In a recent development, threat actors have been identified exploiting a critical vulnerability in Magento to inject a persistent backdoor into e-commerce websites. This particular attack is leveraging CVE-2024-20720, which has received a CVSS score of 9.1 and has been categorized by Adobe as a case of “improper neutralization of special elements,” potentially leading to arbitrary code execution. Adobe took measures to address this vulnerability by releasing security updates on February 13, 2024.
According to Sansec, a cybersecurity company, they have unearthed a sophisticated technique wherein a “cleverly crafted layout template in the database” is being utilized to automatically inject malicious code that can execute arbitrary commands. The attackers are combining the Magento layout parser with the beberlei/assert package, which comes pre-installed, to execute system commands. Essentially, this combination allows them to embed a backdoor for code execution, leading to the deployment of a Stripe payment skimmer to capture and extract financial data to another compromised Magento store.
The malicious activity doesn’t exist in isolation, as the Russian government has taken action against a group of individuals who have been charged with using skimmer malware to pilfer credit card and payment data from international e-commerce platforms since at least late 2017. The suspects indicted in this case include Denis Priymachenko, Alexander Aseyev, Alexander Basov, Dmitry Kolpakov, Vladislav Patyuk, and Anton Tolmachev. As per reports from Recorded Future News, these arrests were carried out about a year ago, as indicated by court documents.
The official statement from the Prosecutor General’s Office of the Russian Federation revealed, “As a result, members of the hacker group illegally took possession of information about almost 160 thousand payment cards of foreign citizens, after which they sold them through shadow internet sites.” This underscores the severity of the cyber threat landscape and the need for stringent cybersecurity measures to safeguard sensitive consumer information.
It is imperative for e-commerce businesses to remain vigilant and implement robust security protocols to mitigate the risks posed by such malicious activities. The exploitation of vulnerabilities like CVE-2024-20720 underscores the importance of timely security updates and patches to prevent unauthorized access and data breaches. As cyber threats continue to evolve, organizations must stay ahead of the curve by investing in cybersecurity solutions and fostering a culture of cyber resilience.
The incident serves as a stark reminder of the ever-present dangers in the digital realm and the critical need for proactive cybersecurity measures to safeguard sensitive data and protect against malicious actors. By staying informed and adopting a proactive approach to cybersecurity, businesses can fortify their defenses against emerging threats and secure their online presence effectively.