b2b-daily
Search
Close this search box.
Search
Close this search box.
Home | IT | Cyber Security

Widespread Retail Hacks Exploit Adobe Commerce, Magento Vulnerabilities

Avatar photo
by Tailor Jackson
October 7, 2024
Widespread Retail Hacks Exploit Adobe Commerce, Magento Vulnerabilities
Table of Contents
  1. Extent of the Breach
  2. Vulnerability Details
  3. Attack Timeline and Discovery
  4. Impacted Parties
  5. Remediation Efforts
  6. Overarching Trends and Consensus Viewpoints
  7. Summary of Main Findings
  8. Conclusion

A significant wave of cyberattacks beginning in the summer of 2023 has put the spotlight on vulnerabilities in Adobe Commerce and Magento software, resulting in the compromise of sensitive customer information across numerous online stores. Cybercriminals have meticulously exploited these vulnerabilities, employing digital payment skimmers to gain unauthorized access to critical data.

Extent of the Breach

The scale of this breach is alarming, with over 4,300 merchants falling victim to these cyberattacks, including prominent names such as Cisco and National Geographic. The attacks are noteworthy for their rapid escalation, peaking at a rate of five stores per hour. This infiltration underscores the need for robust cybersecurity measures in the e-commerce sector.

Vulnerability Details

Two key vulnerabilities are at the heart of this cyberattack campaign: CVE-2024-34102, also known as CosmicSting, and CVE-2024-2961. The CosmicSting flaw enables attackers to steal credentials and secret cryptographic keys, which in turn allows them to hijack customer data and insert payment skimmers. When combined with CVE-2024-2961, attackers gain the ability to execute code and install backdoors on servers, creating additional pathways for exploitation.

Attack Timeline and Discovery

The campaign’s discovery can be credited to security researcher Sergey Temnikov, who identified the threat and reported it to HackerOne in December 2023. Adobe was subsequently alerted in January 2024, and a patch to address these vulnerabilities was released in June. Despite this, many stores remained vulnerable due to the complex and technical nature of the remediation required to fully secure the affected systems.

Impacted Parties

Both minor and major online merchants have been targeted in these attacks. Attack groups like Ondatry have systematically exploited these vulnerabilities to steal data, exploiting weaknesses in the affected systems. The organizations that have fallen victim to these hacks must go through the painstaking process of manually invalidating stolen cryptographic keys to thwart further unauthorized access.

Remediation Efforts

In response to the vulnerabilities, Adobe rolled out a security update followed by a hotfix aimed at disabling old encryption keys. Nevertheless, the process is intricate and prone to errors, posing significant challenges for effective and timely implementation. This complexity has left many merchants grappling with ongoing security concerns, despite the availability of patches and fixes.

Overarching Trends and Consensus Viewpoints

Within the cybersecurity community, there is a consensus on the persistent threat posed by digital skimming attacks on e-commerce platforms. Experts underscore the urgent need for timely patching and rigorous key management practices to combat these threats. The growing sophistication of cybercriminals, coupled with their use of automated tools to exploit known vulnerabilities, has been a recurring theme in various cybersecurity incidents.

Summary of Main Findings

The CosmicSting vulnerability has led to widespread exploitation of Adobe Commerce and Magento stores, revealing critical weaknesses in widely used e-commerce platforms. Although efforts to patch these vulnerabilities are ongoing, many online merchants remain vulnerable due to the technical complexity of the required remediation steps. The financial and reputational damages from these breaches are substantial, highlighting the importance of robust cybersecurity measures and swift response actions.

Conclusion

Starting in the summer of 2023, a notable surge in cyberattacks has revealed critical weaknesses in Adobe Commerce and Magento software. These breaches have compromised sensitive customer information across a multitude of online stores, drawing significant attention to the issue. Cybercriminals have skillfully exploited these vulnerabilities, using digital payment skimmers to gain unauthorized access to crucial data. This wave of attacks highlights the urgent need for heightened security measures within e-commerce platforms. Businesses using Adobe Commerce and Magento must now prioritize updating their security protocols to protect both their operations and their customers’ personal information. The spotlight on these vulnerabilities underscores the importance of proactive cybersecurity practices. As cyber threats become more sophisticated, the capacity to safeguard digital transactions remains paramount. This situation serves as a wake-up call for online retailers to regularly test and fortify their defenses against potential breaches. Only through diligent effort can they ensure the safety of customer data in an increasingly digital marketplace.

Digital TransformationInformation Security

Explore more

Is Saudi Arabia the Next AI and Semiconductor Powerhouse?
May 21, 2025

The global landscape of artificial intelligence and semiconductor technology is experiencing a significant shift, with numerous countries vying for leadership. Amidst this technological race, Saudi Arabia is emerging as a formidable contender, aiming to establish itself as a powerhouse in both AI and semiconductor industries. This ambitious endeavor is marked by strategic collaborations, investments in cutting-edge infrastructure, and initiatives to

Can Payroll Excellence Boost Employee Trust and Loyalty?
May 21, 2025

Navigating the competitive landscape of today’s labor market requires organizations to strategically utilize all available tools. While employers often prioritize perks and benefits to secure employee loyalty, the importance of maintaining a professional and effective payroll system frequently goes overlooked. Research from the National Payroll Institute highlights this, emphasizing the critical role payroll plays in shaping employer-employee relationships. Timely and

Invest Smartly: Invest in Niche AI and Data Center Stocks
May 21, 2025

The growing tide of artificial intelligence (AI) technologies and their integration into daily business operations have created seismic shifts within the modern economic landscape. As AI applications multiply, they have fueled a burgeoning demand for powerful data centers that can efficiently store, manage, and process colossal volumes of data. This development marks a compelling opportunity for investors, as the infrastructure

Do Dutch Need Cash for Emergencies Amid Digital Risks?
May 21, 2025

As the digital age progresses, the convenience of cashless payments has become a daily norm for many in the Netherlands. Nevertheless, recent recommendations from the Dutch National Forum on the Payment System (MOB) highlight potential vulnerabilities in relying solely on digital transactions. Geopolitical tensions and cyber threats have introduced risks that could disrupt electronic payment systems, provoking concern among various

Boosting E-Commerce Profits Amid Tariff Challenges
May 21, 2025

E-commerce businesses in the United States currently face daunting obstacles as recent tariff impositions threaten to squeeze profit margins, pushing companies to innovate to remain competitive. In this challenging atmosphere, brands must rethink traditional strategies and cultivate direct consumer connections to offset the losses associated with these tariffs. A growing number of businesses are turning to direct-to-consumer (DTC) sales to