September 8, 2020
A 2020 study by IBM reveals the average cost of a data breach is $3.86 million, while the average time to identify and contain a breach is 280 days. Malware and digital skimming are among the most common attack vectors for eCommerce sites. According to a recent malware scan run by Sansec:
• Credit card skimming malware was detected on 8,170 unique stores across all platforms.
• 82% of stores that had malware were running an unsupported version of product.
• 24% of all affected stores suffered multiple malware incidents. This suggests that one out of four merchants are unable to identify the root cause and, as such, unable to close unauthorized access.
• On average, skimming malware was present on compromised stores for 13.2 days.
At Adobe, we are committed to helping companies deliver secure shopping experiences to their customers. We are improving our threat detection tool to help our customers proactively identify potential threats to their web stores.
Magento Security Scan Tool
This Magento Security Scan tool is an important part of Adobe’s strategy to help Magento Commerce and Magento Open Source merchants enhance security for their storefronts. The Security Scan tool will help merchants identify:
• Potential malware and vulnerabilities on the web store
• Out-of-date security patches
• Potentially vulnerable extensions
• Digital skimming injections
• Security misconfigurations
• More streamlined guidance on Magento Commerce security best practices
If potential threats are identified, the Magento Security Scan tool can alert the admin through an automated email notification.
Partnership with Sansec
Adobe has partnered with Sansec, a leading security company specializing in helping to prevent digital skimming. Through this partnership, Adobe will be adding about 9,000 malware and vulnerability signatures to the Magento Security Scan tool. Each of these signatures has undergone a multistage testing and validation process before being added to the scan tool. Every week Sanguine Security’s research team analyses 200 to 300 known eCommerce attacks. This information produces a valuable stream of possible attack vectors and indicators of compromise (IOCs). This data is continuously fed as threat signatures into our enhanced Security Scan tool, leading to approximately 300 new signatures added monthly.
Setting up the Security Scan tool
The Security Scan tool is free to use for any version of Magento Commerce, Magento Open Source customers, and partners in the Adobe Solution Partner Program and Adobe Exchange Partner Program. Merchants and their teams, including authorized developers, can access the enhanced scan tool directly by logging into their Magento accounts and choosing Security Scan. It is very easy to register your site to the scan tool and monitor your site on a daily, weekly, or on-demand basis.
Benefits of the Security Scan tool enhancements
The enhanced scan tool will help customers:
• Get real-time insights into the security status of their Magento store and suggests best practices that may assist in fixing the issue.
• Run over 17,000 security tests to help identify potential malware on their webstore.
• Get access to historical security reports of their Magento sites to track and monitor their progress over time.
• Get access to the scan report that shows the successful and failed checks and recommended further action, if any.
Adobe encourages merchants to enable the Magento Security Scan tool on all production storefronts. Detailed documentation on setting up scan tool is available here.
You can sign up for the Security Scan Tool here.