This past week, we lost a valued member of our community. Yonathan Klijnsma was a brilliant threat researcher, and headed up that department at Risk IQ. Cancer stole his future and robbed us all. I am sorry that I did not meet him or get to tell him how much I appreciated the work he did, and how much I have learned from him over these past few years. So in tribute, let me share that here.
Yonathan is one of the researchers I started following in my early days because of how perceptive he was, and I learned so much from the details in the information he shared. He has contributed greatly to our field, presented at numerous information security conferences including DEF CON and Virus Bulletin, and provided information to various media and news sources such as Wired and CBS. A bio from One Conference 2019 described his work to “focus around threat intelligence in the form of profiling, analyzing and taking apart the means by which digital crime groups work.”
I benefitted most from Yonathan’s work on Magecart, which was insightful, detailed and definitive. When British Airlines UK was breached by Magecart in June 2018, he cited the actual extent of a rapidly progressing trend in cybercrime that targeted coding weaknesses in e-commerce sites.
“While Ticketmaster received the publicity and attention, the Magecart problem extends well beyond Ticketmaster,” said Klijnsma. “We believe it’s cause for far greater concern — Magecart is bigger than any other credit card breach to date and isn’t stopping any day soon.”(https://www.securityweek.com/ticketmaster-breach-tip-iceberg-major-ongoing-magecart-attacks)
Because of how well he explained things, I was able to succinctly summarize and share the nature of this threat with a varied audience where I work, and consequently developed a fascination with the groups and the tactics. Web-skimming has evolved considerably in just a few years, feeding off our increasing online society and further fueled by the current pandemic lockdows. Last June Magecart-style tactics were observed in use by the North Korean advanced persistent threat group “Hidden Cobra” to fill nation state coffers.
Here is a link to Yonathan’s presentation “Inside Magecart: The History Behind the Covert Card-Skimming Assault on E-Commerce” at the Virus Bulletin 2019 conference in London.
Some Risk IQ works on Magecart include:
I have heard it said in our infosec community that we stand on the shoulders of giants. Thank you, Yonathan, for letting us stand on yours. RIP.