$400 Amazon Gift Card with OnDemand Training through March 10 - Learn More!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

New Year, Same Magecart: The Continuation of Web-based Supply Chain Attacks

  • Thursday, April 18, 2019 at 3:30 PM EDT (2019-04-18 19:30:00 UTC)
  • Yonathan Klijnsma, Dave Shackleford


  • RiskIQ

You can now attend the webcast using your mobile device!



Since 2015, RiskIQ has been tracking, naming and documenting the threat now publicly known as Magecart. Having publicized on the major breaches of Ticketmaster, British Airways and Newegg amongst others, RiskIQ has always had a unique insight into this threat and its evolution.

In this talk, we'll go through the evolution of how we got to web-based skimmers from the 'typical' breaches of payment data in bulk. We'll break down:

  • How the first criminal group figured out how to perform web-skimming
  • What mistakes they made
  • How their initial developments started this explosive growth of web-skimming

In addition, we'll explain in detail the unique aspects to certain groups, but especially the way skimming attacks (and the skimmers themselves) work and how organizations can help protect themselves to it.

Speaker Bios

Yonathan Klijnsma

Yonathan Klijnsma is a threat researcher at RiskIQ, leading threat response and analysis efforts with the help of RiskIQ's comprehensive data set. Both his work and hobby focuses around threat intelligence in the form of profiling threat actors as well as analyzing and taking apart the means by which digital crime groups work.

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.