Cybersecurity Insights | Blog | Foregenix

Let’s help secure the Magento Community - Advice & Resources

Written by Benjamin Hosack | 7/15/20 9:12 AM

What we do - UPDATED June 2023

We have a mission to make cyberspace safe for everyone  and it guides us in all of our client relationships - from card brands, to some of the largest fintech organisations in the world, through to some of the smallest online businesses in the world.

We also have a very active Threat Intelligence Group finding and analysing new threats to keep our clients safe. One of our solutions that benefits from this Threat Intel feed is called ThreatView - initially designed as a free scanner for website owners to get a quick understanding of their website security posture, we now monitor the security status of over 12,000,000 websites each month.  It uses every single “Indicator of Compromise” our team has gathered through 10 years of forensic work and intensive Threat Intelligence research - as a side note, as a result of all this exposure on “front lines”, we believe we have the most comprehensive capability to detect “badness” in websites, globally.

If you would like to conduct a Magento Security Scan for the latest threats targeting Magento - here's where you can access our technology:

 

This unique visibility into the eCommerce landscape around the world helps us to see early trends on new malware, understand which platforms/frameworks are being targeted and how many - and which - sites are hacked with payment data being stolen transaction by transaction.

How we can help

One of the most versatile and powerful frameworks out there - Magento - is the current target (and has been for some time).

Having analysed the various reasons why these Magento sites are getting hacked, it’s clear that developers and website owners simply need some basic cybersecurity education to change the risk profile of their sites. We’re not talking major changes or "AI-led, expensive" security.... we’re talking about changing the defaults when setting up the site, using multi-factor authentication (arguably one of the best bang for buck controls) and keeping the website up to date.

With Magento 1 having reached End Of Life in June 2020, the challenge for websites sticking to Magento 1 is that they are going to need to do more to mitigate risk as Magento will not be releasing any more security patches.

We are tracking the security status of Magento 1 sites around the world and, at the time of writing this, there are over 200,000 Magento 1 sites still transacting (at the time of update in June 2023, there are still 81,679 sites still on Magento 1).

So, we have produced an industry resource for them - free advice and a regularly updated Website Security Report, so that the whole industry can see the numbers of site compromised, which platforms are being targeted, the high risk numbers, source of malware and so on. 

You can download the report here. No gate, no email required - it’s a free resource for you.

We hope it helps.

If you need anymore information on it, please get in touch hello@foregenix.com.