Ray-Ban, National Geographic, Whirlpool, and Segway are just a few of the thousands of global brands whose online stores have recently been compromised.
View WhitepaperRay-Ban, National Geographic, Whirlpool, and Segway are just a few of the thousands of global brands whose online stores have recently been compromised. These breaches are the result of criminals exploiting the CosmicSting vulnerability, a flaw in Adobe's Commerce and Magento software, which allows attackers to steal shoppers' payment information and other sensitive data.
CosmicSting, officially known as CVE-2024-34102, is a serious security issue that has allowed cybercriminals to tamper with websites, stealing user data as people shop online, allowing them to steal credit card details and collect login credentials and other customer information from compromised web pages.
In just a few months, cybercriminals have used CosmicSting to exploit 4,275 online merchants using Adobe Commerce and Magento, according to a report from Sansec, an eCommerce monitoring firm. The attacks have been co-ordinated by at least seven distinct cybercrime groups, each vying for control of compromised sites, sometimes even engaging in turf wars over who gets access to stolen data.
CosmicSting is classified as an unauthenticated XXE (XML External Entity) vulnerability with a critical CVSS score of 9.8 out of 10. This flaw allows attackers to inject malicious JavaScript into checkout pages, intercepting payment information and other data as customers input it.
The problem becomes even more dangerous when CosmicSting is combined with another flaw, CVE-2024-2961, a buffer overflow in the glibc library on Linux systems. This can lead to remote code execution, allowing attackers to install backdoors on compromised systems for persistent control. Although Adobe patched CosmicSting in June 2024, automated attacks had already begun before the fix was widely applied.
Another issue is that unlike most Magecart attacks where the first successful cyber criminal to compromise a website would block and prevent other cyber criminals doing the same; the CosmicSting vulnerability does not prevent multiple attackers from exploiting the same site, leading to fights between different groups. Sansec has even reported instances where three different gangs were fighting for control over the same eCommerce site.
The CosmicSting incident serves as a reminder of the critical importance of keeping software up to date. In the case of Adobe Commerce and Magento, a patch for CVE-2024-34102 was released in June, but many merchants had not applied it in time to prevent exploitation, proving timely updates and patches are crucial to protecting sensitive customer data and maintaining the integrity of online businesses.
Staying on top of security patches is important for all businesses. Any delay in patching vulnerabilities like CosmicSting leaves businesses open to devastating breaches that can destroy customer trust, lead to financial losses, and even result in fines. Attackers are constantly developing new ways to exploit weaknesses, and automated tools enable them to scan the web for unpatched sites. For any organisation using eCommerce platforms, having patch management practices is essential.
Any merchants using Adobe Commerce and Magento should take immediate steps to protect their sites by applying patches and monitoring for any signs of compromise. As the frequency and sophistication of attacks increase, businesses must ensure that their security practices evolve to meet these growing threats. By staying up-to-date with the latest security measures, companies can protect their customers and themselves from the dangers lurking online and prevent issues such as this from occurring.