Spike in Skimming Attacks on Magento Stores

Delaware, USA – June 13, 2019 – After publishing a proof-of-concept code for a critical vulnerability in the Magento content management system, the number of successful compromises of online stores increases significantly every month. Security update for the PRODSECBUG-2198 flaw was released at the end of March, and its exploitation began in less than a day. Despite all the warnings and detailed installation instructions, many online stores are still vulnerable to attacks. The situation is worsened by the fact that for this vulnerability on GitHub published PoC exploit from security researchers of Ambionics, who discovered the bug and reported it to Magento. They published it just two days after the release of the update. Cybersecurity expert Willem de Groot, who monitors the activities of all MageCart groups, reports that since the beginning of June adversaries compromised two times more sites than in whole May. 90% of the attacks are carried out by two MageCart groups; the more skillful group has automated the process and is now responsible for approximately 70% of all successful attacks on Magento shops.

To secure your web resources against these attacks, you need to update your Magento CMS to the latest version, and also make sure that your online store has not been compromised before. Attackers often install backdoors or create rogue admin accounts, as statistics show that 1/5 of compromised sites reinfects within 24 hours after the malicious code is removed. To monitor the security of your critical business applications that face public internet and detect web application misuse and breach attempts, you can use your SIEM and Web Application Security Framework rule pack available in Threat Detection Marketplace: https://my.socprime.com/en/integrations/web-application-security-framework-arcsight