**Supply Chain Attack Hits 1,000 E-Commerce Sites After Six Years of Dormancy**
Up to 1,000 e-commerce websites have been compromised in a significant supply chain attack involving 21 Magento extensions, according to a report by BleepingComputer. One of the affected sites is linked to a global company valued at $40 billion, highlighting the extensive reach and potential impact of this intrusion.
The attackers injected a backdoor into the Magento extensions, granting them unauthorised access to the websites utilising these plugins. Remarkably, this backdoor remained dormant for six years before being activated last month. The prolonged dormancy suggests a meticulously planned operation, aiming to infiltrate as many systems as possible before detection.
Magento is a widely used open-source e-commerce platform that allows online retailers to customise their websites through various extensions. While these extensions enhance functionality, they can also introduce vulnerabilities if not properly vetted and secured. This incident underscores the risks associated with third-party plugins and the importance of maintaining strict security protocols.
Website owners and administrators using Magento are urged to review their installed extensions immediately. It’s crucial to ensure all plugins are from reputable sources and to keep them updated. Regular security audits and monitoring can help detect unusual activities early, minimising potential damage.
This event serves as a stark reminder of the evolving nature of cyber threats, especially supply chain attacks that exploit trusted relationships between software providers and users. Businesses must remain vigilant, adopting comprehensive cybersecurity measures to protect their assets and customer data in an increasingly digital marketplace.
Source: Backdoored Magento plugins hit 1,000 online stores
Author: SC Staff
