Uploaded by Sir Crow

Foregenix-Magento Security Report-20201005

advertisement
MAGENTO WEBSITE
SECURITY REPORT
Contact Us
www.foregenix.com/webscan
Tel: +44 845 309 6232
5th October 2020
Produced by Foregenix
overview whO is fOREGENIX?
We are a leading independent cybersecurity company with a
focus on keeping the world’s payment systems secure.
With over a decade of experience in the Payment Card Industry (PCI),
we help merchants, payment processors, banks and other operators
to ensure they are securing their environments effectively while
complying with industry security standards.
We won the Queen’s Award for Enterprise in 2019.
what do we do?
Compliance
& Risk
Digital forensics &
response
cybersecurity
technology
5th October 2020
overview what is webscan?
We currently monitor over
300,000
Magento Merchants
globally
WebScan is our comprehensive non-intrusive website scanning solution. It
analysis websites for specific security vulnerabilities to produce a risk score.
The scans are passive, meaning it looks for publicly available information (just
like criminals do), and at no point does it try to exploit vulnerabilities.
WebScan looks for:
• Malware (including card skimmers)
• Platforms and patching information
• SSL issues
We like to say that WebScan is the most up-to-date website scanning solution
in the market, as it is constantly updated by both our forensic team and Threat
Intelligence Group.
5th October 2020
The Risk Categories
CRITICAL
Already hacked, card data actively being stolen
hIGH
At risk of being hacked - easily
mEDIUM
Some issues, unlikely to get hacked
LOW
Hacking unlikely
THIS IS THE PROBLEM ZONE
overview
5th October 2020
overview Summary
200,000
decrease
93%
55%
Nearly
websites remain on the Magento 1 Platform
Significant
in the number of Magento websites
of Magento 1 websites are High/Critical Risk
of Magento 2 websites are High/Critical Risk
Magento remains the most
targeted platform by criminals
5th October 2020
webscan results
website numbers (all magento)
350000
280000
210000
140000
70000
0
May
June
Early
July
Late
July
Magento 1
Early
Aug
Late
Aug
Early
Sept
Late
Sept
Early
Oct
Magento 2
5th October 2020
WEBSCAN RESULTS CRITICAL RISK
Websites with Critical Risk have already been hacked
(with card data being actively stolen). This month we have
seen a significant drop in the % of hacked Magento 1 and 2
websites, but this number is still much bigger than usual.
5000
2.5
4000
2.0
3000
1.5
1.63%
1.0
Late
Sept
Magento 1
May
Late
July
Early
Aug
Late
Aug
0.35%
0.67%
0.37%
0.72%
0.45%
0.76%
Early
July
0.61%
June
0.79%
0.93%
0.93%
0.86%
424
Early
Oct
Early
Sept
0.43%
Early
Sept
418
338
1337
359
Late
Aug
0.43%
Early
Aug
1423
415
1529
532
Late
July
0.52%
Early
July
1617
418
1998
June
0.0
0.47%
May
0.5
0.48%
0
371
372
1907
1000
2040
3003
2000
2.34%
Percentage of total sites
4565
actual numbers
Late
Sept
Early
La
Oct
Magento 2
5th October 2020
WEBSCAN RESULTS high RISK
Websites with High Risk have significant security issues that make them very vulnerable to criminals.
The sites have one or more of the following:
• Security issues with website setup
• Non Card Harvesting Malware
• Missing critical framework security patches
• Has known framework vulnerabilities
May June Early Late Early Late Early Late Early
July July Aug Aug Sept Sept Oct
Magento 1
0
54.32%
91.38%
54.66%
51.30%
90.49%
93.49%
45.95%
50.98%
93.50%
94.85%
51.69%
20
95.84%
40
53,112
53,672
167,873
176,546
49,794
44,186
47,253
44,813
39,993
39,415
0
37,703
40000
185,846
189,596
197,378
201,267
207,925
80000
48.70%
60
93.61%
120000
51.15%
80
49.05%
160000
185,521
100
206,021
200000
94.19%
Percentage of total sites
93.96%
actual numbers
May June Early Late Early Late Early Late Early
July July Aug Aug Sept Sept Oct
Magento 2
5th October 2020
WEBSCAN RESULTS card-harvesting malware distribution
12.4%
87.6%
Magento 2
Magento 1
5th October 2020
WEBSCAN RESULTS Magento 1 & 2 - Loaders & skimmers
We also track how many websites are infected with loaders and skimmers.
