Around 5,000 Magento sites reported being attacked by Malware on September 4th, 2018. The Malware attack is a piece of malicious software which takes over a person’s computer in order to spread the bug onto other people’s devices and profiles. It can infect a computer and turn it into a botnet which means the cybercriminal can control the computer and use it to send malware to others.
What did Magento Commerce say? A spokeswoman for this company said the MagentoCore skimming malware is designed to infect the sites by exploiting simple passwords. This malware is a malicious card-data stealing script that is able to compromise websites using Magento platform. She also added that brute force attack is one of the most basic ways that a site can be compromised. It works by uncovering common or default passwords.
Guide to secure your store
As what the spokeswoman said, most of the sites which were found to have MagentoCore infections are lacking security patches or using outdated versions.
As Magento platform is an open source, it provides access for users to underlying source codes. That means web developers are able to create and share their own custom features or tweak the existing ones.
Magento said there is no proof that Magento Enterprise customers were affected by the recent malware. This company is committed to ensuring customer information’s security and encourage all shop owners to often upgrade security patches for their sites.
Magento Security Scan Tool is recommended by Magento for merchants’ regular scans of their domains. This tool is free and helps merchants avoid security risks including brute force attacks.
Merchants can also pay for Magento 2 to get a free cloud-based offering to better protect their websites. In this latest version, retailers are provided access to Magento software which they can host and monitor it themselves.
Peter Sheldon, vice president of strategy at Magento said that the cloud-based version is winning favors of most new clients and this version is “rapidly ticking up”. Late 2017 witnessed a huge number of clients using Magento 2. There is a total of about 20,000 merchants running their websites on Magento 2, including 18,000 users for free version and 2000 for fee-based version. Sheldon also added that though Magento 1-the original version of Magento is still attracting a significant number of users, more and more clients now starts their plans to switch from Magento 1 to Magento 2.
In conclusion, there are 2 effective ways which are offered for you to prevent your site from malware attacks. Using Magento Security Scan Tool- a free tool for regular scan of your site domains can be a good one which saves your budget. But if you are looking for a more comprehensive solution, then consider paying for Magento 2 to be given access to Magento Commerce Cloud for better protection.