Introduction:
With 91% of consumers across the Middle-East and Africa embracing digital shopping platforms, the eCommerce digital-first business has grown leaps and bounds since the pandemic. With any business evolution and opportunity comes risk…
The notorious payment-skimming group, Magecart, has unveiled a new method that poses a significant threat to e-commerce platforms. By exploiting a critical vulnerability in Magento, an Adobe e-commerce platform, Magecart's latest scheme involves creating persistent backdoors for stealing card data more efficiently.
Problem Statement:
The cybercrime organisation Magecart has refined its strategies for data theft, focusing on e-commerce sites. The group is now leveraging a severe command injection flaw in Magento (CVE-2024-20720) to execute arbitrary code without user interaction, escalating the risk for online merchants and shoppers alike.
Current Landscape:
Sansec researchers have pinpointed this innovative attack mechanism that hinges on injecting a meticulously crafted layout template into Magento's layout_update database table. This attack vector is notable for its automation capabilities, allowing malware to be pushed without manual intervention.
Key Risk:
The crux of this threat lies in the automatic malware injection facilitated by the exploited vulnerability. The attackers manipulate Magento's layout parser alongside the beberlei/assert package (installed by default) to stealthily run system commands. Given that this attack triggers upon accessing the checkout cart, it represents a direct risk to consumer payment information.
Impact on Industry:
The adoption of this technique by Magecart to inject a Stripe payment skimmer underscores a growing trend of increasingly sophisticated attacks on e-commerce platforms. Noting Stripe maintains nearly 70% of the market share in the United States alone, with a significant and growing presence across MEA. This development endangers sensitive customer payments information and left unchecked, has the potential to undermine trust in online shopping ecosystems.
Mitigation Strategies:
Patch. Patch. Patch. Adobe has released patches for Adobe Commerce and Magento versions, urging e-commerce businesses to update their systems to versions 2.4.6-p4, 2.4.5-p6, or 2.4.4-p7. A Sansec version matrix gives a great view of the risk profile for your Adobe Commerce version – external link. E-commerce operators must prioritise these updates and adopt rigorous security measures, including regular vulnerability scanning and secure coding practices.
Conclusion:
Magecart's pivot to leveraging persistent backdoors represents a significant evolution in cybercrime tactics against e-commerce platforms. This development calls for heightened vigilance and proactive security measures from online merchants to protect their platforms and customer data.
Call to Action:
For e-commerce business owners and cybersecurity professionals, staying informed and vigilant against such vulnerabilities is paramount. Your tech and security teams should be engaging with cybersecurity communities for the latest threat intelligence, ensuring your systems are up-to-date, and as business owners you should consider independent security assessments of your e-commerce platforms as a business-as-usual control. It costs a lot less to build security in up front then to recover your brand and operations from an incident. Trust is the lifeblood of commerce.
Together, we can collectively work to secure our digital future today.
About QalatCyber Ltd
Based in the Dubai International Financial Centre Innovation Hub, QalatCyber Ltd specialises in expert cybersecurity consulting services tailored for the Middle East & Africa region's businesses. We aim to be the trusted partner organisations turn to strengthen their cyber defences amidst global digital transformation challenges.
Our services include Merger & Acquisition evaluation, Virtual CISO services, Cyber Training and Awareness programs, Executive Coaching, Cyber Assessments and Assurance, Governance and Policy development, Audit Readiness, Supplier Assessment, Project and Capability delivery support, and Higher Education Student Support.
Leveraging extensive industry experience and a dedication to excellence, QalatCyber is at the forefront of addressing the complex cybersecurity needs of today's digital landscape.
Let us help you secure your digital future today.
Contact info@qalatcyber.com with any questions about how we can help your organisation achieve its digital aspirations quickly and safely.
Comentários