Subscribe to our Blog
We also have a very active Threat Intelligence Group finding and analysing new threats to keep our clients safe. One of our solutions that benefits from this Threat Intel feed is called ThreatView - initially designed as a free scanner for website owners to get a quick understanding of their website security posture, we now monitor the security status of over 12,000,000 websites each month. It uses every single “Indicator of Compromise” our team has gathered through 10 years of forensic work and intensive Threat Intelligence research - as a side note, as a result of all this exposure on “front lines”, we believe we have the most comprehensive capability to detect “badness” in websites, globally.
If you would like to conduct a Magento Security Scan for the latest threats targeting Magento - here's where you can access our technology:
This unique visibility into the eCommerce landscape around the world helps us to see early trends on new malware, understand which platforms/frameworks are being targeted and how many - and which - sites are hacked with payment data being stolen transaction by transaction.
How we can help
One of the most versatile and powerful frameworks out there - Magento - is the current target (and has been for some time).
Having analysed the various reasons why these Magento sites are getting hacked, it’s clear that developers and website owners simply need some basic cybersecurity education to change the risk profile of their sites. We’re not talking major changes or "AI-led, expensive" security.... we’re talking about changing the defaults when setting up the site, using multi-factor authentication (arguably one of the best bang for buck controls) and keeping the website up to date.
With Magento 1 having reached End Of Life in June 2020, the challenge for websites sticking to Magento 1 is that they are going to need to do more to mitigate risk as Magento will not be releasing any more security patches.
We are tracking the security status of Magento 1 sites around the world and, at the time of writing this, there are over 200,000 Magento 1 sites still transacting (at the time of update in June 2023, there are still 81,679 sites still on Magento 1).
So, we have produced an industry resource for them - free advice and a regularly updated Website Security Report, so that the whole industry can see the numbers of site compromised, which platforms are being targeted, the high risk numbers, source of malware and so on.
You can download the report here. No gate, no email required - it’s a free resource for you.
We hope it helps.
If you need anymore information on it, please get in touch hello@foregenix.com.
Benjamin Hosack
Benj Hosack is a Director and co-Founder of Foregenix Limited. Foregenix is a specialist information security business delivering services in Forensics, PCI DSS, PCI P2PE, PA-DSS and information security solutions within the Payment Card Industry. Our technologies are designed to simplify security and PCI Compliance. Specialties: Cardholder Data Discovery - defining and reducing PCI DSS Scope / PA-DSS / PCI DSS / P2PE / Account Data Compromise Investigations. We are specialists in the Payment Card Industry and work with all types of companies in the payment chain (Acquiring banks, Processors, hosting providers, web designers, merchants, systems integrators etc).
See All Articles