Magento, a popular Content Management System and an open-source ecommerce platform implemented over 200,000 sites was recently targeted by attackers. The responsible actors of this incident are using the brute-force password attack and malware that mine cryptocurrency. This attack is done for getting an access to the credit card numbers and information related to it. For this the hackers tried to access the administrative panel that contains all the information of credit cards.
According to reports, around more than 1000 Magento Admin panels suffered from the attack. Once the controllers gets the access for the Magento’s CMS admin panel, they will have direct access to the site. With this access hackers will be able to launch their own scripts on the platform.
In this situation, attackers tried to run the malicious code in the Magento core file, that allows actors to get the access to the page where all the payment data is processed. This page will redirect all the sensitive data to the attackers directly.
Actors even tried to avoid detection by updating the malicious files regularly. So that they avoid the detection procedures and stay undetected.
Also Read : How POS Threat Has Evolved Over Years?
How will the attack work?
The analysts say that compromised sites are sending return request in form of phony Adobe Flash Player update. When this request is launched, a JavaScript containing malware will run on your system.
The whole chain is initiated by the installation of AZORult malware, which is a type of malware that specializes in stealing data. After the AZORult is on your system, it will run an extra malware dubbed as Rarog cryptocurrency miner to mine cryptocurrency.
More than 1000 compromised panels are of education and healthcare industries. And most of the IP addresses of these panels are located in United States and Europe.
What steps are being taken?
Flashpoint, a risk intelligence authority, is working with the law enforcement to alert the victims who suffered an attack.
Flashpoint researchers has advised the Magento admins to update the CMS account logins. So that the brute-force attack effect is mitigated.
Must Read : Multiple Cities and Multiple Attacks: Cyber Attacks Create Havoc
They suggested some of the practices to stay protected from further attacks, which are as follows:
● Enforce organizational password complexity requirements.
● Restrict users from recycling previously used passwords.
● Enable two-factor authentication for sensitive systems, applications, databases, and remote access solutions.
● Supply users with secure password managers to assist with password requirements.
This was all! One more case of malware attack that’s been happening now almost every day and still can’t do anything.
If you found this helpful, please let us know. Give us your feedback in the comments box below.
Quick Reaction:
Leave a Reply