If you haven’t patched this vulnerability, you should.  

SecurityMetrics, Chase Palmer, CISSP
By: Chase Palmer
Senior Program Manager
CISSP 
In early 2015, Magento found a vulnerability known as Shoplift Bug and released a patch for it. Unfortunately, many businesses still haven’t patched this vulnerability, which could threaten their e-commerce integrity.

Here is some more information about the Shoplift Bug, how it makes your system vulnerable, and what you need to do to combat it.

SEE ALSO: How do Hackers Hack?

How does the Shoplift Bug work? 

shoplift bugThrough the Shoplift Bug, hackers can remotely execute code on Magento software. This vulnerability seems to affect both the community and enterprise versions of Magento.

The Shoplifting exploit is actually a chain of vulnerabilities in the Magento core software, but is frighteningly simple.  The exploit uses a Python script that forces the server to downgrade the website from HTTPS to HTTP and then uses SQL injection to create a new user with administrative privileges.

Once the attacker has access to the dashboard with administrator access, they will typically install software through the console that will create a backdoor that allows the attacker to remotely alter the functionality of the online store, add or remove products, change the price of products, add phony coupons, and much more.

What should I do? 

Unfortunately, this exploit was highly automated and nearly all vulnerable instances of the Magento dashboard are assumed to be compromised.  If you don’t know if you’ve patched your site recently or if you’re a Magento user, check on MageReport.com.

If you haven’t installed this patch, here’s a list of steps you should take to patching your website:
data security, software updates
  • Download and implement the two patches from the Magento Community Edition download page
  • Test the patches in a development environment first to make sure they’re working properly before deploying them in your production environment
  • Check for unknown files in web server document root directory. If you find any, remove the files, keeping a secure copy if possible
  • Check all admin accounts to make sure they’re all authorized. Change all admin passwords have you suspect a breach
  • Check for unknown IP addresses accessing the system, since hackers may be using legitimate credentials to gain access to your system. Examples of addresses could include 62.76.177.179, 185.22.232.218, and 23.245.26.35 
If you need help installing patches, refer to Magento’s Community Security patch forum where community members, moderators, and Magento can assist with questions about downloading and installing patches.
If you haven’t already installed this latest patch, you should do so as soon as possible.

Patch your systems

Remember, it’s important to stay up to date on your systems and patch any vulnerabilities that pop up. Tips to do this include:
  • Sign up for newsletters/notifications from vendors you use: Once they release a new patch, you’ll be notified. 
  • Patch the vulnerability as soon as possible: The sooner you fix the vulnerability, the less time you’ll be open to attacks
  • Set up a schedule to regularly patch and update software: This will keep your software updated in its most secure state. 
SEE ALSO: Security Patches in Your Business: Complying with PCI Requirement 6.1

Chase Palmer (CISSP) is the Senior Program Manager and has been working at SecurityMetrics for seven years. He manages the company’s largest corporate partners in running mass Level 4 PCI DSS programs worldwide. Chase has a Bachelor’s degree in Business Management from Western Governor’s University. He currently lives in Provo, Utah, and he loves everything about motorcycles.

0 comments