With Adobe officially ending support for its popular ecommerce platform Magento 1, attackers are likely chomping at any opportunity to exploit undisclosed vulnerabilities in Magento 1.
Here’s a comment from Satnam Narang, Staff Research Engineer at Tenable.
“It’s been nearly two years since Magento, one of the most popular e-commerce solutions, announced that Magento 1, both the Community and Commerce versions, would reach end of life at the end of June 2020. This lead time gave site owners an opportunity to prepare and, hopefully, transition to Magento 2, which is supported.
Cybercriminals have routinely targeted Magento sites as part of Magecart attacks, where they inject malicious code into the sites in order to steal payment card information from victims’ customers. With Magento releasing its final batch of security fixes on June 22, attackers are likely chomping at the bit to exploit any undisclosed vulnerabilities in Magento 1. It is imperative that Magento site owners upgrade to Magento 2 for continued security updates or transition to another eCommerce solution that is still supported.”