Cybersecurity Insights

Benjamin Hosack

Magento 1 End of Life - With one week to go, here are the facts.

24/06/20 12:22

With less than a week to go until Magento 1 End of Life, based on our recent eCommerce “universe” security scan, there are over 218,000 Magento 1 sites yet to migrate.

In fact, only 2,576 Magento 1 websites migrated off Magento 1 last month - the numbers are a lot lower than the payments industry leaders would be happy with.

We conduct monthly monitoring of the security status of the websites within our eCommerce “universe” dataset - last month we checked over 8.4 million sites within our universe scan and these are the summary results, with a particular focus on Magento 1:

Total number of Magento 1 sites being monitored: 218,722

CRITICAL RISK sites: 3,166
(Note: CRITICAL RISK means the site is hacked and payment data is being actively stolen right now)

CRITICAL Risk Magento 1: 2,040
Most prevalent card harvesting malware: Skimmers (over 3,000 found in 3,166 hacked sites)

Sites at HIGH RISK of being hacked: 708,451
HIGH RISK Magento 1: 206,021

The facts are that:

  • Magento 1 sites make up 64% of the hacked sites globally - we’re talking about hacked sites with active theft of payment card data taking place.
  • 95% of Magento 1 sites are categorised as either HIGH or CRITICAL Risk.
  • Criminals are targeting Magento 1 - there is no doubt about this.

What else?

Both Visa and Mastercard have said that they will not accept Magento 1 sites as being PCI Compliant, without compensating controls.

So what does this mean for Magento 1 websites?

  • In short, the criminals are targeting these sites as most of them are exhibiting some form of weakness/vulnerability from a security perspective.
  • The industry is getting increasingly concerned that the numbers of breached Magento 1 websites is going to increase and possibly accelerate as time passes.
  • Magento 1 websites need to weigh up their options if they haven’t done so already.

Migration is a challenge - we understand, from speaking with a large number of merchants, that migration from Magento 1 to Magento 2 is the easiest option, but even then it needs careful planning, and consideration to ensure that the site is successfully migrated across. Without losing the years of investment in SEO and so on… In short, migration is vital, but it needs time, planning and care.

What do Magento 1 websites do in the meantime?

Our advice is to secure and insure.

Your business may not be migrating before the End of Life deadline in a week, but you can take steps to ensure you are mitigating the risks. We’re here to help - we have well over a decade experience in helping eCommerce businesses defend against criminals and we’d be very happy to help you too.

For more information check out our Foregenix WebScan Industry Update June 2020 and join our
Magento 1 End of Life: How to Avoid Card-harvesting Malware Breaches webinar on 29th Jun 2020.

 

 

TRENDING POSTS

Ewan Gardner
Serious Vulnerability Discovered in Adminer database Administration Tool
18/01/19 17:19

Foregenix are warning all their partners this morning about a vulnerability discovered in the ...

Read More
Ewan Gardner
Anatomy Of A Magento Attack: Froghopper
07/08/17 14:51

  Magento is the most popular eCommerce web application in the world, with an estimated 236,000 ...

Read More