October 3, 2024 at 01:20PM
Adobe Commerce and Magento online stores are under threat from CosmicSting attacks, leading to approximately 5% of stores being hacked. Vulnerability CVE-2024-32102 enables remote code execution and impacts various Adobe Commerce and Magento versions. Sansec reported 4,275 breached stores, with upcoming attacks projected due to slow patching response. Multiple threat actors are exploiting the vulnerability to steal information.
Based on the meeting notes, it’s evident that a significant cybersecurity threat is affecting Adobe Commerce and Magento online stores. A vulnerability named CosmicSting (CVE-2024-32102) presents a critical risk, potentially leading to remote code execution, especially when combined with CVE-2024-2961 in glibc’s iconv function. The attacks have resulted in the compromise of numerous high-profile online stores and demonstrate a concerning trend of low patching speed in response to the critical flaw.
The attacks are conducted by multiple threat groups aiming to steal credit card and customer information. These groups, such as “Bobry,” “Polyovki,” and “Ondatry,” have been exploiting the vulnerability to compromise unpatched sites. They inject malicious scripts into compromised sites from domains that appear to be legitimate, such as well-known JavaScript libraries or analytics packages, to camouflage their activities. This infiltration has allowed threat actors to steal sensitive customer data and, in some cases, to fight for control over vulnerable stores.
The impact of these attacks on well-known brands like Whirlpool, Ray-Ban, National Geographic, Segway, and Cisco is significant, with reported breaches leading to data theft and fraud. Sansec, a website security company, has been actively tracking the attacks and has issued urgent warnings to affected sites and brands. It is advised that website administrators promptly update their systems to the recommended versions to mitigate the risk.
The urgency of the situation is underlined by the prediction of further attacks, as a large portion of the Adobe Commerce and Magento install base had not implemented the necessary patches when automated scanning for secret encryption keys commenced. Sansec has also released an “emergency hotfix” to block most CosmicSting attacks and has provided a tool to check if websites are vulnerable. However, some affected brands have not responded to warnings, indicating a potential lack of awareness or urgency in addressing the issue.
Overall, the meeting notes emphasize the critical nature of the CosmicSting attacks and the need for immediate action to safeguard affected online stores and their customers. It is crucial for businesses to promptly apply available security updates and stay vigilant against these and similar cybersecurity threats.