Posted on April 5, 2018 at 1:54 PM
New Hack-wave Hits Over 1,000 Magento Stores in Search of Card Data
Yet another attack by cybercriminals was detected by security researchers, and this time – the target was over 1,000 Magento sites.
Another cyber-attack was recently detected by researchers, and they suspect that the culprits were after payment card details on Magento websites. So far, over 1,000 sites were discovered to be hacked, and researchers warn that malware infection is just as likely as an attempt of data theft.
Researchers from Flashpoint claim that the websites were accessed through attacks of sheer brute force, in combination with default Magento credentials. Researchers have also added that the main issue that allows hackers to break into websites via this method is the failure of admins to change default login credentials.
The misuse of hacked websites
After the breach is made, researchers claim that most hackers are only interested in three different activities.
The first, which is most common, is the attempt to insert malicious code into the site’s core files. That way, hackers would be able to log information from any payment card that is used during the checkout process. This is a type of malware that is called “card scraper”, and it is most commonly found in online stores that don’t update their websites on regular basis.
Another type of activities that were registered includes the deployment of different cryptojacking scripts. These scripts are used for Monero mining, and they infect devices of the site’s visitors. This is something that can happen on pretty much any website, and Magento stores are no exception.
Finally, another fairly common practice is to try and trick the site’s visitors to leave the site and enter an infected website. Hackers do this in an attempt to trick the visitors into downloading fake software, which is actually full of malware. The trick that the researchers have classified as the most prevalent tactic is a false offer to download an update for Adobe Flash Player.
Researchers recommend caution
Despite the fact that over 1,000 infected Magento websites have already been discovered, experts believe that they have only scratched the surface in their attempt to map out all of the troubled websites.
After thorough research, experts believe that not only Magento websites have been targeted for an attack. Instead, their info says that many other e-commerce platforms might be under attack, or already infected by hackers’ tools and malware.
As for the method of protection, experts suggest that the website owners shouldn’t take this threat lightly. The easiest way for hackers to break into someone’s website is for the owner to leave the default login information unchanged. Researchers say that the owners should do their best to make unique passwords and usernames, and make sure that they don’t include something that can be guessed after a couple of attempts.
Of course, a password for the admin account should always be a top priority, and right after that, the security updates for the website that the admins should regularly apply. This is, actually, something that owners of all websites should keep in mind.