Subscribe to our Blog
As a forensic specialist in the Payment Card Industry, Foregenix has assisted a great deal of hacked organisations over the years - our express aim being to understand what was stolen, how and to ensure that the business is secure going forward.
The eCommerce space has been particularly interesting over the last few years - it now easily makes up the bulk of our forensic cases. Granted, the investigations we perform on banks and payment processors are much bigger and make up a greater portion of our forensic revenues, but in terms of shear volumes of organisations getting hacked, the eCommerce sector is easily the sector facing the greatest challenge.
Off the experience we’ve built over a decade of investigating eCommerce breaches, we have built a scanning technology that uses the latest threat intelligence from our Forensic team to help eCommerce businesses understand their risk level.
This technology is available for a free scan at https://www.foregenix.com/webscan.
We now regularly monitor ~9 million website around the world, enabling us to see new trends, malware breakouts and rapidly developing threats.
The Magento community is one of the most targeted communities within the eCommerce sector. Over 85% of the breaches we’ve investigated in the last 12 months were on Magento websites. We’ve published various reports about our results around Magento getting targeted and we often see those reports being shared by all of Magento’s competitors, obviously looking for an angle to attack their biggest competitor.
MAGENTO IS NOT THE PROBLEM.
The problem is invariably due to how the site is/is not being managed, how it was set up and other basic security controls, which could be implemented simply, quickly and very cheaply (some even free!). Magento is being targeted because it is the leading eCommerce platform - great market penetration - this means the criminals have a lot of targets to aim at. The challenge is that most websites are not being maintained from a security perspective, making them easy to break into.
Magento is a market leader for very good reason - and like all software, it has bugs and vulnerabilities from time to time. Magento has been very good at getting patches released to address these vulnerabilities and they continue to put out useful security advice to the community.
Supporting the Magento Community
After attending Meet Magento in June 2019, meeting the community and talking about our forensic experiences, we’d like to support the community by providing educational aids - and of course our free scanner for malware - all based on our experience with assisting hacked Magento websites.
To support the community, we will be putting out educational webinars for developers and website owners to learn about simple changes they can make to their Magento website to secure their business.
Top Tips for Magento Developers
Download the slides from our “Top Tips for Magento Developers” webinar.
No sales pitch, no BS - just direct feedback from our forensic team.
Please join us - share this presentation with your colleagues and contacts - the more that the community understands how to implement basic security, the healthier the community will be.
Thank you for reading this and please feedback to us on topics you'd like to us to cover.
Benjamin Hosack
Benj Hosack is a Director and co-Founder of Foregenix Limited. Foregenix is a specialist information security business delivering services in Forensics, PCI DSS, PCI P2PE, PA-DSS and information security solutions within the Payment Card Industry. Our technologies are designed to simplify security and PCI Compliance. Specialties: Cardholder Data Discovery - defining and reducing PCI DSS Scope / PA-DSS / PCI DSS / P2PE / Account Data Compromise Investigations. We are specialists in the Payment Card Industry and work with all types of companies in the payment chain (Acquiring banks, Processors, hosting providers, web designers, merchants, systems integrators etc).
See All Articles