Contact Us Contact Us www.foregenix.com/webscan Tel: +44 845 309 6232 19th October 2020 Produced by Foregenix MAGENTO WEBSITE MAGENTO WEBSITE SECURITY REPORT SECURITY REPORT
Contact UsContact Uswww.foregenix.com/webscanTel: +44 845 309 6232
19th October 2020Produced by Foregenix
MAGENTO WEBSITEMAGENTO WEBSITESECURITY REPORTSECURITY REPORT
19th October 2020
whO is fOREGENIX?whO is fOREGENIX?overviewoverviewWe are a leading independent cybersecurity company with afocus on keeping the world’s payment systems secure.
With over a decade of experience in the Payment Card Industry (PCI),we help merchants, payment processors, banks and other operatorsto ensure they are securing their environments effectively whilecomplying with industry security standards.
We won the Queen’s Award for Enterprise in 2019.
what do we do?what do we do?
Compliance& Risk
Digital forensics & response
cybersecurity technology
19th October 2020
what is webscan?what is webscan?overviewoverview
WebScan is our comprehensive non-intrusive website scanning solution. It analysis websites for specific security vulnerabilities to produce a risk score.
The scans are passive, meaning it looks for publicly available information (just like criminals do), and at no point does it try to exploit vulnerabilities.
WebScan looks for: • Malware (including card skimmers)• Platforms and patching information• SSL issues
We like to say that WebScan is the most up-to-date website scanning solution in the market, as it is constantly updated by both our forensic team and Threat Intelligence Group.
We currently monitor over
270,000Magento Merchants
globally
19th October 2020
The Risk CategoriesThe Risk Categories
CRITICALCRITICAL
hIGHhIGH
mEDIUMmEDIUM
LOWLOW
Already hacked, card data actively being stolen
At risk of being hacked - easily
Some issues, unlikely to get hacked
Hacking unlikely
THIS
IS TH
E PRO
BLEM
ZONE
overviewoverview
19th October 2020
SummarySummaryoverviewoverviewAround 180,000 websites remain on the Magento 1 Platform
Significant decrease in the number of Magento websites
91% of Magento 1 websites are High/Critical Risk
30% of Magento 2 websites are High/Critical Risk
Magento remains the most targeted platform by criminals
19th October 2020
website numbers (all magento)website numbers (all magento)webscan resultswebscan results
Magento 2Magento 1
0
70000
140000
210000
280000
350000
LateOct
EarlyOct
LateSept
EarlySept
LateAug
EarlyAug
LateJuly
EarlyJuly
JuneMay
19th October 2020
0.0
0.5
1.0
1.5
2.0
2.5
LateOct
EarlyOct
LateSept
EarlySept
LateAug
EarlyAug
LateJuly
EarlyJuly
JuneMay0
1000
2000
3000
4000
5000
LateOct
EarlyOct
LateSept
EarlySept
LateAug
EarlyAug
LateJuly
EarlyJuly
JuneMay
CRITICAL RISKCRITICAL RISKWEBSCAN RESULTSWEBSCAN RESULTSWebsites with Critical Risk have already been hacked(with card data being actively stolen). The good news is that critical websites have decreased this month, however it is stillhigher than the average from May to Early September.We believe this is still a vestige of Cardbleed’s attack.
Percentage of total sitesactual numbers
Magento 2Magento 1
1907
372
2040
371
1998
418 16
17
532 15
29
415 14
23
359 13
37
338
4565
418
0.86
%
0.48
% 0.93
%
0.47
%
0.93
%
0.52
% 0.79
%
0.61
%
0.76
%
0.72
%
0.37
%
0.45
%
0.67
%
0.35
%
2.34
%
0.43
%
3003
424
1.63
%
0.43
%
2660
343
1.48
%
0.35
%
19th October 2020
0
20
40
60
80
100
LateOct
EarlyOct
LateSept
EarlySept
LateAug
EarlyAug
LateJuly
EarlyJuly
JuneMay0
40000
80000
120000
160000
200000
LateOct
EarlyOct
LateSept
EarlySept
LateAug
EarlyAug
LateJuly
EarlyJuly
JuneMay
high RISKhigh RISKWEBSCAN RESULTSWEBSCAN RESULTSWebsites with High Risk have significant security issues that make them very vulnerable to criminals. The sites have one or more of the following:
• Missing critical framework security patches• Has known framework vulnerabilities
Magento 2Magento 1
Percentage of total sitesactual numbers
207,
925
37,7
03
206,
021
39,9
93
201,
267
39,4
15
197,
378
44,8
13
189,
596
47,2
53
185,
846
44,1
86
185,
521
49,7
94
93.9
6%
49.0
5%
94.1
9%
51.1
5%
93.6
1%
48.7
0%
95.8
4%
51.6
9%
94.8
5%
50.9
8%
93.5
0%
45.9
5%
93.4
9%
51.3
0%
176,
546
90.4
9%
54.6
6%
53,6
72
• Security issues with website setup• Non Card Harvesting Malware
167,
873
53,1
12
91.3
8%
54.3
2%161,
795
29,2
10
89.9
9%
30.0
2%
19th October 2020
card-harvesting malware distributioncard-harvesting malware distributionWEBSCAN RESULTSWEBSCAN RESULTS
Magento 2 Magento 1
11.4% 88.6%
19th October 2020
0
30
60
90
120
150
AfricaSouthAmerica
OceaniaAsiaEuropeNorthAmerica
0
250
500
750
1000
1250
AfricaSouthAmerica
OceaniaAsiaEuropeNorthAmerica
Magento 1 & 2 - Loaders & skimmersMagento 1 & 2 - Loaders & skimmersWEBSCAN RESULTSWEBSCAN RESULTSWe also track how many websites are infected with loaders and skimmers.
