Magento 1 End-of-Life Offers Opportunities for Hackers
A popular Content Management System (CMS) software version is soon set to be retired, potentially exposing hundreds of thousands of companies to the risk of digital skimming attacks.
However, with end of support set to land in June 2020, there will be new opportunities for attackers to compromise these websites to access sensitive customer data.
All eyes will be on the groups using the infamous Magecart skimming code to harvest card details as they are entered into e-commerce website payment pages.
“It’s no secret that a CMS without support will develop vulnerabilities. Eventually, these lead to a compromised website — which cripples any e-commerce business,” explained Sucuri’s Art Martori.
“When you consider the popularity of the Magento e-commerce platform, it’s easy to see how their announcement of the Magento 1 end of life could leave a significant portion of e-commerce retailers scrambling for new solutions.”
They have already compromised an estimated hundreds of thousands of sites and millions of users, possibly many more.
Hackers have even sought to exploit misconfigured Amazon Web Services (AWS) S3 buckets to implant the code onto more sites.
Sucuri recommended web application firewalls (WAFs) as a useful way to protect end-of-life platforms like Magento 1 while potentially easing the pain of migration.
Source: Information Security Magazine