Cybersecurity experts have unearthed a critical flaw within Magento, a popular e-commerce platform, that was being exploited by malicious actors to pilfer sensitive payment data from online stores. However, the good news is that swift action has been taken to mitigate this risk, safeguarding countless businesses and their customers.
The vulnerability in question, officially designated as CVE-2024-20720 and tagged with a concerning CVSS score of 9.1, was identified as a case of “improper neutralization of special elements” by Adobe, the company behind Magento. This flaw had the potential to facilitate arbitrary code execution, essentially providing a gateway for cybercriminals to infiltrate and compromise e-commerce websites.
Thankfully, Adobe promptly addressed this issue by rolling out comprehensive security updates on February 13, 2024. This proactive measure played a pivotal role in thwarting the nefarious intentions of threat actors who sought to exploit unsuspecting online merchants.
Upon closer examination by cybersecurity firm Sansec, it was revealed that the attackers had devised a sophisticated method to inject a persistent backdoor into e-commerce websites. This involved ingeniously manipulating layout templates within the Magento database to automatically implant malicious code capable of executing arbitrary commands.
The intricacies of the attack were unveiled as the attackers combined the Magento layout parser with a default package known as beberlei/assert to execute system commands seamlessly. Notably, the injected code was intricately linked to the checkout cart, ensuring that the malicious commands were executed whenever the checkout page was accessed by users.
One of the most concerning aspects of this exploit was the utilization of the sed command to implant a code execution backdoor. This backdoor, once activated, facilitated the deployment of a Stripe payment skimmer—a malicious tool designed to clandestinely harvest and transmit sensitive financial information to compromised Magento stores under the control of the attackers.
However, this revelation arrives in the wake of positive developments in the realm of cybersecurity. Recent actions by the Russian government, culminating in the arrest of six individuals, shed light on a broader crackdown on cybercrime. These individuals stand accused of employing skimmer malware to orchestrate a sustained campaign aimed at stealing credit card and payment information from foreign e-commerce establishments since late 2017.
The suspects, namely Denis Priymachenko, Alexander Aseyev, Alexander Basov, Dmitry Kolpakov, Vladislav Patyuk, and Anton Tolmachev, are facing legal repercussions for their involvement in this illicit scheme. According to reports from Recorded Future News, the arrests occurred approximately a year ago, following extensive investigations and corroborating evidence presented in court documents.
The Prosecutor General’s Office of the Russian Federation outlined the gravity of the situation, emphasizing that the hacker group unlawfully acquired information pertaining to nearly 160 thousand payment cards belonging to foreign nationals. Subsequently, this stolen data was peddled through clandestine online channels, perpetuating financial fraud and endangering the integrity of global e-commerce ecosystems.
In light of these recent developments, it is evident that concerted efforts are being made to fortify the defenses of e-commerce platforms against cyber threats. The collaboration between cybersecurity experts, technology companies, and law enforcement agencies underscores a collective commitment to safeguarding online businesses and preserving consumer trust.
As businesses continue to navigate the digital landscape, it remains imperative to remain vigilant and proactive in addressing emerging cybersecurity challenges. By prioritizing robust security measures, regular software updates, and comprehensive risk assessments, e-commerce stakeholders can fortify their defenses and mitigate the impact of potential breaches.
Ultimately, the proactive response to the Magento vulnerability serves as a testament to the resilience of the cybersecurity community in combating evolving threats. Together, we can forge a safer and more secure digital environment for businesses and consumers alike.
Interesting Article : AI-as-a-Service Vulnerable to Privilege Escalation and Cross-Tenant Attacks
Pingback: Phishing Attack on Windows Users in Latin America