fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Magento Stores Hit By Largest Automated Hacking Attack Since 2015

Magento Stores Hit By Largest Automated Hacking Attack Since 2015

In the largest automated hacking campaign against Magento sites, attackers compromised almost 2,000 online stores this weekend to steal credit cards.

Adobe Magento is a popular eCommerce platform that allows web sites to quickly create an online store to sell their products and accept credit cards.

Due to this, Magento is commonly targeted by hackers to install JavaScript scripts that steal customers’ credit cards.

These types of attacks are called MageCart and have become a large enough problem for Magento that VISA issued an advisory urging merchants to migrate e-commerce sites to the more secure Magento 2.x,

Largest Automated Magento Hack

Over the weekend, credit card skimming prevention firm Sanguine Security (Sansec) detected 1,904 Magento stores that were compromised over the last four days.

The attack started Friday when ten stores were infected with a credit card skimming script not previously seen in other attacks.

The attack ramped up on Saturday with 1,058 sites hacked, 603 more on Sunday, and an additional 233 today.

According to Willem de Groot, the founder of Sanguine Security, this is the largest automated Magento attack they have seen since they started monitoring eCommerce stores in 2015.

“This automated campaign is by far the largest one that Sansec has identified since it started monitoring in 2015. The previous record was 962 hacked stores in a single day in July last year,” de Groot stated in a report released today.

Also Read: How to Write an Effective Privacy Statement for Websites

The MageCart Attack

Of the hacked stores, the majority were Magento version 1, which no longer receives security updates since June 2020 when it reached the end of support.

When compromised, de Groot told BleepingComputer the attackers would install a PHP web shell called mysql.php that that allowed them to gain full access to the compromised account.

“IOCs: 92.242.62[.]210 mysql.php (webshell) As of Monday, Sansec has finished investigating one of the compromised stores. Attacker(s) used the US-based ip 92.242.62[.]210 to interact with the Magento admin panel and used the “Magento Connect” feature to download and install various files, including a backdoor called mysql.php. This file was automatically deleted after the malicious code was added to prototype.js,” de Groot told BleepingComputer in a conversation.

Threat actors downloading a webshell
Threat actors downloading a webshell

Using this access, the attackers installed JavaScript to load malicious credit card stealing code from mcdnn.net/122002/assets/js/widget.js when a visitor is on a checkout page.

Malicious MageCart JavaScript
Malicious MageCart JavaScript

When payment information is submitted, the script’s payment details are collected and sent to the https://imags.pw/502.jsp URL under the attacker’s control.

For compromised Magento version 1 sites, the malicious script was added to the prototype.js file. For Magento 2 sites, it was added to a jquery.js file hidden in the code.

Also Read: 7 Key Principles of Privacy by Design That Businesses Should Adopt

A Zero-Day Vulnerability Possibly Used in Attacks

It is not currently known how this attack is being conducted, but Sansec believes that Magento 1 sites may be hacked using a zero-day vulnerability sold on hacker forums.

On August 15th, a threat actor named z3r0day began selling exploits for a zero-day and two recently patched vulnerabilities in Magento 1 for $5,000. This sale was only being made to a total of ten people.

Magento vulnerabilities for sale
Magento vulnerabilities for sale

Sansec continues to investigate the attacks to determine how sites were hacked, but advises all Magento users to upgrade to Magento 2 for better protection.

To help mitigate attacks like these, Sansec has recently partnered with Adobe to provide vulnerability signatures to be included with the Magento Security Scan tool.

“Adobe has partnered with Sansec, a leading security company specializing in helping to prevent digital skimming. Through this partnership, Adobe will be adding about 9,000 malware and vulnerability signatures to the Magento Security Scan tool. Each of these signatures has undergone a multistage testing and validation process before being added to the scan tool. Every week Sanguine Security’s research team analyses 200 to 300 known eCommerce attacks. This information produces a valuable stream of possible attack vectors and indicators of compromise (IOCs). This data is continuously fed as threat signatures into our enhanced Security Scan tool, leading to approximately 300 new signatures added monthly.”

With the addition of Sansec’s signatures, Magento can mitigate certain HTML+JS attacks in real-time as attacks occur.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us