2 min. reading

Massive Cyber Attacks Hit 4,200+ Magento Stores via ‘CosmicSting’ Vulnerability

Widespread attacks have an impact on thousands of online stores. A series of sophisticated cyber attacks, exploiting the CosmicSting Vulnerability, affected approximately 5% of all Adobe Commerce and Magento e-commerce platforms this summer. The breach, which affected more than 4,200 online stores, including prominent international brands (Whirlpool and Ray-Ban), is the result of a critical security vulnerability known as CVE-2024-34102 or "CosmicSting."

Massive Cyber Attacks Hit 4,200+ Magento Stores via ‘CosmicSting’ Vulnerability
Source: Depositphotos

The Perfect Storm: Delayed Response Meets Vulnerability

A combination of factors is at the heart of this significant security breach. Adobe Commerce systems have been identified with a critical vulnerability. Numerous merchants have delayed the process of patching. Issues with the complete security of systems, even after updates have been implemented.

Adobe disclosed the vulnerability in June 2024 and released a hotfix in July, but by then, attacks were already ongoing. Automated attacks compromised cryptographic keys, which continued to be used even if stores were updated without key invalidation.

Seven hacker organizations contend for authority

Seven distinct hacker groups (like “Bobry,” “Polyovki,” and others) are competing to control these compromised stores. They use the stolen cryptographic keys to generate API tokens and insert malicious payment skimmers into checkout processes. Their attack methodology involves:

  • Utilizing the CosmicSting vulnerability to obtain confidential cryptographic keys
  • Using these keys to generate API authorization tokens
  • Obtaining confidential customer information
  • Incorporating malicious code (skimmers) into checkout processes

This competition has resulted in a peculiar situation in which multiple hacker groups repeatedly infiltrate and evict each other from the same compromised stores.

Adobe disclosed the vulnerability in June 2024 and released a hotfix in July, but by then, attacks were already ongoing. Automated attacks compromised cryptographic keys, which continued to be used even if stores were updated without key invalidation.

Source. Depositphotos

Road to Recovery

In order to mitigate this threat, cybersecurity professionals advise merchants that are affected to implement immediate measures:

  • Upgrade to the most recent version of Magento or Adobe Commerce
  • Invalidate and rotate outdated encryption keys
  • Establish resilient malware and vulnerability monitoring systems

Future Prospects: Additional Attacks on the Horizon

Sansec, a cybersecurity firm, anticipates that the number of stores affected will continue to increase, despite these recommendations. According to their research, a startling 75% of Adobe Commerce and Magento installations were unpatched when the automated attacks commenced.

This ongoing vulnerability highlights the critical importance of preventative security measures in the e-commerce sector. The sophistication and persistence of cyber threats targeting these platforms are increasing in tandem with the expansion of online retail.

Frequently Asked Question

How can store owners ensure they have applied the latest security patch?

  1. Regularly Checking for Updates: Enable automatic updates and manually check the Magento website for new patches.
  2. Using Security Tools: Utilize the Magento Security Scan Tool and review Adobe’s security bulletins.
  3. Implementing a Patch Management Strategy: Develop a structured approach for checking and applying updates.
  4. Verifying Installation: Check modified files and conduct functionality tests post-patch.
  5. Maintaining Strong Security Practices: Back up data and educate staff on cybersecurity best practices.

What are the potential consequences of not updating Magento stores promptly?

  1. Security Vulnerabilities: Outdated versions are susceptible to known exploits, increasing the risk of data breaches and unauthorized access to sensitive customer information.
  2. Performance Issues: Stores may experience slower loading times and downtime, negatively impacting user experience and conversion rates.
  3. Compatibility Problems: Lack of updates can cause issues with third-party integrations, leading to functionality gaps.
  4. Loss of Customer Trust: Security breaches can damage brand reputation, causing customers to lose confidence in the store’s ability to protect their data.
  5. Financial Losses: Downtime and poor performance can result in significant revenue losses due to abandoned carts and missed sales opportunities.

How can store owners monitor their systems for potential CosmicSting attacks?

  1. Enabling Content Security Policy (CSP) Monitoring: Use CSP to detect unauthorized changes in site content.
  2. Conducting Regular Security Audits: Assess vulnerabilities and check for unpatched extensions.
  3. Monitoring CMS Blocks: Watch for unauthorized changes or injections in CMS content.
  4. Utilizing Security Tools: Employ tools like the Magento Security Scan Tool to identify vulnerabilities.
  5. Log Monitoring: Monitor server logs for unusual activity, such as unexpected API calls.

 

Share article
Similar articles
58% Share Email for Discounts, But Protect Social Data
2 min. reading

58% Share Email for Discounts, But Protect Social Data

Retailers are finding that while customers love discounts, they’re also concerned about their privacy when sharing personal information. According to a recent study from digital transformation consultancy Daemon, promotional offers and email for discounts remain a strong draw across generations; Millennials lead at 67%, followed by Baby Boomers at 65%, and Gen Z at 61% […]

Read article
88% of Shoppers Want Omnichannel: 5 Key Strategies for Modern Retail Success
4 min. reading

88% of Shoppers Want Omnichannel: 5 Key Strategies for Modern Retail Success

The latest annual Bazaarvoice Shopper Experience Index (SEI) report brings new insights into where current shoppers’ expectations are heading. The survey was conducted on a sample of more than 8,000 customers from countries including the USA, Great Britain, France, Germany, Canada, Australia and India. Why is omnichannel the buzzword of today? And which strategies must […]

Read article
Bridge Now

Latest news right NOW

10+ unread

10+