New research has found 87% of SME websites using the Magento platform are currently at high risk from cyber attacks.
By contrast, under 10% of websites using other major e-commerce platforms surveyed register in the same high risk category.
The research, from cyber security specialists Foregenix, analysed nearly 9 million websites worldwide, including over two million in Europe. 200,000 of sites surveyed worldwide use Magento (and companies using Magento 2 were also covered in the research).
The analysis carried out in April and May by Foregenix’s Threat Intelligence Group using its website security solution, WebScan, further revealed the proportion of Magento websites at high risk has increased from just under 80% from research carried out in October last year.
Other findings show the percentage of SME sites using Magento being at high risk is lower in Europe compared to North America. Europe, which accounts for 48% of all websites surveyed, registered 28% of high risk Magento sites. By contrast North America accounts for 43% of global sites analysed, but registered 60% of high risk sites.
With small differences, 1.4% of the total number of Magento sites globally are compromised and showing signs of payment card harvesting malware stealing their customer data. One exception to the trend is Europe where 0.63% of Magento sites were compromised.
Sites assigned as high risk generally miss critical security patches or have serious security vulnerabilities such as an exposed admin page. Many of these issues can be easily resolved.
SecurityScorecard recently revealed one of the most common methods used by nefarious players to compromise financial data is post-exploitation network sniffing.
For e-commerce merchants, post-exploitation network sniffing malware extends an attack beyond the initial vector of entry. This attack targets compromised sites, places malicious code into the website, and intercepts customer data. Thus, despite a merchant remediating the initial data breach, they remain compromised, often without realising it. Malware at the end-user level aligns with traditional definitions. Trojans, named after the Greek Trojan horse, disguise themselves as normal files that trick users into downloading and installing them.