Loaders - are small pieces of code designed to load in additional malicious
code onto a website.
Skimmers - are malicious scripts designed to scrape card data and
customer information from a site’s payment page before sending them
off to the attacker.
magento 1
1250
701
1000
750
293
500
437
The charts to the right show which regions in the world have the
highest infection rate, and below shows change over time.
250
0
5000
North Europe
America
64
42
21
32
Asia
200
3000
1
6
Oceania South
America
Africa
Loader
250
Loader
11
5
Skimmer
magento 2
Skimmer
4000
360
125
150
2000
100
1000
50
90
20
29
0
0
01/05
01/06
01/07
01/08
20/08
07/09
21/09
05/10
North Europe
America
4
7
1
5
Asia
0
0
Oceania South
America
0
0
Africa
5th October 2020
WEBSCAN RESULTS magento 1 & 2 - framework issues
Framework vulnerabilities are usually bugs in the software used to run your website.
“Framework security patches missing” means a website is missing security patches/updates that are already available.
It’s good to note that patching in Magento 2 works a bit differently
than in Magento 1. With Magento 1, they released standalone security
patches. This meant that websites could install these patches over
older versions of Magento 1 and they would still be secure against the
latest threats without having to update the entire website.
Framework issues also include insecure website set up, such as leaving default
settings in place (e.g. admin panel location, etc)
With Magento 2, they abandoned this practice and websites are
expected to upgrade to the latest version of Magento should they want
to stay secure.
magento 2 PERCENTAGES
magento 1 PERCENTAGES
60
50
70
Framework Patches Missing
52.1%
Framework Vulnerabilities
50.7%
40
30
36.8%
60
50
40
37.1%
30
20
20
10
10
5.7%
0
66.4%
North Europe
America
6.6%
Asia
2.7%
2.9%
2.2%
2.3%
Oceania South
America
24.9%
4.3%
0.4%
0.4%
Africa
0
North Europe
America
Asia
4.3%
0.0%
Oceania South
America
0.0%
Africa
5th October 2020
WEBSCAN RESULTS Malware Types
GAfavicon
0.37%
GAicu
0.77%
ImageHarvest
Prototype
Polymorphic
2.25%
Other malware types have risen in proportion due to this.
0.74%
1.39%
Grelos
2.87%
Keeper
Inter
These are the types of malware identified in our most recent Magento scan.
‘Cardbleed’, which was a previously-unknown card data skimmer that
attacked thousands of websites just before our last report,
has dropped significantly.
4.78%
10.07%
Currentdatas
11.43%
Cardbleed
0%
48.78%
10%
20%
30%
40%
50%
60%
70%
80%
5th October 2020
WEBSCAN RESULTS magento 1 & 2 - Malware Trends
We are tracking which malware type is infecting Magento websites.
Due to the Cardbleed attack in September, we have broken the data into two graphs.
The first graph shows how all malware combined compares with the spike of
Cardbleed, while the second graph shows the trend over time without it.
This month, we can see a significant decrease of Cardbleed malware, which may
correlate with the decline in Magento websites. However, it is still the biggest threat
to Magento websites and is bigger than all other malware combined.
currentdatas
3500
Other Malware
3000
keeper
500
Cardbleed
2500
inter
600
GAfavicon
400
2000
grelos
300
1500
imageHarvest
200
prototype
500
100
polymorphic
0
0
1000
06/07
13/07
05/08
19/08
02/09
18/09
01/10
GAicu
06/07
13/07
05/08
19/08
02/09
18/09
01/10
5th October 2020
Download