Tuesday, January 26, 02:27
Home security Magento adds 2FA for protection against card skimming attacks

Magento adds 2FA for protection against card skimming attacks

Adobe has added two-factor authentication (2FA) across the Magento platform in response to the growing number of attacks where skimmer scripts are being developed on compromised e-commerce sites to steal customers' cards.

"Using 2FA security will better protect you from malicious users trying to make unauthorized connections to three different sections: Magento.com, Cloud Admin and Magento Admin accounts," says Adobe.

magento 2FA

The Magento 2FA extension supports many authenticators, including key indicators Google Authenticator, Authy, Duo and U2F. 2FA is only valid for Magento Admin users and is not available for client accounts at e-shop.

This 2FA extension will be automatically installed as a Core Bundled Extension (CBE) when you install or upgrade to Magento Open Source or Commerce 2.4.X.

Violated admin accounts account for 75% of Magecart attacks

According to the Adobe Security Operations team, about 75% of all cyber attacks (also known as Magecart or e-skimming) are caused by attackers who were able to develop skimmer card scripts on Magento Commerce sites through infringing account admin.

Hackers funded by various states are also involved in such attacks, according to security company Sansec, which recently discovered that the North Korean hacking team Lazarus (Hidden Cobra) steals payment card information from customers of major US and European retailers for at least a year.

With 2FA, Magento administrators will have an extra level of authentication to reduce the chance of being hacked by hackers access on websites.

“While 2FA in Magento Admin is optionally available to all supported publications of Magento Commerce, starting with the release of 2.4, 2FA will be enabled by default for Magento Admin and can not be disabled ", explains Adobe.

Magento admins must first configure 2FA before logging in to their administrator accounts via UI or one web API.

More information on the new Magento Admin 2FA functionality that will be released soon can be found on the Two-Factor Authentication DevDocs page.

Online marketers are encouraged to upgrade to Magento 2.x

Visa payment processor urged merchants in April to transfer the online stores in Magento 2.x before the Magento 1.x platform reaches the end of its life in June 2020, to avoid exposing their customers to Magecart attacks and to prevent them from falling out of PCI DSS compliance.

Because there will be no security fixes from Adobe for Magento 1 once its life cycle is closed, “any sites that failed to migrate will be vulnerable to security breaches and will have increased risk for safety payment card data ", Visa explained.

The US Federal Bureau of Investigation (FBI) issued a separate warning in October 2019 to increase the sensitization on Magecart 's threats targeting both small and medium-sized enterprises as well as government agencies that process online payments.

The FBI He also advised online store owners to keep their software up to date, identifying it as one of the key mitigation measures against attacks.

BuiltWith Web stats website shows more than 191.000 live Magento installs, of which approximately 67.000 are Magento 2.x stores.

Adobe said in September 2018, when it announced that Magento 1 would reach the end of its life in June 2020, that approximately 8.000 websites were moving to Magento 2 every quarter.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.



COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...