Akamai: Hackers Exploiting Known Magento Vulnerability
Researchers from Akamai have detected “an ongoing server-side template injection campaign” targeting Magento 2 shops that have not been patched against an input validation flaw for which a patch was released in February 2022. Akamai says that this particular campaign. Has been ongoing since at least January 2023.
Akamai’s good news is that Web App Firewall filters were effective against the attack and they only saw a small number of targets. But, Magento has been a major target for almost a decade now - going unpatched for 18 months is reckless behavior.
Make sure that you're applying patches and you have a WAF in active (non-learning) mode. Even if you've applied the updates you should check for the IOCs as this vulnerability dates back to January. If you've outsourced web/app services to a provider, make sure that you understand what security checks and updates they do, versus your responsibilities, as well as verifying that any notifications are appropriately routed, preferably not to a single point of failure.
This story highlights two things: 1) the importance of an organization knowing its environment; and 2) the criticality of having an effective patch management process. Knowing your environment has three components: identifying all hardware, all software, and the location of all sensitive data on the network. That is extremely important when it comes to maintaining software updates. If you don’t do either particularly well, you become a statistic.
I would say patch, but I suspect the people affected by this will not patch anytime soon. At least not until rampant fraud, theft, or ransomware affects the site they are neglecting. My dad was an auto mechanic. Most people need to be made aware of how to deal with car maintenance. I suspect most store owners will also be unaware of website maintenance, but not in this respect.