E-Commerce Sites Hit With New Attack on MagentoE-Commerce Sites Hit With New Attack on Magento
The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life.
September 15, 2020
Thousands of e-commerce sites running software past end-of-life were hit by an automated attack that began on Friday, peaking on Saturday. According to researchers at Sansec, more than 2,000 websites running Magento Version 1 software were subject to a classic Magecart attack that injected malicious code to steal payment details during transactions.
According to the attack analysis, most of the victims previously had not been successfully attacked. This suggested to the analysts that a novel infection mechanism was used, one possibly related to a zero-day attack recently offered for sale on Dark Web markets.
Sansec's report says that its scans indicate more than 95,000 e-commerce stores are still running Magento Version 1, a version that reached end-of-life in June.
For more, read here.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Get the Gartner Report: SOC Model Guide
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report