The Shop’s Open

Written by:
Damian Jennings
Date Posted:
4 April 2018
Category:
Crypto

Naughty People have pwned hundreds of websites running Magento. I guess they weren’t ecommerce sites selling security. Well, I hope they weren’t. The hacksters got in, scraped the card info and for good measure installed some crypto mining stuff. Nice.

And wait till you hear how they did it… brute forcing using known default admin settings. Sigh.

Yes, some hosts are too lazy to change default log in details. So the Naughty People just are forcing their way in using default credentials.

All this has come to our attention thanks to the security intel company, Flashpoint. They warned that they know of 1,000 pwned installs of the popular ecomm software. The Naughty People are also trying their luck with Powerfront CMS and OpenCarts.

If you look on black hat forums, there’s been noise about this since 2016.

It’s a joy for the script kiddies too because you really need no skill at all. Just run a script and test the default creds on every Magento install you can find. Boom. Job done.

Obviously, once you’re into the control panel for Magento, you can do pretty much anything you want. Like grab all the card information and installing a bitcoin miner.

Most of the 1000 hacked boxes are “owned” (haha) by education and healthcare companies. Mainly in Americaland and Europe.

As anyone knows, not changing the default log in details for a CMS is like sellotaping your front door key to your front door. Something most security professionals frown upon.

Sounds like something for a future edition of our podcast, Stop Being Stupid…

Rating: 5.0/5. From 1 vote.
Please wait...

 

Leave a Reply

avatar
  Subscribe  
Notify of

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.