E-Commerce Platform Magento Vulnerable to Attacks

• In May 2020, hackers were seen carrying out web skimming attacks on the Magento-based websites by exploiting a cross-site scripting vulnerability (CVE-2017-7391) in the MAGMI (Magento Mass Import) plugin.
• This could allow attackers to steal environment credentials, and then use them to take full control of the targeted websites.
• After gaining access, attackers would inject a malicious script that records and steals buyers' payment card data, and also inject web shells (as backdoors) for future access to the website.

Other attacks

• In November 2019, Adobe had disclosed that a vulnerability in the Magento Marketplace website had allowed an unauthorized third-party to access account information for registered users,  resulting in a security breach.
• In August 2019, it was revealed that Magecart attackers had compromise over 80 eCommerce sites that were running an outdated version of Magento such as v1.5, v1.7, or v1.9.
• In July 2019, the Magecart group was found using web skimmers to compromise the Magento-based websites. The skimmer code (written in JavaScript) was injected into the websites and tried to bypass detection by using fake Google Analytics domains.
• In July 2019, a malicious PHP script named “Magento Killer” was observed targeting Magento installations and allowing the attackers to alter the core of the database using special SQL queries encoded in base64.

Magento attacks getting traction

• From March 2019 to June 2019, the number of hacked sites kept doubling for three months in a row.
• The primary target of attackers was security flaw codenamed "PRODSECBUG-2198," a SQL injection flaw that could allow remote, unauthenticated attackers to take over unpatched, vulnerable sites.

Security tips