A new hacking attack is targeting eCommerce websites, including WooCommerce, Shopify, Magento, and WordPress. Akamai researchers have discovered a new Magecart-style web skimmer campaign that targets digital commerce websites to steal personally identifiable information (PII) and credit card details.
Magecart attacks work by exploiting vulnerabilities in eCommerce platforms. On WordPress and WooCommerce, for example, the vulnerability could be in a theme or plugin. On Shopify, it could be an existing vulnerability in the platform itself. The victims of this ongoing campaign are located in North America, Latin America, and Europe, and vary in size.
The attackers are taking advantage of a wide range of vulnerabilities, so there is no single fix that can be applied to all eCommerce sites. Instead, site owners need to be vigilant about patching any vulnerabilities that are found.
If you manage your own website, especially the platforms mentioned above, here are some key tips for protecting your eCommerce site from Magecart attacks:
Based on the vulnerabilities associated with eCommerce software that is open source, it is worthwhile to review the reasons why proprietary (closed source) software may be a better option for your distribution or manufacturing company:
Choosing between open source and proprietary software is an important decision that should be made on a case-by-case basis. There are advantages to both options, such as the flexibility and collaborative nature of open source software, and the security and support provided by proprietary software. Factors like budget, technical requirements, and support needs should be carefully considered before a final decision is made.
To read more about this security threat visit Akamai.
To learn more about the advantages of proprietary B2B eCommerce software, visit Channel Software.