Home » Cyber Security News » Over 3000 Magneto shops have been hacked via insecure extensions in the last 3 months

Over 3000 Magneto shops have been hacked via insecure extensions in the last 3 months

  • Attackers use an extension bug to download other extensions and later search for zero-day security issues.
  • Failing to keep the extensions up-to-date is one of the main cause for the rise in such attacks.

In the latest research, it has been found that Magneto shops can be targeted by leveraging vulnerable third-party extensions or modules. The attackers can abuse these weak third-party extensions to perform a global scan and find vulnerable victims.

Attack process

According to security researcher and Magneto forensic investigator William de Groot, attackers use an extension bug to download other extensions and later search for zero-day security issues such as POI (PHP Object Injection), SQL injection and Cross-Site Scripting flaws.

“The method is straightforward: attacker uses an extension bug to hack into a Magento store. Once in, they download all of the other installed extensions. The attacker then searches the downloaded code for 0day security issues, such as POI, SQLi and XSS flaws. Once found, the attacker launches a global scan to find vulnerable victims. Rinse and repeat,” said Groot in a blog post.

The researcher, who has been monitoring and documenting card-skimming activities on Magneto shops, estimates that over 3000 stores have been due to insecure extensions in the last 3 months.

Failing to keep the extensions up-to-date is one of the main cause for the rise in such attacks.

“Many extension releases are backward incompatible, which requires costly developer hours. There is no standardized way to get notified of critical releases. And most important: merchants value stability above all, which does not fit well with a continuous upgrade policy,” he noted.

Solution

William De Groot has compiled a list of vulnerable Magento extensions. Online merchants can scan their sites against the repository using Magerun module or a single-line command. Both the processes require access to the server. As a result of the scan, the merchants can figure out:

  • The name of the vulnerable modules
  • The latest version of extensions
  • Part of the URL that attackers use to exploit each module
  • Name of the URLs which are under attack
  • The URL with upgrade instructions.

Groot claims that most of the vulnerable extensions are discovered on Magento 1 installations.

Firewall,Hardware Firewall,Software Firewall,Firewall India, Firewall,Network Firewall,Firewall Support,Firewall Monitoring,Firewall VPN, WAF Website Firewall,Firewall Security, Firewall India,Firewalls Provider in India

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket