Magento is an eCommerce platform, it empowers thousands of retailers and brands with eCommerce solutions for any type of online store. Utilized by businesses ranging from clothing brands to food & beverage and even government, non-profit and education.
Thousands of online retailers utilize this platform, and It’s just been announced that upwards of 2,000 of these online stores were hacked this past weekend.
Security researchers are describing it as the “largest campaign ever.”
The attacks “were a typical Magecart scheme where hackers breached sites and then planted malicious scripts inside the stores’ source code, code that logged payment card details that shoppers entered inside checkout forms.”
According to a report by Sanguine Security (SanSec) who specializes in tracking Magecart attacks, 10 stores were infected Friday, 1,058 were infected Saturday, 603 were infected on Sunday, and another 233 infected Monday.
SanSec, which began monitoring in 2015, says this is the largest automated campaign they have identified. The last being a record of 962 stores hacked in a single day in July 2019.
How was such a large-scale attack possible?
According to SanSec, most of the compromised sites were running an older version of the Magento online store software, version 1.x, which has stopped receiving security updates after its end-of-life (EOL) on June 30, 2020.
Magento is owned by Adobe, who has been urging store owners to upgrade to the newest 2.x branch since November 2019. Security experts believe hackers were biding time, waiting for the version to reach its EOL “to make sure Adobe wouldn’t patch their bugs.”
It’s still unknown how hackers breached the targeted sites, but it appears expert’s theory on a massive campaign after the software’s end-of-life was (unfortunately) correct.
The “good news” is that since EOL in June 2020, the number of stores running Magento 1.x went down from 240,000 to 95,000. Some of the remaining stores have likely been abandoned due to slow or nonexistent user traffic, or using web application firewalls (WAFs) to stop attacks in the mean-time.
Worried your current cybersecurity firm isn’t keeping your software up-to-date and this may happen to you? Call DarkHound SecOps today for your free cybersecurity assessment (714) 266-3790 or [email protected].
-Emmy Seigler
Image Source: https://www.pexels.com/photo/woman-holding-card-while-operating-silver-laptop-919436/