Analysis of British Airways breach uncovers sophisticated techniques

No Comments

BA plane

The British Airways breach earlier this year affected around 380,000 customers and resulted in the theft of data including personal and financial details.

The threat research team at Securonix has taken an in-depth look at the breach and the Magecart threat actor behind it, to uncover how it was carried out and offer tips to mitigate and prevent future attacks.

The card skimming campaign used against BA has hit several other major victims this year, including the Ticketmaster and Newegg breaches. It works by installing malicious customized JavaScript on the victim's website. This can be done directly by compromising the victim's site, or indirectly by compromising a third-party component used by the victim -- replacing the original, legitimate JavaScript, with the malicious JavaScript.

In the case of the British Airways attack, Magecart most likely directly targeted the British Airways website content, modifying some of the JavaScript code on the main website instead of utilizing a compromised third-party. Because BA's mobile app also loads a webpage built with the same CSS and JavaScript components as the main website it was compromised too.

The analysis finds that some versions of Magecart include special tripwire code that detects the use of development tools to view the source of the scripts, and reports back the IP address, browser, and timezone as well as some additional information about the system.

The researchers say there are three key monitoring areas that are important to increase chances of detecting similar attacks, namely web server content/FIM, endpoint logs, and SSL/TLS proxy logs. "The first area is important to identify the supply chain attacks and attempts of the malicious threat actor to install the malicious form grabbing JavaScript implant content on the servers, and the other two areas are needed to identify the activity of the implant working within the users' browsers."

You can find out more and download the full report on the Securonix blog.

Image credit: Fasttailwind / Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

What happens to Linux when Linus Torvalds dies?

Tech leaders congratulate Donald Trump on 2024 election victory

New platform offers improved observability for enterprises

The first new PowerToys release in some time adds a raft of new features

Why businesses need to start transitioning to post-quantum cryptography now [Q&A]

Is AI a double-edged sword for lawyers?

Frontgrade introduces 18GB DDR4 memory for space technology

Most Commented Stories

Switching from Microsoft Windows 11 to Linux is like Columbus discovering America

32 Comments

Windows 10: Microsoft reveals how much you'll need to pay to keep receiving updates

18 Comments

Bring your Windows 10 and 11 desktops to life with the amazing (and free!) Sucrose -- download it now

13 Comments

Seelen UI transforms Windows 10 and 11 into your dream OS -- download it now

11 Comments

Unnecessary replacement of hardware leads to higher costs and growing waste problem

9 Comments

Belkin launches Connect USB-C 11-in-1 Pro GaN Dock with 150W power

8 Comments

The latest version of Ubuntu Linux is here -- don’t delay, dump Windows 11 today!

7 Comments

Apple launches new compact Mac mini with M4 and M4 Pro chips

7 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.