Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Posted By: ITWiser Webmaster
Hackers compromise commercial sites running the popular open-source Magento platform
Hundreds of commercial transactions conducted electronically on the internet running the popular open-source Magento platform have been compromised by hackers to scrape credit card numbers and install crypto-mining malware.
Powerfront CMS and OpenCarts which are other popular e-commerce processing content management systems are also being targeted.
Attacks like these are made easier when admins fail to alter the credential upon installation platforms. Meanwhile attackers can build simple automated scripts loaded with known credentials to gain access of the panels. Once the attacker has gained control of the site’s Magento CMS admin panel, they can add any script they choose. Hackers were inserting the malicious code in the Magento core file, granting them access to pages where payment data is processed. It would appear most of the victims belong to firms in the education and healthcare industries, largely in the US and Europe.
Magento admins are being recommended to examine CMS account logins and relieve their exposure to brute-force attacks by getting rid of weak passwords and enforcing two-factor authentication.
ITWiser offer a wide range of services and solutions to help prevent situations like this affecting you and your business. We offer internal security audits and external security audits, these audits are designed to highlight vulnerabilities on your network. For more information on these or on any of our other services please get in touch today.