive fines and avoid damage to your business’ reputation.

Request a Demo

Defend against Website Data Breach Attacks

Do you know when your customers’ personal and financial data
is being stolen from your website?

Our monitor can detect when your site has been compromised – either directly, or through a third-party. Rapid and accurate detection for Magecart breaches, website skimming, form-jacking and supply chain attacks.

Magecart attacks are happening every single day with many reported in the press causing huge reputational damage. The affected websites range from small online stores to large multinationals – no-one is safe.

Online businesses need to rapidly detect and alert when they have been compromised. This quick response should reduce exposure to the after-effects of a data breach.

RapidSpike’s Data Breach Monitor alerts you to attacks that compromise your website instantly.

Using Internal and/or Third Party JavaScript?

If you are, regardless of your current security setup – your customers are vulnerable to attack.

Who are the hacker groups behind the attacks?

The main hacking group behind these attacks is called Magecart although there are other groups.

Magecart type attacks have been gaining in frequency and scale since 2015, with recent breaches hitting news headlines and affecting businesses worldwide.

The common factor in these breaches is that they all utilise JavaScript as an attack vector.

My website is secure. Why am I at risk of a breach?

The attacks can be on any embedded JavaScript. This can be either deployed by you or called from third-party suppliers found on your website.

This means you are only as secure as your ‘weakest’ third party.

Third-party scripts might include Marketing, Analytics, Code Libraries, Social Media, Customer Success, Video, Hosting, Payment Providers, Content Networks and many more.

How do the Magecart type breaches happen?

These JavaScript attacks occur by exploiting a vulnerability on the web server.

They then either inject malicious JavaScript code into an existing file or edit the HTML of the website to call a new third-party JavaScript file that includes malicious code.

Both of these variants have been seen in recent attacks and it has been almost impossible to detect… until now.

Data Breach Attacks are affecting all sizes of business

Victims include major retailers, global leading brands, international and small independent businesses:

  • British Airways – The attack lasted for 16 days with 380,000 customers affected with huge press coverage.
  • Newegg – The website was compromised for over 1 month with over 50 million users potentially breached.
  • Ticketmaster – 40,000 customers were affected over 9 months with a 3rd party compromised.
  • Sotheby’s – Customers were vulnerable for over 19 months.
  • Discount Mugs – The website was hacked for over 4 months

In 2018, a member of the RapidSpike team’s family suffered from data theft and fraud during the Vision Direct data breach. The attack lasted for 5 days with around 6600 customers affected. After this, we decided to use our knowledge and experience in both website performance and security to create our Data Breach Monitoring solution, helping in the fight against one of the worlds most dangerous cyber threats.

Defend against Website Skimming, Formjacking & Supply Chain Attacks

RapidSpike monitors internal and third-party files – absolutely anything sending data from your website.

The RapidSpike Data Breach Monitor works by building a whitelist of calls made from your website.

We can then warn you if any new destination hosts appear. We look for changes which could indicate an attempted hack and alert you instantly as soon as it is detected.

Benefits of Data Breach Monitoring

RapidSpike Magecart Detection can secure your website with the following benefits:

  • Reduce Detection Time
    Reduce the detection time from 12 days to under 5 minutes
  • 100% Awareness
    Ensure no malicious destinations get added to your website without your prior knowledge
  • No Unauthorised Changes
    Easily and continuously protect against unauthorised changes to your critical JavaScript files
  • Detect All Magecart Attacks
    Detects website skimming, form-jacking and supply chain attacks
  • Comply With Legislation
    Clear evidence for the ICO that you have taken steps to defend yourself
  • Monitor Your Supply Chain
    You can’t secure what you don’t own – assure your third-party supply chain
  • Real Time Monitoring
    Continuously monitor for changes before, during and after the event
  • Up-To-Date Protection
    Research and Development into new threats on a weekly basis
  • Access to Our Global Security List
    Comprehensive trusted and untrusted domains database to help you decide quickly who to trust
  • Comprehensive Alerting
    Receive alerts of any issues in the format of your choice (Email, SMS, Voice, Slack and more)

Don’t Wait Until Its Too Late

Speak to one of our team today, and find out how you can protect your business from the ever growing Magecart threat.

Request a Demo

How do these attacks happen?

Magecart-style attacks can happen in a variety of different ways.
Here is a breakdown of one of the more common types of data-breach attacks:

Whilst your customers browse and purchase on your website, scripts are loaded from third parties.

If a third party is compromised, hackers then have a way to write scripts affecting your website.

Hackers can then intercept customer card details without you even noticing.

Related content from the Blog

  • Insider: Yorkshire's Most Exciting Companies
  • Northern Digital Awards 2021 Finalist
  • UK Dev Awards 2021 Winners
  • KPMG Best British Tech Startup 2019: Northern Finalist
  • Prolific North Tech 100: Top 30 Companies to Watch
  • National Cyber Security Centre: Cyber Accelerator Alumni