New Magento Bug Opens Sites To Card Skimming Attacks

A critical SQL flaw that requires no authentication and may be exploited on card skimmers is identified on Magneto eCommerce.

This may lead to one of the most disastrous web hacking campaigns. Magento is mostly used on trusted e-commerce websites and thus opens a door to a great wealth of sensitive PII including valid credit cards details. The most dangerous flaw is SQL injection that can be exploited without any pre-conditions, being sufficient to steal the entire database and likely take control over the vulnerable website and web server. Sophisticated malware infections may plague gutted websites once all valuable data is stolen.

Recently discovered, mass exploitation in the wild is probably a tip of the iceberg, as professional Black Hat groups could have already started the exploitation a couple of days ago or even earlier. Frequently, skilled attackers may even patch the vulnerability to preclude “competitors” from breaching the same target.

All Magento website owners should urgently update their systems and check the web server and all other available logs for IoC (indicator of compromise). In case of a merest suspicion, detailed forensics should be conducted to determine whether the system was breached. These days, cybercriminals know how to cover their tracks, however, they may unwittingly suppress too much evidence and thereby expose their presence.