San Diego: The hackers are exploiting the most critical vulnerability which was found recently on more than 100,000 ecommerce sites. This would put the personal information of several people at the risk of theft. The remote-code execution hole lies in the community and enterprise editions of Magento which is the most popular CMS for building ecommerce sites. Recently the engineers from eBay released a patch for this vulnerability in February, but more than 98000 online merchants have not applied the patch yet.
According to a Netherlands-based research company, those who have not applied the patch are facing the consequences now as the attackers from China and Russia are launching the exploits that would allow them to have a complete control over the vulnerable sites. This vulnerability actually comprises several vulnerabilities that allow an unauthenticated user to execute PHP code on the web server.
Recently Netanel Rubin, a well-known vulnerability researcher wrote on his blog that if the attackers exploit this vulnerability, they will be able to bypass all the security system and gain access to the store while allowing credit card thefts or any other admin access into the system.
Hackers are creating new admin accounts
- Few famous web security firms observed that the attackers are exploiting the bug to create new admin accounts within Magento databases of the vulnerable ecommerce sites. They also found that the exploits go dormant and later the hackers can access the database to steal any personal information of the customers.
- It’s leveraging SQL injection and inserting a new admin to the database. If you feel that your website has been compromised, just check for the usernames; defaultmanager or vpwq are the usernames being used by the group so far.
- Recently the hackers had started to attack with 1,000 attempts against the sites that are protected by Incapsula (cloud-based security app). Just few months back, a security service provider had released few technical details about the vulnerability. It reported the vulnerability to the eBay engineers in January and the researchers have been commending the sites using Magento to install the patch ever since it is released.
Attacks are spreading wide
- Most of the attacks are coming from the IP addresses 220.127.116.11 and 18.104.22.168, both of which are based in Russia. The administrators who fell that their website has been compromised can check their log for the addresses. But according to Incapsula, the attacks are also coming from few addresses which are located in China. It wouldn’t be a surprise if the attacks spread wider in the coming days.
- Using this vulnerability, the attacker could dump the contents of databases and obtain customers’ credit card data, phone number, email id, home addresses and other details. Even if the websites have encrypted the database properly, hackers could still add hard-to-find scripts while it’s being processed in an unencrypted format, to steal sensitive customer data.
Web app firewalls from Incapsula, Sucuri or any other leading security firms are trying to block the exploits. But still, the sites which are running on Magento are advised to apply the patch as soon as possible.
Fortune Innovations San Diego is a leading ecommerce development company that provide customized solutions for the clients. We develop websites that offer the best user experience as we are mainly concerned about patron contentment. Kindly let us know about your requirements; we analyze the requirements thoroughly and come up with an ideal solution.