More than a third of those attempts had been noticed between 13 and 20 September.
I don’t want to get into criticising endpoint and IPS vendors here (and more stats = better) but I think it’s fair to say industry wide there isn’t good detection here. Through investigating this I’ve yet to trigger a single security alert & I’ve seen lots of sites + checked out.— Kevin Beaumont (@GossiTheDog) September 25, 2018
Symantec said it studied a smaller subset of these attempts, to try and comprehend the types of websites that were being attacked.
Looking at 1000 instances of "formjacking" between 18 and 20 September, it said that 57 individual sites, ranging from online retail to smaller niche operations to larger retail sites, were affected.
"Websites affected ranged from a fashion retailer in Australia, to a supplier of outdoor accessories in France, and a fitness retailer in Italy. Other retailers affected included a supplier of parts for cars and sites selling kitchen accessories and customised gifts," Symantec said.
It said the Magecart group had earlier been focusing on compromising Magneto online stores, but looked to have switched tactics in recent days and was now using "formjacking" and supply chain compromise to obtain data of payment cards.
Graphic: courtesy Symantec