Over the weekend, more than 2000 Magento stores were hacked. Security researchers describe this onslaught as the largest hacking campaign in the last five years.
These stores fell victim to a Magecart attack, with hacker groups exploiting Magento's shopping cart system, allowing them to gain access to these stores and sowing malicious scripts inside these stores' source codes. These scripts skim customers' payment information that they entered while checking out.
“On Friday, 10 stores got infected, then 1,058 on Saturday, 603 on Sunday and 233 today,” said Willem de Groot, founder of Sanguine Security (SanSec), a Dutch cyber-security firm specialized in tracking Magecart attacks.
Willem de Groot, founder of Sanguine Security (SanSec) tracked these attacks starting on Friday. To the horror of shop owners, the original 10 attacks from Friday increased tenfold by Saturday, before slowly dying down through Sunday and Monday.
De Groot added that these recent attacks trumped all previous campaigns, with the previous record of 962 compromised stores, not holding a candle to these new numbers.
Most hacked stores were running an EOL version
The SanSec founder stated that a recurring flaw in all the compromised stores was that they were running an immensely outdated version of Magento's software.
This version of Magneto had stopped receiving updates over four months ago, meaning it reached end-of-life (EOL).
Industry giants including Adobe, Mastercard and Visa, voiced warnings about incoming attacks on outdated stores over the spring.
In the months leading up to the attacks, several web security experts noted that new Magento 1.x (EOL versions) vulnerabilities were non-existent. This is very atypical, as the 1.x versions of Magento were crippled and plagued by security flaws.
Experts predicted that hackers were patiently waiting for 1.x's EOL to rear its head, to ensure Adobe' could not patch out their brutal attacks.
Recently, ads selling Magento 1.x vulnerabilities were unearthed from underground hacking forums, confirming experts' suspicions that attackers purposefully staggered their assault.
Image: SanSec
On a lighted note, Adobe's initial warnings did severely lessen the blow of this campaign, with the number of outdated stores being cut in half as of June 2020.
Nevertheless, a number of high-traffic sites are still running the EOL version of Magento, solely relying on firewalls to ward off attackers.
While this may be PCI compliant, this is extremely risky and store owners are urged to update their stores immediately.
