E-commerce malware detection firm Sansec is tracking a surge in cyberattacks targeting Magento stores.
At least seven Magecart groups are injecting TrojanOrders at approximately 38% of Magento and Adobe Commerce websites in November. The trend in recent weeks paints a grim picture for ecommerce DevOps teams worldwide for the coming weeks. There is a big increase of active scanning for the file that contains the backdoor (health_check.php). This is a sign of attacker groups are trying to take over infected sites from other groups.
November is on track to see more Magento 2 template attack probes than the previous ten months combined. There is a big uptick in attacks using the mail template vulnerability in Magento 2 from February 2022 (CVE-2022-24086). Sansec estimates that at least a third of all Magento and Adobe Commerce stores have not been patched so far.
Magecart attacks have been around for years, yet many retailers still haven’t learned lessons from the high-profile Target and Ticket Master incidents by starting to patch frequently. App scanning of client/browser and server-side code of e-commerce is important. It needs to be setup in an automated fashion so that any changes or updates to static code alert application owners. Many business owners are simply using a service and do not have the technical expertise or resources to do that work.
From a consumer side it is always prudent to use cards that have fraud protection, use virtual cards where possible for web e-commerce, monitor purchases regularly (most financial institutions allow account activity to be sent via text).