Hackers Target Atlanta Hawks Online NBA Basketball Store
When it comes to cyber attack campaigns, we are often hearing news involving a financial institution, a multinational company or a healthcare firm. Never in our typical understanding of cyber attacks will attack anything that has relation to a single NBA team, or any sporting team in general. However, on April 23, Atlanta Hawks, one of the teams competing in the National Basketball Association saw its merchandise site becoming a victim of a cyber attack. The attack was apparently pulled-off with the use of Magecart, a specific attack used to capture user credit cards. We have featured Magecart last Nov 2018, a notorious credit card stealing malware.
“The first time we detected skimming code on the website was June 6th of 2017. The compromise wasn’t targeted however, it was one aimed at hundreds of websites at the same time,” explained Yonathan Klijnsma, RiskIQ’s Threat Researcher.
Atlanta Hawks spokesperson mentioned that everything is fine now, but the investigation continues with regards to HawksShopdotcom, the team’s official merchant store site. “We take these matters of security and privacy extremely seriously. Yesterday, we were alerted the host site for HawksShopdotcom was subject to an isolated attack. Upon receiving that information, we disabled all payment and checkout capabilities to prevent any further incident. At this stage of the investigation, we believe that less than a handful of purchases on HawksShopdotcom were affected. We are continuing to investigate and will provide updates as needed,” explained Atlanta Hawks spokesperson.
As security experts review the HawksShopdotcom, it has been discovered that it is running Magento Commerce Cloud 2.2, an Adobe-made e-commerce system. There is a small probability that the data breach is related to imagesenginedotcom, where information that was stolen was apparently stored. Imagesenginesdotcom is a new domain, with registration dated March 25, 2019.
Willem de Groot, a security researcher made a comment in Twitter, is doubtful about the statements of the Atlanta Hawks spokesperson:
Last week, the NBA Hawks got hacked (@ATLHawks).
“We take these threats seriously and are investigating,” a Hawks spokesperson said. The malware is no longer active on the site, the representative said.
Is it? pic.twitter.com/zTHyG7VtBQ
— Willem de Groot (@gwillem) April 24, 2019
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.