Magento-Based Websites Hacked to Steal Credit Card Data and Install Cryptocurrency-Mining Malware

Security researchers reported that at least 1,000 websites running on the Magento platform were targeted via brute-force attacks to steal credit card data and install cryptocurrency-mining malware. No vulnerabilities were exploited in the attacks.

Magento is an open-source, e-commerce content management system (CMS) platform written in hypertext processor (PHP) created for web development. The platform boasts a user base of over 250,000 merchants.

[READ: KimcilWare Ransomware Found Targeting Magento Websites]

How do the brute-force attacks work?

The Magento sites were brute-forced with common and known or default credentials. An experienced attacker can employ scripts to automate this (a.k.a. dictionary attacks). Once they gain access to the compromised website, the attackers will inject malicious code into its core file (snapshot of an application’s memory at a specific time) to access pages where payment/credit card data was processed. They would intercept and steal sensitive data that the web server accepts and processes.

The security researchers who uncovered the brute-force attacks said the compromised websites returned a file masquerading as an Adobe Flash Player updater. The file is actually a malicious JavaScript file that retrieves and installs the information-stealing AZORult malware (detected by Trend Micro as TROJ_TIGGRE.LL), which in turn downloads the Rarog cryptocurrency miner (COINMINER_MALXMR.TIBAGC).   

[READ: How an XSS vulnerability in WordPress Jetpack plug-in put over 1 million WordPress sites at risk]

What’s the impact?

Businesses that used Magento as their platform sold US$101 billion in digital commerce and served 51 million customers in 2016. These make the brute-force attacks credible threats to businesses that process and manage financial and personally identifiable information. The adverse effects on a company’s bottom line and reputation can be exacerbated with the impending implementation of the EU General Data Protection Regulation (GDPR), which can fine businesses as much as €20 million or 4 percent of its global revenue.

The researchers note that organizations in education and healthcare industries in the U.S. and Europe were the most affected. The attackers are also targeting other e-commerce platforms such as Powerfront and OpenCart.

[InfoSec Guide: The Most Prevalent Web Injection-based Attacks and How to Mitigate Them]

How does secure DevOps figure into this?

DevOps — both as a mindset and a tool — embodies security by design, safeguarding the layers of the infrastructure and environment where a web application runs. This doesn’t just entail enriching customer/user experience; it also involves how agile and scalable it can be developed and deployed.

Indeed, web applications are transforming how confidential or even mission-critical data changes hands between businesses and its customers. Magento’s progressive web applications (PWAs) are a case in point, which combines the capabilities of websites and native mobile applications.  Adding more features and adopting new technologies help applications deliver its product or service more seamlessly, but their security shouldn’t be sacrificed. The SANS Institute reported, for instance, that 15% of organizations experienced breaches related to their applications, while 24% tested their applications once a year or less.

Developers and system administrators thus must practice due diligence: A single vulnerability — or use of default and dated credentials — is often all an attacker needs. Apart from practicing security hygiene, developers and system administrators should also employ security mechanisms that can mitigate attacks, such as authentication frameworks that can deter excessive login attempts that are typical in brute-force attacks. Enforce the principle of least privilege and use encryption to reduce an application’s attack surface, and regularly test the application against flaws that may be exploited.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Veröffentlicht in Cybercrime & Digital Threats, DevOps