The Magento e-commerce platform could soon face a number of attacks.
After hackers publicly released code that exploits a critical vulnerability in its systems which could be used to plant payment card skimmers on sites that have not yet been updated.
A hacker that can crack the passwords or can obtain users name can exploit the flaw to take the administrative control of administrator accounts. After gaining access, they can install backdoors or any skimming code they choose.
1. How are consumers protecting themselves against online fraud?
2. Phishing scams account for half of all fraud attacks.
3. Pointing to the future: the next step in fraud prevention.
This method was tested by a researcher at the security firm Sucuri.
Cybercriminals have spent the last six months trying to infect e-commerce sites with card skimming malware to steal users’ payment details. They employed known exploits as well as zero-day vulnerabilities to accomplish this and such a vulnerability in Magento’s e-commerce platform will likely be exploited due to the fact that over 300,000 businesses and merchants use its services.
Lead malware intelligence analyst at Malwarebytes, Jerome Segura explained the severity of the situation to ars technical, saying: “There is no doubt threat actors are either actively reversing the patch or waiting for a proof of concept to exploit this flaw at scale. When it comes to hacked Magento websites, Web skimmers are the most common infection type we see because of their high return on investment. As a result, we can expect another wave of compromises in light of this newly found critical vulnerability.”