Close to two thousand online stores running the obsolete Magento version 1 content management system were hacked during the weekend by hackers who used malicious code to steal payment information from the targeted sites.
Sanguine Security, that specializes in preventing digital skimming (Magecart) attacks, said all the 1,904 hacked e-commerce sites were running Magento version 1 which was announced End-Of-Life last June.
Magento is a popular e-commerce script that uses MySQL and Zend PHP databases and allows online merchants to control the look and feel of their websites. The handy interface allows for seamless search engine optimisation, catalogue management, and marketing and can support businesses from any industry and of all sizes. Over 250,000 online merchants worldwide use Magento as their e-commerce platform.
According to Sanguine Security, the hacking of nearly two thousand sites that ran Magento version 1 was the largest coordinated attack it had seen that targeted e-commerce platforms. The hacking took place a few days after a new Magento 1 “remote code execution” exploit kit was put up for sale on a hacking forum for $5000.
"The massive scope of this weekend’s incident illustrates increased sophistication and profitability of web skimming. Criminals have been increasingly automating their hacking operations to run web skimming schemes on as many stores as possible," the firm said.
The firm added that the private information of tens of thousands of customers was compromised due to the hacking of one of the compromised stores during the weekend, but chose not to name the store.
This was the first reported Magecart attack after security firm Gemini Advisory revealed in July that the Keeper Magecart group, which is highly proficient in using data skimming malware to steal payment card details from e-commerce sites and then selling the stolen payment card details on the Dark Web for profit, targeted over 570 victim e-commerce domains in 55 different countries since 2017.
"Operating on an outdated content management system (CMS), utilizing unpatched add-ons, or having administrators’ credentials compromised through sequel injections leaves e-commerce merchants vulnerable to a variety of different attack vectors.
"Over the past six months, the Gemini team has uncovered thousands of Magecart attacks ranging from simple dynamic injection of malicious code using a criminally hosted domain, to leveraging Google Cloud or GitHub storage services and using steganography to embed malicious payment card-stealing code into an active domain’s logos and images. The criminals behind this threat constantly evolve and improve their techniques to prey on unsuspecting victims who do not emphasize domain security," Gemini said.
Commenting on the ease with which hackers compromised thousands of Magento-running stores, Paul Bischoff, Privacy Advocate at Comparitech.com, said hackers Hackers can easily scan for outdated versions of Magento and use automated bots to access them, upload shell scripts, and install the card skimming malware.
"Card skimming attacks are undetectable by end-users, so the responsibility falls on website operators to update their systems to the latest version of Magento. At this point, any website using Magento 1.x should be assumed compromised," he said.
Chris Hauk, Consumer Privacy Champion at Pixel Privacy, said these site skimming attacks will continue to grow in frequency as long as the bad actors of the world can continue to profit from them. "This underscores the need for online merchants to ensure their online stores are running under the latest version of available software, which is likely hardened more against this type of attacks than outdated, obsolete software," he added.