Benjamin Hosack
3 min read

With less than a week to go until Magento 1 End of Life, based on our recent eCommerce “universe” security scan, there are over 218,000 Magento 1 sites yet to migrate.

In fact, only 2,576 Magento 1 websites migrated off Magento 1 last month - the numbers are a lot lower than the payments industry leaders would be happy with.

How to Protect Your Magento 1 Site as End of Life Approaches

We conduct monthly monitoring of the security status of the websites within our eCommerce “universe” dataset - last month we checked over 8.4 million sites within our universe scan and these are the summary results, with a particular focus on Magento 1:

Total number of Magento 1 sites being monitored: 218,722

CRITICAL RISK sites: 3,166
(Note: CRITICAL RISK means the site is hacked and payment data is being actively stolen right now)

CRITICAL Risk Magento 1: 2,040
Most prevalent card harvesting malware: Skimmers (over 3,000 found in 3,166 hacked sites)

Sites at HIGH RISK of being hacked: 708,451
HIGH RISK Magento 1: 206,021

The facts are that:

  • Magento 1 sites make up 64% of the hacked sites globally - we’re talking about hacked sites with active theft of payment card data taking place.
  • 95% of Magento 1 sites are categorised as either HIGH or CRITICAL Risk.
  • Criminals are targeting Magento 1 - there is no doubt about this.

What else?

Both Visa and Mastercard have said that they will not accept Magento 1 sites as being PCI Compliant, without compensating controls.

So what does this mean for Magento 1 websites?

  • In short, the criminals are targeting these sites as most of them are exhibiting some form of weakness/vulnerability from a security perspective.
  • The industry is getting increasingly concerned that the numbers of breached Magento 1 websites is going to increase and possibly accelerate as time passes.
  • Magento 1 websites need to weigh up their options if they haven’t done so already.

Migration is a challenge - we understand, from speaking with a large number of merchants, that migration from Magento 1 to Magento 2 is the easiest option, but even then it needs careful planning, and consideration to ensure that the site is successfully migrated across. Without losing the years of investment in SEO and so on… In short, migration is vital, but it needs time, planning and care.

What do Magento 1 websites do in the meantime?

Our advice is to secure and insure.

Your business may not be migrating before the End of Life deadline in a week, but you can take steps to ensure you are mitigating the risks. We’re here to help - we have well over a decade experience in helping eCommerce businesses defend against criminals and we’d be very happy to help you too.

For more information check out our Foregenix WebScan Industry Update June 2020 and join our
Magento 1 End of Life: How to Avoid Card-harvesting Malware Breaches webinar on 29th Jun 2020.

 

 

Subscribe to our Blog

Contact Us

Access cybersecurity advisory services

 

Benjamin Hosack
Benjamin Hosack

Benj Hosack is a Director and co-Founder of Foregenix Limited. Foregenix is a specialist information security business delivering services in Forensics, PCI DSS, PCI P2PE, PA-DSS and information security solutions within the Payment Card Industry. Our technologies are designed to simplify security and PCI Compliance. Specialties: Cardholder Data Discovery - defining and reducing PCI DSS Scope / PA-DSS / PCI DSS / P2PE / Account Data Compromise Investigations. We are specialists in the Payment Card Industry and work with all types of companies in the payment chain (Acquiring banks, Processors, hosting providers, web designers, merchants, systems integrators etc).

See All Articles
SUBSCRIBE

Subscribe to our blog

Security never stops. Get the most up-to-date information by subscribing to the Foregenix blog.