LONDON, September 15, 2014 /PRNewswire/ --
Foregenix, an independent and specialist information security business, is alerting all ecommerce businesses to a new data compromise that has been identified, specifically targeting those running on the Magento platform.
(Logo: http://photos.prnewswire.com/prnh/20140910/705685 )
Through the specialist forensic investigation work by the Foregenix team, a relatively new data compromise, specific to Magento-based websites, has been identified. The system compromises do not highlight weaknesses or vulnerabilities in the Magento solution itself, but relate to Magento users unintentionally installing compromised or fake extensions to the Magento framework, which can then leave businesses open to attack.
These malicious modules permit remote, unauthorised users to access the impacted site and make system modifications to harvest payment card details, as well as other confidential information belonging to both customers and the compromised websites.
The Foregenix team has identified multiple versions of the rogue modules in recent forensic investigations, and as such is issuing an advisory to all Magento-based merchants to check for indications of the malicious modules.
Director of Foregenix Andrew Bontoft said, "As one of the most popular ecommerce platforms, Magento is an obvious target for attackers. Magento users should maintain vigilance when selecting and installing modules to their site; specifically, making sure that they are deploying code from legitimate and trusted sources."
Foregenix is advising that esellers may be at risk and in response has set up a website providing a free scan to check whether their websites have been affected by any of the identified rogue modules (http://www.foregenix-magento-scan.com). In addition, Foregenix offers useful advice on how to remove the malicious modules.
Commenting on the latest compromise, Benjamin Hosack, Director of Foregenix said, "This highlights the increasing threat of cybercrime for businesses in the UK and across the globe. Hackers are increasingly finding ways to find flaws in online platforms, payment portals and data gateways, so businesses need to be aware of the threat and put in place solutions to protect themselves and their customers."
Benjamin Hosack went on to comment, "Cybercriminals are becoming even more targeted and increasingly sophisticated in their method of attacks. We see first-hand how they can implement a malicious malware or form of data compromise without being detected. Online businesses have been a primary target recently, so we want to highlight the dangers as well as educate businesses out there on how to defend themselves."
The solutions to prevent the latest compromise are out there, but often online businesses do not have the in-house expertise to implement them.
About Foregenix:
Foregenix is an independent, specialist information security business, headquartered in the United Kingdom, with further offices in South Africa and Latin America, with a global service capability.
The Foregenix team has been intimately involved with the Payment Card Industry since the inception of the security standards in 2004, and has carried out forensic investigations and compliance assessments on hundreds of organisations, ranging from national banks and multi-national corporations, right down to online and high street stores. Foregenix's desire to promote simplified security and technical innovation led to the team becoming the first QSA in the world to certify a PCI-P2PE application.
Furthermore, through its work in digital forensics, Foregenix has gained an understanding of the ever-changing cyber threat landscape. This has allowed the team to develop a suite of security and risk reduction solutions to pro-actively secure our clients.
To find out more about Foregenix visit http://www.foregenix.com, or call +44(0)845-309-6232.
Share this article