Digital Attack Strikes 201 Online Campus Stores

  • By Dian Schaffhauser
  • 05/16/19
online credit card fraud

A digital attack recently hit 201 online campus stores, all running the same checkout software. A cybercrime group injected a version of Magecart, first reported by Trend Micro, into campus store websites to scrape credit card and other customer data during checkout, which was then sent to a remote server. All of the colleges and universities affected were running PrismWeb, an e-commerce platform designed specifically for college stores by PrismRBS. None of the institutions involved have been named.

Trend Micro disclosed its findings to PrismRBS in late April, which, according to a statement PrismRBS issued, "immediately took action to halt the current attack, initiated an investigation, engaged an external IT forensic firm to assist in our review [and] notified law enforcement and payment card companies." PrismRBS said it has also reached out to customers that have been hit.

This version of the Magecart attacks, named Mirrorthief by the security company, apparently forged a Google Analytics script, but then loaded its own script, which was responsible for stealing the payment information, according to an explanation by Trend Micro.

"To defend against this type of threat, website owners should regularly check and strengthen their security with patches and server segregation," advised Trend Micro. "Site owners should also employ robust authentication mechanisms, especially for those that store and manage sensitive data. IT and security teams should restrict or disable outdated components, and habitually monitor websites and applications for any indicators of suspicious activity that could lead to data exfiltration, execution of unknown scripts, or unauthorized access and modification."

PrismRBS was formed last year when Nebraska Book Company and the Collegiate Retail Alliance merged their point-of-sale and enterprise resource planning businesses.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • student reading a book with a brain, a protective hand, a computer monitor showing education icons, gears, and leaves

    4 Steps to Responsible AI Implementation

    Researchers at the University of Kansas Center for Innovation, Design & Digital Learning (CIDDL) have published a new framework for the responsible implementation of artificial intelligence at all levels of education.

  • glowing digital brain interacts with an open book, with stacks of books beside it

    Federal Court Rules AI Training with Copyrighted Books Fair Use

    A federal judge ruled this week that artificial intelligence company Anthropic did not violate copyright law when it used copyrighted books to train its Claude chatbot without author consent, but ordered the company to face trial on allegations it used pirated versions of the books.

  • server racks, a human head with a microchip, data pipes, cloud storage, and analytical symbols

    OpenAI, Oracle Expand AI Infrastructure Partnership

    OpenAI and Oracle have announced they will develop an additional 4.5 gigawatts of data center capacity, expanding their artificial intelligence infrastructure partnership as part of the Stargate Project, a joint venture among OpenAI, Oracle, and Japan's SoftBank Group that aims to deploy 10 gigawatts of computing capacity over four years.

  • laptop displaying a phishing email icon inside a browser window on the screen

    Phishing Campaign Targets ED Grant Portal

    Threat researchers at cybersecurity company BforeAI have identified a phishing campaign spoofing the U.S. Department of Education's G5 grant management portal.