A new Recorded Future threat analysis reveals that 300 restaurants and at least 50,000 payment cards have been compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services.
"The online ordering platforms MenuDrive and Harbortouch were targeted by the same Magecart campaign, resulting in e-skimmer infections on 80 restaurants using MenuDrive and 74 using Harbortouch.
"We have identified more than 50,000 payment card records that were skimmed from these 311 restaurants and posted for sale on the dark web.
As the current MenuDrive and Harbortouch infections exist within a subdirectory on the platforms’ domains, many public website security scanners may not discover its presence. Additionally, the appearance of the Harbortouch infection only within the validated checkout webpage may further inhibit public security scanners. These difficulties reinforce the importance of static security scanning of the browser and server-side code of e-commerce websites to ensure attacks such as these are detected and remediated."
Timothy Morris, Technology Strategist, Tanium weighed in on this latest report:
“Magecart has been around awhile. I agree that app scanning of client/browser and server-side code of e-commerce is important. It needs to be setup in an automated fashion so that any changes or updates to static code alerts application owners. Restaurant owners are simply using a service and do not have the technical expertise or resources to do that work. From a consumer side it is always prudent to use cards that have fraud protection, use virtual cards where possible for web e-commerce, monitor purchases regularly (most financial institutions allow account activity to be sent via Text).”