Magento Vulnerability Exploited by Hackers to Payment Information from Online Store

TLDR Threats actors are exploiting a critical flaw in magento to inject a persistent backdoor into e-commerce websites. The flaw was addressed by the company in a security update. Russian hackers have been charged for using skimmer malware to steal payment information.

Magecart attackers have recently emerged with a pioneering technique to inject persistent backdoors into e-commerce websites, taking advantage of a critical vulnerability in Adobe Magento. By combining the Magento layout parser with a package known as beberlei/assert, these attackers are able to execute system commands and inject malware into compromised sites. This new method allows the attackers to exploit the flaw and gain access to sensitive payment data. To protect against this growing threat, e-tailers are strongly advised to upgrade their Magento versions to the latest release, which includes a patch to address this vulnerability. It is crucial for businesses to take immediate action to safeguard their customers’ payment information. In a related development, Russian hackers have also been charged for their involvement in stealing payment data by using skimmer malware, which further underscores the importance of implementing robust security measures to fend off these cybercriminals.

The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of “improper neutralization of special elements” that could pave the way for arbitrary code execution. The executed code is a “cleverly crafted layout template” in the layout update database table, which contains XML shell code that automatically injects malware into compromised sites via the controller for the Magento content management system (CMS).

Attackers combine the Magento layout parser with the beberlei/assert package (installed by default) to execute system commands,” Sansec said in an alert. “Because the layout block is tied to the checkout cart, this command is executed whenever <store>/checkout/cart is requested.

Mitigation

Mitigating the threat posed by attackers combining the Magento layout parser with the beberlei/assert package to execute system commands requires a multi-layered approach aimed at preventing exploitation and protecting the Magento-based e-commerce platform. Here are some mitigation strategies:

  1. Apply Security Patches: Ensure that the Magento installation is up to date with the latest security patches provided by Magento. These patches often include fixes for known vulnerabilities and can help mitigate the risk of exploitation.
  2. Monitor and Analyze Logs: Regularly monitor access logs, system logs, and web server logs for any suspicious activity or unauthorized access attempts. Analyze these logs to identify any anomalies or signs of potential exploitation.
  3. Implement Least Privilege Principle: Limit the privileges of Magento’s execution environment and users to reduce the impact of successful exploitation. Ensure that Magento and associated services are running with minimal necessary permissions.
  4. Disable Unnecessary Features and Extensions: Disable or remove any unnecessary Magento features, extensions, or modules that are not being actively used. This reduces the attack surface and minimizes the potential for exploitation.
  5. Secure Configuration: Review and secure Magento’s configuration files, ensuring that sensitive information such as database credentials and API keys are properly protected. Use strong and unique passwords for all Magento administrative accounts.
  6. Web Application Firewall (WAF): Implement a WAF to filter and monitor incoming web traffic, blocking known attack patterns and malicious requests targeting Magento. Configure the WAF to specifically detect and block exploitation attempts related to the identified vulnerability.
  7. Regular Security Audits: Conduct regular security audits of the Magento installation and associated infrastructure to identify and remediate any security vulnerabilities or misconfigurations. Utilize security scanning tools and penetration testing techniques to assess the security posture of the e-commerce platform.
  8. Employee Training and Awareness: Educate employees, administrators, and developers about the risks associated with the identified vulnerability and the importance of adhering to security best practices. Encourage the reporting of any suspicious activity or security concerns.
  9. Backup and Disaster Recovery: Implement regular backups of the Magento database, files, and configurations. Develop and test a comprehensive disaster recovery plan to quickly restore the e-commerce platform in the event of a successful attack or compromise.
  10. Collaborate and Stay Informed: Stay informed about emerging threats, security vulnerabilities, and recommended mitigation strategies through security advisories, forums, and industry publications. Collaborate with security professionals and the Magento community to share insights and best practices for securing Magento-based e-commerce platforms.

These mitigation strategies, Magento website owners can reduce the risk of exploitation and enhance the security posture of their e-commerce platforms, protecting against potential threats posed by attackers leveraging the identified vulnerability.