Magento 1 end of life
E-commerce business owners using Magento 1x need to be aware. All Magento 1 shops are at the end of life. What does that mean? It doesn't mean everyone using Magento will have their e-commerce sites shut down or that you will no longer be able to make transactions using Magento 1.
But it does mean that Magento 1 will no longer receive official and important security patches, updates or support. As of June 30, 2020, anyone still using a Magento 1 is potentially open to shopping cart webpage vulnerabilities because it is no longer supported, patched, or updated.
SecurityMetrics vulnerability assessment scanners have been updated to check for Magento 1 users. As of August 6th, anyone who still has Magento 1 running on their servers will fail the SecurityMetrics vulnerability assessment scan.
Transition from Magento 1 to Magento 2
Reasons why you should upgrade to Magento 2:
1. Your online store is now at risk.
- Security holes and vulnerabilities will no longer be fixed. This leaves your website open to attack. Your website and customer data could be at risk.
- If breached, you will be responsible for the loss of data, which could lead to large fees.
2. Your business reputation is at risk. You could lose customers as they fear for the security of their information.
- You will no longer be able to pass security scans:
- Your merchant bank may drop you as you pose a security risk. You will no longer be able to process credit cards.
Ecommerce web skimming and Magento 1
If you are using Magento 1, we urge you to update to a safe and approved version that is supported.
Cybercriminals know when your patches and software support expire, and they count on the resulting vulnerabilities to perform coordinated zero-day exploits. End of life for Magento 1 is no different, and hackers have been targeting Magento 1 shops with “Magecart” attacks.
While web skimming attacks take place in a third party’s code, it’s more important than ever to use tools that enhance the code review process because it’s not a perfect process. Director of Penetration Testing, Chad Horton ( ), explained this concept in our recent SecurityMetrics Summit Keynote Address:
“We often hear customers say, ‘We review our own code and we have OWASP training, so we know what we’re looking for.’ But what comes to mind is the fact that open SSL had a hard bleed in the code for two-and-a-half years before it was discovered. The Linux kernel released in May of this year had vulnerabilities that had been present for over 30 years. And I can guarantee that code had many eyes on it.”
Watch the entire Summit 2020 Keynote here.
Ecommerce web skimming solutions
Web skimming is difficult to detect and prevent because it takes place outside of servers and firewalls, in the rendered code of the client-side browser. Additionally, traditional security tools and policies were not designed to detect web skimming or to work in dynamic environments like online retail shopping carts.
SecurityMetrics' Analysts discovered the root of these attacks and have developed a patented web skimming solution: Webpage Integrity Monitoring (WIM) technology. WIM technology can detect web skimming at the moment it is triggered and will alert a merchant if a webpage has been compromised.