Source URL: https://www.theregister.com/2024/10/04/cisco_ray_ban_whirpool_cosmicsting_hack/
Source: The Register
Title: Big names among thousands infected by payment-card-stealing CosmicSting crooks
Feedly Summary: Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says
Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of stealing shoppers’ payment card info as they order stuff online.…
AI Summary and Description: Yes
Summary: The text highlights the critical vulnerability, CVE-2024-34102, known as CosmicSting, which affects Adobe’s Commerce and Magento software, leading to significant risks for online stores. This vulnerability has been exploited by multiple cybercrime gangs, showcasing the increasing complexity and danger of Magecart attacks on eCommerce platforms. The swift exploitation of this flaw emphasizes the necessity for robust security measures and prompt patching to protect consumer data.
Detailed Description:
The CosmicSting vulnerability presents a severe risk to online merchants using Adobe’s Commerce and Magento, with ramifications for data privacy and security. Here are the key takeaways from the text:
– **Vulnerability Overview**:
– **CVE-2024-34102**: Rated 9.8 out of 10 on the CVSS scale, this unauthenticated XXE (XML External Entity) vulnerability affects Adobe Commerce and Magento installations.
– It enables attackers to alter webpages and siphon user data, including sensitive payment information and login credentials.
– **Impact on eCommerce**:
– Approximately **4,275 merchants** were hit by attacks exploiting this flaw, which constitutes around **5% of all Adobe Commerce and Magento stores**.
– These attacks can lead to Magecart-style fraud, where attackers inject malicious scripts into checkout pages to capture customers’ data.
– **Collaboration Among Cybercriminals**:
– At least **seven distinct cybercrime gangs** are implicated in these attacks, operating “large scale” campaigns against vulnerable sites.
– The nature of CosmicSting allows multiple groups to target the same store, resulting in conflicts among gangs for access.
– **Exploitation Techniques**:
– Attackers utilize the CosmicSting flaw to add malicious JavaScript to affected pages and can potentially combine it with other high-severity vulnerabilities for remote code execution.
– A **backdoor installation** may occur, providing persistent access for attackers to further exploit compromised systems.
– **Preventive Measures and Responses**:
– Adobe released a patch for CVE-2024-34102 on June 11, but automated attacks began shortly before the patch became available.
– Cybersecurity firms such as Sansec are recommending that online Magento stores remain vigilant and review the published attack indicators to implement additional security measures.
– **Future Implications**:
– Sansec projects an increase in the number of attacks over the coming months, which underscores the urgency for merchants to apply patches and enhance their cybersecurity frameworks.
In conclusion, the CosmicSting vulnerability represents a major threat to online retailers, making it imperative for security professionals in the field of eCommerce and cloud-based solutions to remain vigilant and proactive in fortifying defenses against such exploits.