Researchers at Flashpoint, a business risk intelligence firm, posted a warning on their site about compromised Magento websites being vulnerable to malware.
The firm states Flashpoint researchers are aware of at least 1,000 Magento Admin panels who are compromised from brute-force password attacks to the eCommerce platform to scrape credit card numbers and install malware that mines cryptocurrency.
More troubling, Flashpoint analysts believe the credentials found on the dark web are likely only a set of a larger sample of compromised Magento installations.
Most eCommerce merchants understand the need to protect credit card data and some may use third-party processors that manage the entire transaction on a separate secured platform. But that practice may be at risk as well!
“Once the attacker has control of the site’s Magento CMS admin panel, they have unfettered access to the site and the ability to add any script they choose. In this case, the attackers were injecting malicious code in the Magento core file, allowing them access to pages where payment data is processed. POST requests to the server containing sensitive data are then intercepted and redirected to the attacker.”
Flashpoint Report – Compromised Magento Sites Delivering Malware
New Security Threat – Cryptocurrency Mining!
Malware that mines cryptocurrency is becoming an increasingly wider threat to website operators and one that cannot be taken lightly.
A site infested with cryptocurrency mining malware can have a devastating impact on a business in a very short time:
- Excessive use of server resources may slow or crash a site.
- Excessive use of server resources may result in additional costs imposed by hosting companies for the use of extra resources.
- Google and other search engines that identify the malware in its search may downgrade or not show the site in search results.
- Loss of trust by consumers when browsers and antivirus software may detect the malware and display warnings to users.
Once a vulnerable site is found through the brute-force attacks, the access credentials to the site can be traded or sold on the dark web providing criminals full administrative access to the site.
Mitigating the exposure to brute-force attacks requires best practices in password management. Flashpoint highly recommends the following methods:
- Enforce organizational password complexity requirements.
- Restrict users from recycling previously used passwords.
- Enable two-factor authentication for sensitive systems, applications, databases, and remote access solutions.
- Supply users with secure password managers to assist with password requirements.
Additionally, you may want to change the URL of the Magento Admin Panel. The steps required to do so differ between Magento versions and store owners should consult their hosting provider for more information.
While Flashpoint’s report highlights the issue among Magento installations because they found a large number of Magento credentials on the dark web, other eCommerce platforms may be at risk as well.
Brute-force attacks are a common method by hackers to try to exploit known vulnerabilities. And all store operators that run open source eCommerce platforms need to stay up to date with the latest security patches and practices.
Have you ever been hacked on your site? Head over to our Facebook Discussion Group or use the comments section below to voice your thoughts.