British Airways Hackers Used Same Attack that Breached Ticketmaster UK

Germany, Europe’s Largest Economy, Lost $50 Billion Due to Cyberattacks

A threat management research firm has determined that the same criminal group behind this year’s Ticketmaster UK breach also attacked British Airways in a breach that impacted nearly 400,000 customers.

RiskIQ’s Yonathan Klinjnsma has identified the hackers of the recently infamous British Airways as the Magecard group, notorious for their attack vector of using forms in websites to insert code that siphons customers’ bank card details.

The researcher has pointed to significant evidence that the same criminal hacking group has been behind the two attacks by analyzing the source code from British Airways’ website and its mobile app. Magecard was found to have injected a few lines of JavaScript on the checkout pages of both platforms.

“Magecart set up custom, targeted infrastructure to blend in with the British Airways website specifically and avoid detection for as long as possible,” RiskIQ said today. “While we can never know how much reach the attackers had on the British Airways servers, the fact that they were able to modify a resource for the site tells us the access was substantial.”

Further, the research firm insisted that they had accessed the servers long before the attack, “a stark reminder about the vulnerability of web-facing assets,” the researched added.

While Magecart compromised a third-party supplier with the attack on Ticketmaster, it directly compromised the payment form deployed by British Airways. The exploit raises concerns about payment form security on popular websites that collect sensitive financial data.

“We suggest British Airways customers get a new card from their bank. Some banks have already been proactively issuing new cards for their customers, Monzo is an example of these,” researchers wrote, pointing to the following tweet:

Meanwhile, British Airways chief executive Alex Cruz has promised customers impacted by the breach with “100%” compensation and could be looking at footing a large bill, if the stolen card details have been used.

Image credit: Pixabay.