The Largest M1 Breach to Date – What You Need to Know

Last weekend, there was a Magento 1 security breach that impacted more than 2000 storefronts, and that number could be higher. The attack used the “Magento Connect” section of Magento, also known as the downloader, to inject JavaScript code into the storefront.

Many of these impacted merchants may have already signed up for post-Magento 1 end-of-life patches, and installing them as soon as they are available is critical to preventing the same attack from happening again. However, developing new patches, customizing them to the specific environment, and applying them can take weeks and sometimes months, using up valuable time and resources, during which the application remains exposed.

True protection comes from having a hosting provider partner with a robust, proactive approach to scanning, monitoring, and acting upon risks as they occur, and preventing them from having any significant impact on the backend application. The strongest security solutions offer 360-degree protection against exploits that may be deployed through the filesystem, bypassed over vanilla WAF rules, and executed through the browser, all unbeknownst to the application owners.

Here are a few of the security measures Webscale uses to protect applications from exploits exposed by this attack:

• Web controls to immediately block access to the downloader.
• Real-time CSP alerting and blocking to ensure only pre-approved domains are executing scripts.
• Web controls to protect admin page access, with whitelisting and multi-factor authentication.

However, if you are not yet on the Webscale platform, there are still a number of things you can do to better protect your applications.

1. Search access logs for evidence of known attack patterns. Did anyone search for MySQL.php, and what part of the system responded? You should also validate that your checkout page has no scripts executed from mcdnn.net.
2. Restrict access to admin portions of your website through multiple mechanisms, since it is one of the most common gateways for hackers to exploit Magento.
3. Block access to “/downloader”, or even delete the downloader since it is no longer in use for Magento 1.
4. Check your code for malicious scripts, and block browsers executing scripts from unknown or unsafe domains.
5. Restrict php access from the internet to only specific files.
6. Build a secure architecture where the firewall cannot be circumvented.
7. Automate security, so any unintended changes to the file systems are identifiable or blocked.

Webscale’s range of ecommerce hosting solutions do all of the above, and more, and protect over 3000+ storefronts with its security-centric platform and architectures for 6+ years.

If you’d like a no-strings consultation with one of our ecommerce security experts to discuss your situation, we’d love to help – just drop us a note to info@webscale.com.