Magento, the open-source e-commerce platform acquired by Adobe for $1.68 billion in May 2018, has been a common target of cyber attackers due to its global reach and exposure. Recently, the FBI had warned that hackers may be attempting to steal the credit card details of the users of Magento online stores.
In May 2020, hackers were seen carrying out web skimming attacks on the Magento-based websites by exploiting a cross-site scripting vulnerability (CVE-2017-7391) in the MAGMI (Magento Mass Import) plugin.
This could allow attackers to steal environment credentials, and then use them to take full control of the targeted websites.
After gaining access, attackers would inject a malicious script that records and steals buyers' payment card data, and also inject web shells (as backdoors) for future access to the website.
Other attacks
E-commerce platforms like Magento have been one of the key targets of several threat actors for a long time.
In November 2019, Adobe had disclosed that a vulnerability in the Magento Marketplace website had allowed an unauthorized third-party to access account information for registered users, resulting in a security breach.
In August 2019, it was revealed that Magecart attackers had compromise over 80 eCommerce sites that were running an outdated version of Magento such as v1.5, v1.7, or v1.9.
In July 2019, the Magecart group was found using web skimmers to compromise the Magento-based websites. The skimmer code (written in JavaScript) was injected into the websites and tried to bypass detection by using fake Google Analytics domains.
In July 2019, a malicious PHP script named “Magento Killer” was observed targeting Magento installations and allowing the attackers to alter the core of the database using special SQL queries encoded in base64.
Magento attacks getting traction
According to a report by Sanguine Security, the attacks on the Magento 2.x shopping sites increased exponentially during mid-2019.
From March 2019 to June 2019, the number of hacked sites kept doubling for three months in a row.
The primary target of attackers was security flaw codenamed "PRODSECBUG-2198," a SQL injection flaw that could allow remote, unauthenticated attackers to take over unpatched, vulnerable sites.
Security tips
Users running their e-commerce website on Magento should keep updating their web-platform along with all the plugins and other dependencies at a regular interval. Using a strong password, and regularly updating it can help prevent brute-force attacks. Regular inspection of the site for malicious code or unauthorized access can help fill in the gaps.