At least seven criminal groups are responsible for a significant increase in TrojanOrders attacks on Magento 2 websites, which exploit a flaw that allows malicious actors to infect vulnerable servers.
Sansec, a website security firm, said that the assaults target nearly 40 percent of all Magento 2 websites, with cybercriminal gangs battling to control affected pages.
The holiday season
The trend is predicted to continue as we approach Christmas, when internet retailers are at their busiest and most vulnerable. The TrojanOrders attack is named after the major Magento 2 CVE-2022-24086 vulnerability, which allows unauthorized attackers to execute arbitrary code and inject remote access trojans (RATs) on unpatched websites.
Adobe patched CVE-2022-24086 in February 2022, but Sansec claims that many Magento sites are still vulnerable. According to the security firm, about one in three Magento and Adobe Commerce stores have yet to be patched thus far.
Analysts at Sansec believe there are various causes for the recent spike in attacks using this vulnerability. First, even ten months after the updates were released, many Magento 2 sites remain unpatched.
Second, PoC (proof of concept) exploits have long been accessible, allowing exploit kit developers to include them in tools sold to unskilled hackers. These exploit kits are so plentiful that they can be purchased for as little as $2,500, even though they reportedly cost between $20,000 and $30,000 earlier this year.
Finally, the timing is optimal since websites see higher traffic in the period leading up to Christmas, which means fraudulent orders and code injections can go unnoticed.