Thousands of unpatched Magento shops hacked in the last two years

According to the BSI more than 6,000 online stores running eBay’s Magento platform have been hacked across the last two years.

According to the Germany’s Federal Office for Information Security, more than 6,000 online stores running eBay’s Magento platform have been hacked across the last two years. Crooks targeted the e-commerce platform in order to steal credit card data, they used to inject carding malware on unpatched Magento e-shops.

The Germany’s Federal Office for Information Security confirmed that roughly 1,000 online stores are in Germany, it did not provide info regarding the overall number of stolen data.

“The Federal Office for Information Security (BSI) has received information according to which currently at least 1,000 German online -Shops of online skimming affected. Here use Cyber -Kriminelle vulnerabilities in outdated versions of Shop software to inject malicious code. This then peaks the customer’s payment information during the ordering process and sends it to the perpetrators. Affected are online -Shops that on the widely used software based Magento.” reads the translation of the advisory issued by BSI. “The infected code and the associated data flow is usually not visible to users. The BSI is currently not aware of the extent of the payment data already passed through these attacks.”

The Federal Office reported the attacks to the victim, but many of them failed in fixing the issue. The security expert Willem de Groot first reported carding attacks against unpatched Magento shops in October. The Dutch expert analyzed a cyber attack against the website belonging to the National Republican Senatorial Committee allowed people to make donations. According to de Groot, who analyzed the traffic on the platform, hackers roughly accessed data related to 3,500 transactions per month between March 16 and October 5, 2016.

Card data was sent back to Russian IP addresses, the expert suspected that some 21,000 credit cards were stolen at the time.

de Groot believes that the attacks against Magento shops at the time that had compromised some 6,000 sites spanning 18 months.The experts also published a free vulnerability scanning service that could be used by operators of Magento shops to check their websites.

It is not clear if there are the same threat actors behind the attacks against the unpatched Magento shops

The German Federal office now tried again to warn operators of Magento shops that were compromised by hackers. Unfortunately, once again operators failed to complain necessary security measure to protect the e-commerce platform.

“Unfortunately, there are still indicators that many operators have been negligent in securing their online stores,” said the BSI president Arne Schönbohm.

“A variety of shops are running outdated software versions which contain several known vulnerabilities. Operators must fulfill their customer responsibilities and ensure their services are fixed quickly and consistently.”

“The BSI has at this point out that the obligation to secure systems not only for companies but also for all other businesslike operators of websites apply. This includes, for example, websites from private individuals or associations, if their operation is to generate revenues permanently. This is already assumed when banners placed on websites are placed in the form of banners.” states the BSI. “Customers and operators of online -Shops based on Magento can use the free service MageReportcheck whether your shop system has known vulnerabilities and is affected by the current attacks.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Magento Shops, hacking)