Collective Intelligence Podcast, Episode 6 Magento Attacks
Flashpoint Editorial Director Mike Mimoso talks to Flashpoint Senior Malware Researcher Paul Burbage about the recent compromise of more than 1,000 Magento ecommerce platform admin panels.
Threat actors used brute-force attacks to access sites guarded with default or known credentials. Once they had access, they were observed loading data-stealing malware and cryptocurrency mining software onto Magento-powered sites. Paul talks about the research and what site admins should be doing to counter this threat.
The malware was capable of scraping credit card numbers and other sensitive information from sites running the compromised Magento software. The attackers were also cashing out by mining cryptocurrency, another growing cybercrime trend that Paul and Mike discuss.
In addition to providing more insight into these compromises and the malware involved, Paul talks about the importance of admins changing default usernames and passwords at installation, and offers other advice for defenders.
The Collective Intelligence Podcast, presented by Flashpoint and hosted by Editorial Director Mike Mimoso, features regular interviews with a diverse set of industry experts and Flashpoint analysts on the latest information security news and industry trends.