Kenishirotie - stock.adobe.com

Retailers urged to get to grips with Magento as attacks spike

A huge spike in online retailers being hacked with Magecart credit card skimmers is being blamed on unsupported versions of Adobe Magento

Retailers are being urged to get a grip and upgrade their Adobe Magento deployments after a spate of attacks over the weekend of 12 and 13 September 2020 saw almost 2,000 online stores compromised by cyber criminals exploiting a defunct version of the popular e-commerce platform to install Magecart credit card skimmers on their websites.

Adobe Magento is designed to let retailers quickly and easily build online stores, but version one of the platform has reached end of life, and Adobe ended support for it in June 2020. Despite this, as many as 95,000 retailers have failed to upgrade to version two, which has been available for five years at this point.

According to Sanguine Security (Sansec) founder Willem de Groot, who spent his weekend tracking the wave of cyber attacks, this was an automated attack, and the largest one he has seen since he began monitoring online retailers in 2015.

De Groot said the scope of the incident illustrated the increased sophistication and profitability of web skimming, and estimated that tens of thousands of innocent consumers will have had their credit card data stolen over the weekend.

He said the attacks likely exploited a remote code execution zero-day vulnerability which was advertised for sale on a Russian-speaking forum last month for $5,000.

Sansec did not name any of the retailers affected, although the list is being made available to law enforcement agencies.

Paul Bischoff, privacy advocate at Comparitech, said it was now relatively easy for cyber criminals to scan for Magento 1 users, access their systems, and upload shell scripts to install Magecart.

“Card skimming attacks are undetectable by end-users, so the responsibility falls on website operators to update their systems to the latest version of Magento. At this point, any website using Magento 1.x should be assumed compromised,” he said.

Chris Hauk, consumer privacy champion at Pixel Privacy, added: “These site skimming attacks will continue to grow in frequency as long as the bad actors of the world can continue to profit from them.

“This underscores the need for online merchants to ensure their online stores are running under the latest version of available software, which is likely hardened more against this type of attacks than outdated, obsolete software.”

James Allen-Lewis, development director at Sonassi, which runs cloud hosting services for Magento users, described the attacks as entirely unsurprising and said online retailers needed to up their game and get to grips with their security postures.

“As far back as last year, warnings had been issued about the likelihood of attacks on Magento 1 stores, and as the deadline to end of life grew closer, these warnings have gotten louder,” he said.

“As we head into the winter months and with the threat of a second wave [of Covid-19] and localised lockdowns persisting, online retailers are likely to see demand remain heavy for their services. While this is undoubtably a welcome headache for many, it should not mean merchants hold off on securing their website, particularly when incidents like this lay bare the realities of inaction.”

In addition to updating Magento as a priority, Allen-Lewis called for retailers to adopt other measures such as implementing more frequent password updates and multi-factor authentication, and locking down the administrator interface by IP address, which could make it much harder for cyber criminals to access critical parts of the organisation.

“Many attacks involve files being added or changed on a website. It is vital you monitor your log for any suspicious file activity. Furthermore, run regular audits on admin accounts and keep admin access to a minimum. You should always know who has access to your website,” he said.

“Finally, ensure you scan your website regularly for indicators of compromise. This will give you a much stronger insight into the security posture of your business.”

Read more about Magento

Content Continues Below

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close