In a disturbing development for e-commerce security, cybersecurity experts have revealed that threat actors are actively exploiting the CosmicSting vulnerability (CVE-2024-34102) to compromise 3 to 5 websites per hour.
This critical security flaw, which affects Adobe Commerce and Magento platforms, has been dubbed the worst bug to hit these systems in two years.
The CosmicSting vulnerability, assigned a severity score of 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS), allows attackers to read any file on the targeted server, including sensitive information like passwords and encryption keys.
This access enables malicious actors to modify CMS blocks via the Magento API and inject harmful JavaScript code, potentially leading to customer data theft.
Security researchers at Sansec, a firm specializing in e-commerce security, have been monitoring the situation closely. They report that stores running vulnerable versions of Adobe Commerce and Magento are being targeted at an alarming rate.
Analyse Any Suspicious Files With ANY.RUN: Intergarte With You Security Team -> Try for Free
CosmicSting vulnerability Exploited in Wild
To be Commerce and Magento 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, and 2.4.4-p8 and earlier.
The typical attack strategy involves stealing the secret encryption key from the app/etc/env.php file. With this key, attackers can generate a JSON Web Token (JWT) that grants unrestricted access to the Magento API.
They then proceed to inject malicious scripts into CMS blocks, which can be used to steal customer data, including payment information.
What makes this vulnerability particularly dangerous is its potential to be combined with another security flaw (CVE-2024-2961). This combination allows attackers to execute code directly on the compromised servers, potentially installing backdoors for persistent access.
The timeline of events surrounding CosmicSting is alarming. Adobe initially released a fix on June 11th, 2024, with a low severity rating.
However, as the true impact of the vulnerability became apparent, the severity rating was progressively increased. By July 8th, it had been elevated to critical status.
Despite these warnings, many e-commerce sites remained unpatched, leaving them vulnerable to exploitation. Security experts have identified at least eight different groups actively exploiting the CosmicSting vulnerability.
These groups employ various tactics, from injecting custom payment forms to using obfuscation techniques to hide their malicious code. Some attackers are specifically targeting high-profile stores, including household brands.
The rapid pace of these attacks – 3 to 5 websites compromised per hour – underscores the urgent need for affected businesses to take immediate action.
Experts strongly recommend that all Adobe Commerce and Magento store owners upgrade their installations to the latest version (2.4.7-p2) as soon as possible.
For those unable to upgrade immediately, applying the isolated patch provided by Adobe is crucial.
Additionally, it’s vital for businesses to assume their old encryption keys may have been compromised. Security professionals advise generating new keys and invalidating old ones to prevent further abuse.
As the situation continues to evolve, e-commerce businesses must remain vigilant and prioritize their cybersecurity measures.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)