Security web scans and analysis on over 4,500 Australian and New Zealand Magento websites, the most popular e-commerce platform globally, reveal over 78% are at high risk from cyber criminals, according to leading global cybersecurity experts.
The latest survey carried out by Foregenix identifies the most significant vulnerability for Australian and New Zealand SMEs’ are hackers looking to exploit the absence of critical security patches.
Global cybersecurity experts Foregenix, which operates out of Sydney, found almost 90% of websites using Magento 1 were at risk, however, the figuresfell sharply to around 35% for Magento 2 websites.
The global analysis – which examined over 170,000 Magento websites in total – also reveals that 1.5% of these sites (2,548) are infected with malware. Out of these infected sites, 1,591 were compromised by credit / debit card stealing malware which is actively harvesting their customers’ sensitive data for subsequent sale and / or fraud.
A further 2.3% of all websites are vulnerable to Magento Shoplift, a vulnerability which was disclosed and patches made available in January 2015. This allows hackers to completely administer the website remotely, steal sensitive data and even order items for free through a single exploit command, which is publicly available.
The cybersecurity company, which is renowned globally for its work on payment security, has an active threat intelligence team researching and analysing attack trends, with a strong focus on the e-commerce sector.
Unveiling the research for the first time at Payment Card Industry Security Standards Council in London, Foregenix’s CEO Andrew Henwood said: ‘While the figures for the Oceania region are of great concern, they are roughly in line with our findings for many other regions such as Europe and North America.
‘The issues highlighted are a truly global problem, which threatens to undermine confidence in e-commerce, especially in markets leading the way in online sales such as Australia and New Zealand. Repercussions as a result of compromises are heavy penalties by card providers and these put many smaller traders at risk.
‘Magento and other e-commerce platforms release regular software updates in response to vulnerabilities. These security patches, if not used, can leave websites highly vulnerable to hacking and loss of sensitive data.
‘Online businesses often assume web developers, agencies and hosting providers take care of security. Design agencies are great at producing beautiful, transactional websites that selltheir wares, but their expertise on security issues generally isn’t as well developed. Agencies and their clients need to be aware of e-commerce security issues, as even a single breach can be devastating for a small business.
‘Simple precautions can make a real difference to reducing a company’s risk from criminals such as regularly patching, changing default settings on the administration interface and using stronger passwords with multi-factor authentication. Risk can never be entirely eliminated, so companies should also consider investing in a partnership with a cybersecurity specialist organisation and cyber insurance policy.‘
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.