Dive Brief:
-
The malicious code that targeted Ticketmaster is part of a larger digital credit card-skimming campaign that hit more than 800 international e-commerce websites, according to research from RiskIQ. On June 23, Ticketmaster found the malware on a customer support product provided from a third party, Inbenta Technologies. It was not an isolated event.
-
Ticketmaster reported less than 5% of its global customers experiencing impact and disabled the third party's product. Compromised personal data includes name, address, email address, telephone number, payment details and customer logins, according to Ticketmaster. The hacker group, Magecart, transitioned from hacking websites directly to hacking components from suppliers, according to RiskIQ.
-
Magecart's SERVERSIDE campaign attacked some of the world's leading online retailers, leaving more than just Ticketmaster vulnerable. Researchers found that in addition to the sites Ticketmaster said were affected — including Ticketmaster International, Ticketmaster UK, GETMEIN! and TicketWeb — Magecart's skimmer was on other Ticketmaster sites for Ireland, Turkey and New Zealand.
Dive Insight:
Supply chain-style attacks are gaining in popularity because of their success. Attacks that target a part of something bigger leverages a company's most valuable assets — customer and vendor trust.
In September, a batch of CCleaner versions, a system maintenance tool for Windows devices, had malicious code that impacted nearly 2.3 million users. Researchers were unsure of where the code originated, but contained the attack because the rogue server went down.
If bad actors are able to manipulate a product before it's shipped and disbursed, IT departments now have to ask "what software do we trust?"
Ticketmaster's breach highlights just how easy it is for hackers to leave minimal traces of malicious activity. When a breach can go undetected for months, it not only bolsters a hacking group's confidence and scheme, but shames a company for its seemingly weak security posture.