Security firm blames hacking group for British Airways cyberattack

Security firm blames hacking group for British Airways cyberattack
© Getty Images

A cybersecurity firm is naming the alleged hackers behind the recent British Airways attack that may have seized the personal data from 380,000 of the company's customers.

RiskIQ on Tuesday morning attributed the attack against the largest U.K. airline to Magecart -- a sophisticated and persistent hacking group that has actively carried out a series of extensive digital credit card-skimming campaigns earlier this year.

"Magecart set up custom, targeted infrastructure to blend in with the British Airways website specifically and avoid detection for as long as possible," Yonathan Klijnsma, head researcher at RiskIQ, wrote in a blog post. 


"While we can never know how much reach the attackers had on the British Airways servers, the fact that they were able to modify a resource for the site tells us the access was substantial, and the fact they likely had access long before the attack even started is a stark reminder about the vulnerability of web-facing assets."

Magecart recently carried out another headline-grabbing cyber heist, making off with some of Ticketmaster's customers' credit card information earlier this year by placing digital skimmers — devices that steal credit card data.

Ticketmaster wasn't the only victim.

Magecart targeted more than 800 e-commerce sites around the world between February 2017 and June 2018, RiskIQ said in July.

Researchers at RiskIQ, who has been tracking Magecart since 2015, first became suspicious Magecart was behind the attack noticing the attack against British Airways was similar to the one leveled against Ticketmaster. After doing some digging, they were able to confirm their suspicions.

There is a key difference in the attack, the company notes. In the case of Ticketmaster, Magecartby hacking a third-party supplier working with the ticket sales company. In the case of British Airways, the cyber thieves went after the company directly.

"Magecart operatives compromised the British Airways site directly and planned their attack around the site’s unique structure and functionality," according to the company's press release. "The attackers were also aware of the way the British Airways mobile app was constructed, leveraging the fact that it used much of the same functionality as the web-app and could, therefore, victimize users in the same way."

Klijnsma described the difference as an indicator the group is carrying out more sophisticated attacks.

"This attack is a highly targeted approach compared to what we’ve seen in the past with the Magecart skimmer,” said Klijnsma in a statement. "This skimmer is attuned to how British Airways’ payment page is set up, which tells us that the attackers carefully considered how to target this site in particular."

This hack also raises another matter across the pond: It could test Europeans' new data privacy laws, which went into effect in May.

Under the new General Data Protection Regulation (GDPR), British Airlines could possibly face a class-action lawsuit for the loss of its customer's private data, which included information personal and payment information.