A new hacking attack is targeting eCommerce websites, including WooCommerce, Shopify, Magento, and WordPress. Akamai researchers have discovered a new Magecart-style web skimmer campaign that targets digital commerce websites to steal personally identifiable information (PII) and credit card details.

Magecart attacks work by exploiting vulnerabilities in eCommerce platforms. On WordPress and WooCommerce, for example, the vulnerability could be in a theme or plugin. On Shopify, it could be an existing vulnerability in the platform itself. The victims of this ongoing campaign are located in North America, Latin America, and Europe, and vary in size.

The attackers are taking advantage of a wide range of vulnerabilities, so there is no single fix that can be applied to all eCommerce sites. Instead, site owners need to be vigilant about patching any vulnerabilities that are found.

If you manage your own website, especially the platforms mentioned above, here are some key tips for protecting your eCommerce site from Magecart attacks:

• Keep your software up to date. This includes the ecommerce platform itself, as well as any themes or plugins you use.
• Use a security plugin. There are a number of security plugins available for ecommerce platforms, such as Wordfence and Sucuri. These plugins can help to detect and block malicious activity.
• Be careful about what information you collect from users. Only collect the information that you absolutely need.
• Encrypt sensitive data. This includes credit card numbers, email addresses, and passwords.
• Monitor your site for suspicious activity. Use a web analytics tool to track traffic to your site and look for any unusual patterns.

Based on the vulnerabilities associated with eCommerce software that is open source, it is worthwhile to review the reasons why proprietary (closed source) software may be a better option for your distribution or manufacturing company:

• Limited access to source code: Proprietary software is not open source, so only a select group of people have access to the source code. This makes it harder for hackers to find and exploit vulnerabilities.
• Regular security updates: Proprietary software vendors regularly release security updates to fix vulnerabilities. This helps keep the software secure and up to date.
• Expertise: Proprietary software vendors often have a dedicated team of security experts who specialize in finding and fixing vulnerabilities. These experts have a deep understanding of the software and how to secure it.
• More control over updates: Proprietary software vendors have control over when and how updates are released. This allows them to quickly patch security vulnerabilities and ensure the software remains secure.
• Better documentation: Proprietary software vendors typically provide more comprehensive documentation compared to open source software vendors. This documentation helps developers understand how the software works and how to secure it.

Choosing between open source and proprietary software is an important decision that should be made on a case-by-case basis. There are advantages to both options, such as the flexibility and collaborative nature of open source software, and the security and support provided by proprietary software. Factors like budget, technical requirements, and support needs should be carefully considered before a final decision is made.

To read more about this security threat visit Akamai.

To learn more about the advantages of proprietary B2B eCommerce software, visit Channel Software.