Magento is one of the most popular platforms that businesses use to build and manage their websites. That makes them an enticing target for hackers. Magneto stores experience malicious attacks in the wild which can harm critical remote code-execution vulnerability. So, security is a serious concern.

Since Magento powers a significant portion of online eCommerce, it is no surprise that hackers and skimmers often target it. Cybercriminals attack websites built on the unpatched eCommerce platform to access confidential data. The scripts steal customers’ payment card details, and other sensitive information entered on the page.

There is a vulnerability (CVE-2019-8144) that holds a severity ranking of 10 out 10 on the CVSS v.3 scales, which can enable an unauthenticated user to insert a malicious payload into a merchant’s site via Page Builder template methods and then execute it. The Page Builder lets websites design content updates preview them live and schedule them to be published, and the bug exists explicitly in the preview function.

This flaw affected Magento 2.3 and patched in Magento Commerce 2.3.3 and with the security-only patch 2.3.3-p2 released in October. The company has already stated that patching will have the side effect of “blocking administrators from viewing previews for products, blocks and dynamic blocks but they have assured that it will re-enable the preview functionality as soon as possible.

Piotr Kaminski of the Magento security team wrote in a posting on Monday “We recommend that all merchants, even those who have already upgraded to 2.3.3 or applied security-only patch 2.3.2-p2, review the security of their Magento site to confirm that it was not potentially compromised before the upgrade,” Further he added “Applying this hotfix or upgrading…will help defend your store against potential attacks going forward, but will not address the effects of an earlier attack. The same update patches several other critical emote-execution flaws with a CVSS v.3 scores of 9 and above, as well as cross-site scripting (CSS) issues.”

According to RiskIQ, there are 573 known command-and-control (C2) domains for the group and nearly 10000 hosts actively loading those domains. RiskIQ has detected almost 2 million instances of Magcart’s javaScript binaries with more than 18,000 eCommerce hosts directly breached.

Some of the crucial measures to secure your Magento store from Magecart attacks:

• Audit Magento Third-Party Extensions and Plugins
• Database Logging in Magento Enterprise
• Web Log Analysis and Monitoring
• Perform Regular Penetration Tests
• Implement Code Integrity Checks
• Regular Updates and Patching
• Implement a Web Application Firewall
• Set Strict File Permissions
• Use Two-Factor Authentication

Conclusion

Magento is a fantastic platform for creating a thriving website. It has a 24*7 support team that works consistently on maintenance and security updates. We recommend Magento store owners stay current on the best security practices. As the old saying goes, “it’s better to be safe than sorry”. Talk with a trusted Magento upgrade service provider to upgrade your Magento store before it’s too late.