200,000 sites risk having their data compromised due to an exploit in FishPig’s software.

FishPig is a UK-based e-commerce software developer. Organizations use its Magento and WordPress plugins to streamline processes. FishPig recently discovered that attackers had found a backdoor into the security system of its software. The breach has the potential to impact 200,000 sites. The company has recommended updating the current program as a preemptive measure.

Using Rekoobe to attack websites

FishPig detected the breach in June. Attackers used Rekoobe to create a backdoor into FishPig’s paid Magento 2 software. Rekoobe appears to be a harmless SMTP server, but it allows the attacker to remotely send commands like startTLS and take control of the server. Once the attacker has activated the command, Rekoobe becomes a reverse shell that gives the attacker remote access.

“We are still investigating how the attacker accessed our systems and are not currently sure whether it was via a server exploit or an application exploit”, said Ben Tidswell, the lead developer at FishPig. “As for the attack itself, we are quite used to seeing automated exploits of applications, and perhaps that is how the attackers initially gained access to our system. Once inside, though, they must have taken a manual approach to select where and how to place their exploit.”

The exploit spells trouble for FishPig. Along with possible data breaches, the company’s reputation takes a massive hit. The recent increase in data breaches has set off alarm bells for organizations worldwide. According to IBM, the average data breach cost $4.35 million in 2022. Hopefully, FishPig will be able to resolve this issue before more damage is done.

Tip: Heineken shows Splunk is more than IT and security