Loaders - are small pieces of code designed to load in additional malicious code onto a website.
Skimmers - are malicious scripts designed to scrape card data andcustomer information from a site’s payment page before sending themoff to the attacker.
The charts to the right show which regions in the world have thehighest infection rate, and below shows change over time.
magento 1
magento 2
450
700
296
373
4319
312
61
67
69
19
30
53
00
00
Skimmer
Loader
4359
71
0
1000
2000
3000
4000
5000Skimmer
Loader
19/1005/1021/0907/0920/0801/0801/0701/0601/05
19th October 2020
magento 1 & 2 - framework issuesmagento 1 & 2 - framework issuesWEBSCAN RESULTSWEBSCAN RESULTSFramework vulnerabilities are usually bugs in the software used to run your website.
“Framework security patches missing” means a website is missing security patch-es/updates that are already available.
Framework issues also include insecure website set up, such as leaving defaultsettings in place (e.g. admin panel location, etc)
It’s good to note that patching in Magento 2 works a bit differently than in Magento 1. With Magento 1, they released standalone security patches. This meant that websites could install these patches over older versions of Magento 1 and they would still be secure against the latest threats without having to update the entire website.
With Magento 2, they abandoned this practice and websites are expected to upgrade to the latest version of Magento should they want to stay secure.
0
10
20
30
40
50
Framework Patches Missing
Framework Vulnerabilities
AfricaSouthAmerica
OceaniaAsiaEuropeNorthAmerica
magento 1 PERCENTAGES magento 2 PERCENTAGES
0
10
20
30
40
50
60
AfricaSouthAmerica
OceaniaAsiaEuropeNorthAmerica
70
52.3% 51.3%
36.5%37.1%
5.7% 6.1% 2.9% 2.8%2.3%2.2%
0.4% 0.3%
65.9%
25.3%
3.0% 5.8%0.0% 0.0%
60
19th October 2020
Malware TypesMalware TypesWEBSCAN RESULTSWEBSCAN RESULTS
Cardbleed
Currentdatas
InterKeeper
Grelos
Polymorphic
Prototype
GAicu
ImageHarvest
GAfavicon
10% 20% 30% 40% 50% 60% 70% 80%0%
49.61%
12.46%
9.35%
5.35%
3.01%
1.62%
0.81%
0.84%
0.91%
0.81% These are the types of malware identified in our most recent Magento scan.Cardbleed is still the most common malware found on Magento websites, however the number of infections have been decliningsince their big attack.
19th October 2020
magento 1 & 2 - Malware Trendsmagento 1 & 2 - Malware TrendsWEBSCAN RESULTSWEBSCAN RESULTSWe are tracking which malware type is infecting Magento websites.Due to the Cardbleed attack in September, we have broken the data into two graphs. The first graph shows how all malware combined, compared with the spike ofCardbleed, while the second graph shows the trend over time, without it.
As mentioned, Cardbleed is still the most common malware found oninfected websites, however Currentdatas, Inter and keeper have been the three most common malware, historically.
t
0
500
1000
1500
2000
2500
3000
3500Other Malware
Cardbleed
13/1030/0918/0902/0919/0805/0813/0706/070
100
200
300
400
500
600
13/1030/0918/0902/0919/0805/0813/0706/07
GAfavicon
GAicu
imageHarves
prototype
polymorphic
grelos
keeper
inter
currentdatas
19th October 2020
our insightsour insightsWe have seen a decrease on High and Critical risk websites since the last report. Even though this is good news, we cannot let our guard down as we expect more large scale attacks to occur; as all Magento 1 websites are, and will continue to be, vulnerable (no security patches).
We urge Magento 1 and 2 website owners/administrators to check their configuration/set-ups and make sure it’s secure. If possible, they should invest in website security, if not, they should at least take on cyber insurance. Magento 1 websites owners/administrators should, without a doubt, invest in website security before the next big attack.
For free guidance, check out our Magento Security Insights. Many of the simple changes we have been advising are precautions that could prevent Cardbleed’s exploit, or any exploit for that matter -- though not for certain.
Additional resources
Magento Security Insights Page
foregenix.com/magento
Use our free scanner to understand your website security posture
foregenix.com/webscan
Try out our website security solution, FGX-Web
foregenix.com/fgx-web