If you are running an online store e-commerce business, then this post is for you. This is a lesson for us - Why it is so important to perform regular updates on our e-commerce sites!
Recently, according to Sansec (a Dutch cyber-security firm specialized in preventing digital skimming (Magecart) attacks), a huge magecart attack has taken place where hackers breached sites and implanted malicious scripts inside the source code of (Magento 1.X version). This notorious code logged card credentials and details of various shoppers.
More than 2000 store data have been hacked or compromised. This is the biggest attack of its kind in the last 5 years (since 2015).
Willem de Groot, the founder of Sanguine Security (SanSec), stated — "On Friday, 10 stores got infected, then 1,058 on Saturday, 603 on Sunday and 233 today. He further added, "The previous record was 962 hacked stores in a single day in July last year. This automated campaign is by far the largest one that Sansec has identified since it started monitoring in 2015."
Adobe, which owns Magento, did highlight the vulnerabilities a few months ago requesting all its users updating their current version to 2.X version.
The hackers were waiting for the EOL (End of Life) of Magento's old version. So that they can find some loopholes and exploit the system.
Nevertheless, there is a glimpse of good news — right after Adobe started insisting Magento owners to migrate their site to the updated branch (2.X). The number of old-version users reduced from 240K to 110K in June 2020, and at present, it stands at 95000.
Though the transition speed is slightly low, it’s presumed that some users have abandoned the platform and may have relatively less traffic.
When death is in the air; gripping us by the throat. One thing, along with various health and hygiene precautions, which we can do is — "keep our online stores updated and safeguarded". It's because data is the life of your online business.
ISOEH always brings the latest updates regarding cyber security to you. Subscribe to our newsletter to keep you updated regarding all hustle and bustle going on in cyber security.
We are devoted to empowering you in the world of cyber security.