informa
1 MIN READ
Quick Hits

E-Commerce Sites Hit With New Attack on Magento

The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life.

Thousands of e-commerce sites running software past end-of-life were hit by an automated attack that began on Friday, peaking on Saturday. According to researchers at Sansec, more than 2,000 websites running Magento Version 1 software were subject to a classic Magecart attack that injected malicious code to steal payment details during transactions.

Related Content:

Magecart Plants Card Skimmers via Old Magento Plug-in Flaw

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: Think You're Spending Enough on Security?

According to the attack analysis, most of the victims previously had not been successfully attacked. This suggested to the analysts that a novel infection mechanism was used, one possibly related to a zero-day attack recently offered for sale on Dark Web markets.

Sansec's report says that its scans indicate more than 95,000 e-commerce stores are still running Magento Version 1, a version that reached end-of-life in June.

For more, read here.

Editors' Choice
Ericka Chickowski, Contributing Writer, Dark Reading
Nate Nelson, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading