Updated on 2022-11-17
Around 40% of Magento 2 websites are being targeted by at least seven hacking groups, in a massive wave of TrojanOrders attacks that exploit the CVE-2022-24086 Magento 2 vulnerability. Read more: Magento stores targeted in massive surge of TrojanOrders attacks
Updated on 2022-11-15: Attacks target Magento and Adobe stores
SanSec researchers are reporting a rise in attacks probing Magento 2 and Adobe Commerce online stores for a vulnerability tracked as CVE-2022-24086. The vulnerability allows threat actors to place orders on vulnerable stores that exploit the site’s emailing feature to take over unpatched stores. Sansec said that based on their data, around 38% of all Magento and Adobe Commerce stores had not been patched for the vulnerability—as of November 2022. A big role in the rising number of probes also played the broad availability of an exploit for the vulnerability, first seen in July this year, on sale on hacking forums. Read more: Adobe Commerce merchants to be hit with TrojanOrders this season
Overview: Magento sites extortion
Sansec reports that threat actors are contacting the administrators of Magento-based online stores with classic extortion messages, threatening the release a company’s data unless a ransom of $3,000 is paid to them in Bitcoin. Sansec researchers urge Magento admins not to pay any ransom demand until the threat actors prove they have stolen a store’s data, as similar campaigns involving fake threats have taken place in the past targeting other platforms. Read more: Extortion of Magento merchants