• By Sundar
  • July 25, 2024

  • 3 mins, 21 secs

Don’t Get Hacked! A Guide to Protecting Your Magento Store from CosmicSting

75% of Magento sites to be impacted by CosmicSting attack
A critical security vulnerability known as the CosmicSting attack has recently come to light, posing a severe threat to Adobe Commerce and Magento stores. It has been found that only 25% of Magento stores have taken steps to mitigate this top-tier emergency while the remaining 75% are prone to this catastrophic attack. This blog outlines the nature of the CosmicSting attack, its severity, the current status of its exploitation, and a comprehensive risk mitigation plan to safeguard your store.

CosmicSting attack

The CosmicSting attack refers to the vulnerability that allows unauthorized individuals to access private files, including those containing passwords within your Magento stores. This loophole opens doors to endless risks and security breaches.

CosmicSting + ‘iconv’ Linux bug = Catastrophic threats

When combined with the recent ‘iconv’ bug in Linux, the situation can escalate to a severe security breach. The consequences of this escalated vulnerability are unimaginable and extremely disastrous.

What could attackers possibly do with this unauthorized access?

Wondering why CosmicSting is so concerning? Take a look at the potential risks associated with this unresolved vulnerability; the attackers can—

  • get complete control of your store,
  • steal customer data,
  • inject malware,
  • disrupt operations
  • execute mass hackings
  • execute XML external entity injection (XXE)

The Severity & Underlying Implications

Here’s the breakdown of the severity of the CosmicSting attack:

High Severity: The vulnerability has a CVSS score of 9.8, indicating a critical risk.

Past Incidents: Similar vulnerabilities in Magento’s history have hacked tens of thousands of stores. If the security patch is not applied efficiently on time, your store will be one of them.

Remote Code Execution: When combined with the Linux bug, attackers can potentially take complete control of your store remotely.

Automation Potential: Attackers can exploit the vulnerability without requiring any interaction from the user. The exploit can be automated, increasing the risk of mass-scale attacks. The implications are vast, including potential mass hacks on a global scale.

Current Status

Reports indicate that attackers have begun actively scanning and exploiting the vulnerability. Here’s a timeline of key events:

  • June 23rd: Researchers discover the attack and its severity. As a quick resolution, an emergency fix has been suggested.
  • June 27th: Adobe releases an official isolated security patch applicable to Magento versions as far back as 2.2.0.
  • As of July 11th, despite the critical nature of this vulnerability, only 25% of Adobe Commerce and Magento stores are found to have applied the necessary security patch.

Risk Mitigation Plan

Here’s a recommended course of action to protect your Adobe Commerce store from CosmicSting:

#1 Understand the threat

It is crucial for store owners and administrators to fully understand the severity and underlying consequences of the CosmicSting attack.

#2 Emergency fix

Initially, an emergency fix was provided to address the vulnerability before Adobe released their official one. Here is the emergency fix; remember you should eventually replace it with the official Adobe patch:

if (strpos(file_get_contents(‘php://input’), ‘dataIsURL’) !== false) {
header(‘HTTP/1.1 503 Service Temporarily Unavailable’);
header(‘Status: 503 Service Temporarily Unavailable’);
exit;
}

#3 Apply Magento’s isolated security patch

If you are looking for a permanent solution with long-term security, you must immediately apply the isolated security patch provided by Adobe. This patch can be applied to installations from Magento 2.2.0 onwards without requiring any upgrade.

#4 Switch to ‘Report-Only’ mode

Upgrading to the latest version might disrupt checkout functionality. Consider enabling “Report-Only” mode first. This allows you to identify incompatible modules before a full upgrade becomes necessary.

#5 Enable CSP monitoring

Content Security Policy (CSP) monitoring helps detect script injection attempts. Many agencies, including ours, offer free CSP monitoring services which can be set up and executed quickly.

#6 Seek professional help

Following these steps can significantly reduce the risk of your store being compromised by the CosmicSting attack. However, given the severity of the CosmicSting attack, seeking professional help to secure your Magento store is advisable.

Looking for expert professional assistance? Our agency has a wealth of vetted talents and security specialists who can guide you through this complex process. Book a free demo with our Magento experts today.