As e-commerce platforms worldwide are opting for stronger security measures, attackers are constantly developing new techniques to compromise these platforms and steal sensitive information provided by customers. A recent case of cyber crime targeted to steal paramount credit card data by compromising Magento’s payment security sheds light on the susceptible state of web security and a dire need of a stronger firewall system for systems promoting large scale financial transactions.
How was Magento’s Payment Security compromised?
The attackers exploited a vulnerability in a targeted Magento shop by injecting a malicious piece of code which allowed the attacker to collect personal and financial data entered by users on the compromised website. The targeted module – Realex Payments Magento extension (SF9) – allows Magento store owners to process mail and telephone orders by entering the payment details themselves. While the extension itself is not vulnerable, the attackers can abuse it by compromising the targeted Magento shop. In this case, a malicious function called sendCcNumber() added to an SF9 file named Remote.php sent sensitive financial data directly to the attacker’s mail. Moreover, the attacker used the online service binlist.net to get the Issuer Identification Numbers (IIN), which in turn is used to identify the institution that issued the card to the card holder.
The vulnerability was found in the following code snippet:
Hackers these days tend to attack the application layer of web applications, where developer faults are more probably. Take the Opencart Malware Injection for example. Attackers circumvent security measures at application end to run their malicious code. It often happens that even highly sophisticated tools fail in undermining this hidden malware because hackers intelligently access the HTTP/HTTPS cookies.
Rise in malware attacks
2016 witnessed a rise in malware attacks, wherein multiple hacked eCommerce websites appeared to be affected by a JavaScript code injected into the site, allowing the attackers to capture payment card information. Since March 2016, 100 online shops from around the world have been hacked, some of which also include well-known book publishers, fashion companies, and sporting equipment manufacturers. Another case of a Magento attack includes attackers using benign-looking image files of products sold on the compromised website to store payment card data, only to later retrieve from the source code after downloading the image.
Researchers have been monitoring a campaign dubbed “Magecart” by cloud-based security solutions provider RiskIQ to analyse the pattern of attacks.
- Technologies affected by credit card stealers are largely the ones hosted on multiple eCommerce platforms. Magento Commerce, Powerfront CMS, and OpenCart are examples of such affected e-Commerce sites.
- Multiple payment services providers like Braintree and VeriSign payment processing are targets on the affected sites.
- Attackers host formgrabber/credit card stealer content on remotely operated sites, served over HTTPS, while exfiltrating stolen data using HTTPS.
- Attackers refine their malicious content in an attempt to blend their malware into commonplace web technologies.
How to protect your website?
Such attacks are on a rise, and cyber-criminals use various tricks to elude detection of their malware. Online shop owners must resort to updating their software periodically. The malicious files used in such attacks can often be identified based on their “last modified” date, and the infection can be detected quickly.
Card fraud attempts cannot be entirely eliminated. However, Astra’s web application firewall ensures a comprehensive security solution via a layered security approach, thus protecting your e commerce website from any malware threats and secure vulnerabilities prone to exploitation by hackers.