Over the weekend, Magento online stores have fallen prey to the largest hacking campaign since 2015. As observed, the attackers targeted the stores with Magecart skimmer to steal customers’ payment card details.
Magento Stores Hacking Campaign
Researchers from Sansec have discovered a huge hacking campaign targeting numerous online stores. They call it the largest hacking campaign since 2015 targeting numerous Magento stores.
As elaborated in their blog post, the attackers basically targeted the stores running on Magento 1 platform.
The attackers injected the malicious skimmer code (Magecart) to the target sites, which served as a keylogger. Hence, the code could allow stealing the information the customers would type on checkout pages.
Regarding the attack strategy, the researchers stated,
Attacker(s) used the IPs 126.96.36.199 (US) and 188.8.131.52 (OVH, FR) to interact with the Magento admin panel and used the “Magento Connect” feature to download and install various files, including a malware called mysql.php. This file was automatically deleted after the malicious code was added to prototype.js.
Regarding the basis of this orchestrated campaign, researchers suspect a vulnerability that they found for sale on a hacking forum. Since Magento 1 has already reached its end-of-life, the seller was pretty sure that a fix won’t be available for that remote code execution bug. Thus, he sold the vulnerability for $5000.
What Should You Do?
The first thing that Magento store owners should do is to update their sites.
According to the researchers, despite reaching EOL, Magento 1 is still running on around 95,000 stores. This shows the huge number of online stores that remain vulnerable to such hacking attacks.
These vulnerable stores are not only a threat to the e-commerce industry but also put the integrity and security of their customers’ data at risk.
While this number of Magento 1 stores has significantly reduced during the past few months. Nonetheless, the number is still huge to conduct a devastating hacking campaign.
On a side note, Adobe has recently partnered with Sansec to improvise their Magento Security Scan Tool. As stated by Adobe,
Through this partnership, Adobe will be adding about 9,000 malware and vulnerability signatures to the Magento Security Scan tool. Each of these signatures has undergone a multistage testing and validation process before being added to the scan tool.
Let us know your thoughts in the comments.