Ecommerce business owners using Magento 1x need to be aware. All Magento 1 shops are at the end of life. What does that mean?
E-commerce business owners using Magento 1x need to be aware. All Magento 1 shops are at the end of life. What does that mean? It doesn't mean everyone using Magento will have their e-commerce sites shut down or that you will no longer be able to make transactions using Magento 1.
But it does mean that Magento 1 will no longer receive official and important security patches, updates or support. As of June 30, 2020, anyone still using a Magento 1 is potentially open to shopping cart webpage vulnerabilities because it is no longer supported, patched, or updated.
SecurityMetrics vulnerability assessment scanners have been updated to check for Magento 1 users. As of August 6th, anyone who still has Magento 1 running on their servers will fail the SecurityMetrics vulnerability assessment scan.
1. Your online store is now at risk.
2. Your business reputation is at risk. You could lose customers as they fear for the security of their information.
If you are using Magento 1, we urge you to update to a safe and approved version that is supported.
Cybercriminals know when your patches and software support expire, and they count on the resulting vulnerabilities to perform coordinated zero-day exploits. End of life for Magento 1 is no different, and hackers have been targeting Magento 1 shops with “Magecart” attacks.
Magecart–also known as web skimming or formjacking–is an attack where hackers gain access to your ecommerce shop through third parties. They typically hack into page analytics companies or ad providers, and insert small snippets of JavaScript that will be brought into the dynamic payment processing environment of a checkout page. This script is malicious and is coded to copy data from form fields on checkout webpages.
While web skimming attacks take place in a third party’s code, it’s more important than ever to use tools that enhance the code review process because it’s not a perfect process. Director of Penetration Testing, Chad Horton ( ), explained this concept in our recent SecurityMetrics Summit Keynote Address:
“We often hear customers say, ‘We review our own code and we have OWASP training, so we know what we’re looking for.’ But what comes to mind is the fact that open SSL had a hard bleed in the code for two-and-a-half years before it was discovered. The Linux kernel released in May of this year had vulnerabilities that had been present for over 30 years. And I can guarantee that code had many eyes on it.”
Watch the entire Summit 2020 Keynote here.
See also: SecurityMetrics PCI Guide
Web skimming is difficult to detect and prevent because it takes place outside of servers and firewalls, in the rendered code of the client-side browser. Additionally, traditional security tools and policies were not designed to detect web skimming or to work in dynamic environments like online retail shopping carts.
SecurityMetrics' Analysts discovered the root of these attacks and have developed a patented web skimming solution: Webpage Integrity Monitoring (WIM) technology. WIM technology can detect web skimming at the moment it is triggered and will alert a merchant if a webpage has been compromised.
.svg)
