A critical security weakness has been identified in the Magento ecommerce platform, potentially exposing numerous online stores and their customers to cybersecurity risks. The flaw, assigned CVE-2024-20720, enables cybercriminals to establish persistent backdoors on Magento servers, thereby threatening the integrity of a multitude of ecommerce sites. This exploitation occurs through a sophisticated manipulation of Magento’s layout template system, allowing the insertion of malicious XML code into the layout_update database table. This code is subsequently executed whenever a customer navigates to the checkout cart, making use of Magento’s layout parser alongside the beberlei/assert package to run a specific command, ‘sed’, which installs a backdoor into the CMS controller.
Widespread Impact and Attack Strategies
The assault on Magento’s security not only grants hackers sustained access to the systems but also paves the way for the addition of further malicious payloads. For instance, a counterfeit Stripe payment skimmer has been detected that siphons off payment details from customers. This stolen data is then transmitted to a compromised Magento store, amplifying the attackers’ ability to acquire sensitive information. A collective of IP addresses linked to the culprits suggests a well-coordinated effort to exploit this vulnerability across an array of ecommerce sites.
The vulnerability revelation coincides with a marked increase in digital skimming activities, also referred to as Magecart attacks. These attacks, which have been escalating since 2015, specifically target online shopping platforms to hijack credit card information during checkout. To counteract this vulnerability, Sansec has recommended urgent actions for merchants using Magento. They advise running the eComscan scanner to detect any hidden backdoors and suggest updating Magento to the latest patched versions to secure their platforms against impending threats.
Experts Recommend Swift Action
Addressing the vulnerability, security experts urge Magento store owners to take immediate steps to secure their systems. The recommended course of action includes employing the eComscan scanner tool to locate concealed backdoors and upgrading to more secure versions of Magento. These versions include 2.4.6-p4, 2.4.5-p6, or 2.4.4-p7, all of which contain patches for this particular security gap. This incident underscores the continuous risk online merchants face and the necessity for stringent, updated security protocols to protect against these evolving cyber threats.
Comparative Insights from Related Reports
Exploring similar incidents, a report from Security Magazine titled “Rise in Ecommerce Platform Breaches” indicates a growing trend in security breaches among various ecommerce platforms, suggesting a broader issue beyond Magento. Another related article from Infosecurity Magazine, “New Payment Skimmers Target Ecommerce Sites,” delves into the details of how cybercriminals are developing new skimming techniques to exploit online payment systems, further confirming the need for amplified vigilance and robust security measures within the ecommerce sector.
Useful Information for the Reader
– Always update to the latest security-patched versions of ecommerce platforms.
– Employ dedicated scanning tools like eComscan to uncover hidden threats.
– Stay informed about the latest cyber threats and skimming techniques targeting online stores.
The discovery of such vulnerabilities highlights the constant battle between cybercriminals and the security defenses of online platforms. This incident serves as a critical warning to the ecommerce industry to stay alert and proactive in implementing security measures. As the tactics of attackers evolve, so must the strategies to defend against them, ensuring the safety of both the merchants’ interests and their customers’ private information. The ecommerce community must continue to prioritize security, not just as a response to threats, but as an integral part of their operational framework.
