Threat actors used brute-force attacks to access sites guarded with default or known credentials. Once they had access, they were observed loading data-stealing malware and cryptocurrency mining software onto Magento-powered sites. Paul talks about the research and what site admins should be doing to counter this threat.
The malware was capable of scraping credit card numbers and other sensitive information from sites running the compromised Magento software. The attackers were also cashing out by mining cryptocurrency, another growing cybercrime trend that Paul and Mike discuss.
In addition to providing more insight into these compromises and the malware involved, Paul talks about the importance of admins changing default usernames and passwords at installation, and offers other advice for defenders.
The Collective Intelligence Podcast, presented by Flashpoint and hosted by Editorial Director Mike Mimoso, features regular interviews with a diverse set of industry experts and Flashpoint analysts on the latest information security news and industry trends.
Michael Mimoso brings over a decade of experience in IT security news reporting to Flashpoint. As Editorial Director, he collaborates with marketing, analyst, and leadership teams to share the company’s story. Prior to Flashpoint, Mike was as an Editor of Threatpost, where he covered security issues and cybercrime affecting businesses and end-users.
Prior to joining Threatpost, Mike was Editorial Director of the Security Media Group at TechTarget and Editor of Information Security magazine where he won several ASBPE national and regional writing awards. In addition, Information Security was a two-time finalist for national magazine of the year. He has been writing for business-to-business IT publications for 11 years, with a primary focus on information security.
Earlier in his career, Mike was an editor and reporter at several Boston-area newspapers. He holds a bachelor’s degree from Stonehill College in North Easton, Massachusetts.