British Airways recently had 385,000 online transactions hacked due to a code weakness on their payment processing pages. And customers were not happy.
Reputation is important for any organization, so limiting bad news is crucial to ensure that consumers can trust your brand. British Airways, however, have experienced a significant blow to their public image due to a recent hack which ransacked their customers’ confidential data. The attack that took place was an example of cross-site scripting, a method of hacking which may not grab as many headlines as ransomware and malware but is still very dangerous.
Processing online payments is part and parcel of any business with a digital presence these days, so I think it’s important we take a look at what happened to British Airways.
Who Hacked British Airways?
It’s believed that Magecart are the hacking group behind the British Airways hack due to the similar techniques used to execute the attack. Magecart first emerged in early 2016 and was linked to numerous hacks that affected online shops and sought to steal credit card details during online payment processing. Previously, Magecart had targeted third party payment processors rather than payment systems embedded within websites. However, the attack on British Airways demonstrated that Magecart were now developing tailored code to attack their targets’ websites directly.
How Did Magecart Launch Their Attack?
Unlike ransomware and malware, there was no need for Magecart to dispatch an email containing a malicious payload. Instead, they targeted the code of British Airways’ website. By exploiting weaknesses in the website’s code, Magecart were able to ‘inject’ 22 new lines of code into the British Airway’s website. And it was this small amount of code which made the hack so devastating.
Lying silently in the background, this new code would log keystrokes from the payment processing section and, once the victim hit the ‘submit’ button, it would transmit these keystrokes to the attackers’ server. Not only were credit card details compromised, but also a significant amount of sensitive, personal data. To help reduce the chances of being detected, the hackers even loaded their own server with an SSL security certificate to make it appear genuine. Sadly, it was far from genuine. The attack managed to remain undetected for 15 days and, as a result, managed to infiltrate a huge number of online transactions.
The Dangers of Cross-Site Scripting
Combating cross-site scripting attacks is not easy due to the difficulty in spotting previously unknown vulnerabilities contained within website codes. However, progress is always being made and it’s now possible to employ automated tools that can identify when the code behind a website has been changed remotely. Alternatively, disabling scripts on your website is a guaranteed remedy, but that comes with the headache of reduced functionality which could easily eat into your revenue.
Regardless of whether your website’s code is secure or not, the activities of Magecart are proof that hackers are looking for new and cunning ways to breach your defenses. What’s most important is that you monitor all network activity and analyze any activity which is unusual otherwise you could find yourself with a huge number of unhappy customers at your door.
For more ways to secure and optimize your business technology, contact your local IT professionals.
