Collective Intelligence Podcast, Episode 6 Magento Attacks

April 5, 2018

Flashpoint Editorial Director Mike Mimoso talks to Flashpoint Senior Malware Researcher Paul Burbage about the recent compromise of more than 1,000 Magento ecommerce platform admin panels.

Threat actors used brute-force attacks to access sites guarded with default or known credentials. Once they had access, they were observed loading data-stealing malware and cryptocurrency mining software onto Magento-powered sites. Paul talks about the research and what site admins should be doing to counter this threat.

The malware was capable of scraping credit card numbers and other sensitive information from sites running the compromised Magento software. The attackers were also cashing out by mining cryptocurrency, another growing cybercrime trend that Paul and Mike discuss. 

In addition to providing more insight into these compromises and the malware involved, Paul talks about the importance of admins changing default usernames and passwords at installation, and offers other advice for defenders. 

Get a direct download of the podcast here. 

The Collective Intelligence Podcast, presented by Flashpoint and hosted by Editorial Director Mike Mimoso, features regular interviews with a diverse set of industry experts and Flashpoint analysts on the latest information security news and industry trends.


Flashpoint Intelligence Brief

Subscribe to our newsletter to stay up-to-date on our latest research, news, and events