On October 14th, a shocking cyberattack impacted over 1,800 Magento stores in just a few hours, raising serious concerns about the security of e-commerce platforms. With previous high-profile incidents like the Magento Marketplace breach in 2020 and the Magento ransomware attacks in 2021, this latest incident underscores the persistent vulnerabilities that online retailers face. How prepared are you to protect your Magento store from such threats?
The attack, executed by a group known as Peschanki, involved the use of an automated skimmer that infiltrated every content management system (CMS) block. This breach not only demonstrates the sophistication of modern cybercriminals but also highlights the urgent need for enhanced security measures among e-commerce businesses.
How did the Attack work?
The hackers efficiently injected their malicious skimmer into numerous CMS blocks across targeted stores, infecting over 100 blocks on certain sites. According to cybersecurity firm Sansec, the malware was specifically designed to harvest sensitive customer payment information by targeting crucial elements in the checkout process, including:
- checkout-payment-method-load
- payment_method_container
- checkout-payment-method
- klarna-checkout-container
These elements were manipulated to display a fake payment form. Once users entered their payment details, this information was stored in a cookie named __ffsj and sent to a remote server hosted by Alibaba. After the data was exfiltrated, customers would see an error message stating, Selected payment method is currently unavailable, please try again, leaving them oblivious to the fact that their payment information had been compromised.
Impact and Scale of the Attack
The speed and scale of the attack were shocking, with the skimmer being deployed across all targeted stores in just a few hours. Given the automated nature of the attack, Magento store owners were caught off guard, and many sites were left vulnerable due to outdated software and insufficient security measures.
How Magento Store Owners Can Keep Their Stores Safe?
1. Regularly Update Magento and Extensions
Keep your Magento platform and any installed extensions updated to the latest versions. Security patches in updates help protect against known vulnerabilities and enhance overall security.
2. Implement Strong Password Policies and Two-Factor Authentication
Encourage strong, unique passwords for all users, and implement two-factor authentication (2FA). This adds an extra layer of security and makes unauthorized access significantly more difficult.
3. Use a Web Application Firewall (WAF)
Deploying a WAF can protect your site from common threats like SQL injection and cross-site scripting (XSS) by filtering and monitoring HTTP traffic, adding an essential layer of defense.
4. Conduct Regular Security Audits
Regular security audits help identify vulnerabilities within your store. This includes checking for outdated components and assessing user roles and permissions to maintain a secure environment.
5. Backup Data Regularly
Ensure that you have a robust data backup strategy in place. Regularly back up your store’s data and store backups securely. This ensures that you can quickly restore your store in case of a security breach or data loss.
The ultimate solution is to choose the best Magento upgrade service and migrate your store to Magento 2. This version enhances security features, offers improved performance, and includes advanced protocols in the Magento 2.4.7 version to safeguard your business against future threats. By investing in expert migration services, you ensure your store is equipped with the latest security measures, allowing you to focus on business growth while keeping your data safe.
Share Post
Leave a Reply