Magento E-commerce Attacks More Than Double In November

By   ISBuzz Team
Writer , Information Security Buzz | Nov 18, 2022 04:25 am PST

E-commerce malware detection firm Sansec is tracking a surge in cyberattacks targeting Magento stores. 

At least seven Magecart groups are injecting TrojanOrders at approximately 38% of Magento and Adobe Commerce websites in November. The trend in recent weeks paints a grim picture for ecommerce DevOps teams worldwide for the coming weeks. There is a big increase of active scanning for the file that contains the backdoor (health_check.php). This is a sign of attacker groups are trying to take over infected sites from other groups.

November is on track to see more Magento 2 template attack probes than the previous ten months combined. There is a big uptick in attacks using the mail template vulnerability in Magento 2 from February 2022 (CVE-2022-24086). Sansec estimates that at least a third of all Magento and Adobe Commerce stores have not been patched so far.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Timothy Morris
Timothy Morris , Technology Strategist
November 18, 2022 12:26 pm

Magecart attacks have been around for years, yet many retailers still haven’t learned lessons from the high-profile Target and Ticket Master incidents by starting to patch frequently. App scanning of client/browser and server-side code of e-commerce is important. It needs to be setup in an automated fashion so that any changes or updates to static code alert application owners. Many business owners are simply using a service and do not have the technical expertise or resources to do that work. 

From a consumer side it is always prudent to use cards that have fraud protection, use virtual cards where possible for web e-commerce, monitor purchases regularly (most financial institutions allow account activity to be sent via text).

Last edited 1 year ago by timothy.morris

Recent Posts

Would love your thoughts, please comment.x