Online retailers, particularly those still using the Magento 1 e-commerce platform, need to take action fast to update their security posture, according to Sonassi, which hosts Magento.
Magento 1 officially reached its end-of-life at the end of June and is therefore no longer supported by security patches.
Last week it was revealed that around 2000 e-commerce stores running the Magento 1 software were targeted by Magecart attacks over the previous weekend in the largest recorded campaign of its kind. It is estimated that tens of thousands of customers unwittingly had their payment details stolen as a result of the attacks.
Sansec’s Threat Research Team, which revealed the attacks, suggested that attackers may have found a new way to compromise their servers — potentially exploiting a zero-day in Magento 1 that was advertised online. It warned that if this is the case, 95,000 stores could also be exposed to the exploit, as they are running Magento 1.
James Allen-Lewis, development director at Sonassi, commented: “Unfortunately, this incident should not come as a surprise. As far back as last year, warnings had been issued about the likelihood of attacks on Magento 1 stores, and as the deadline to end-of-life grew closer, these warnings have gotten louder. While cyber-threats do exist on Magento 2, those remaining on Magento 1 are no longer supported with security patches, and therefore a prime target for hackers.”
Allen-Lewis added that due to the accelerated shift to e-commerce during the COVID-19 pandemic, it is more important than ever that retailers secure their digital shopping sites. The prospect of a second wave of the virus and localized lockdowns are likely to boost demand on this channel even further.
Allen-Lewis said: “It’s critical retailers deploy basic cybersecurity best practices. Simple things such as regular updates to your passwords and multi-factor authentication are often overlooked. Additionally, retailers should be locking down the administrator interface by IP address. This simple change makes it much harder for hackers to get near this critical part of the store.
“Many attacks involve files being added or changed on a website. It is vital you monitor your log for any suspicious file activity. Furthermore, run regular audits on admin accounts and keep admin access to a minimum. You should always know who has access to your website.
“Finally, ensure you scan your website regularly for indicators of compromise. This will give you a much stronger insight into the security posture of your business.”