Blog

Understanding the CosmicSting Hack: Risks, Vectors, and Protection for Your Website

Published by Pinblooms on
CosmicSting

Understanding the CosmicSting hack attack represents a critical vulnerability impacting Magento stores, where unauthorized access can lead to breaches of highly sensitive data, including passwords and customer information. This vulnerability has exposed stores to a heightened risk of exploitation, necessitating immediate action from store owners to secure their platforms.

Combining Threats: CosmicSting Hack and the ‘iconv’ Linux Bug

A compounding factor to the CosmicSting threat is the recent discovery of a bug within the Linux ‘iconv’ function. When Cybersecurity threat is chained with this iconv vulnerability, the results can be
catastrophic, potentially allowing for full system control by attackers. The risks posed by CosmicSting alone are concerning, but the combination of these two vulnerabilities amplifies the
threat to a severe degree.

Potential Damage from Unauthorized Access

Wondering how this vulnerability could impact your store? Here’s a look at what attackers could achieve if they exploit the CosmicSting vulnerability:

  • Full Control: Attackers could gain complete access to your store.
  • Customer Data Theft: Personal and payment information could be exposed.
  • Malware Injections: Malicious code could be embedded into the site, impacting both customers and business operations.
  • Operational Disruption: System functions, checkout processes, and site availability could be compromised.
  • Mass Hacking Potential: The exploit can be automated, enabling large-scale attacks.
  • XML External Entity (XXE) Injection: Attackers may exploit this vulnerability for remote code execution and data leakage.

Severity and Implications of CosmicSting

This vulnerability has been classified as high severity with a CVSS score of 9.8, underscoring its critical nature. Past Magento vulnerabilities have led to widespread security breaches, affecting
thousands of stores. Here are the main reasons why this attack is of particular concern:

  • Remote Code Execution (RCE): When exploited in conjunction with the iconv bug, attackers can execute commands remotely, gaining direct control over affected stores.
  • Automation-Ready: CosmicSting can be automated by attackers, increasing the likelihood of mass-scale attacks and reducing the need for user interaction.

Timeline of Events and Patch Status

Key Events:

  • June 23: Security researchers identified the vulnerability, urging an emergency fix.
  • June 27: Adobe released an isolated security patch applicable for Magento versions as old as 2.2.0.
  • July 11: Only 25% of Adobe Commerce and Magento stores have applied the patch, leaving many sites vulnerable

Risk Mitigation Plan for Store Owners

A structured approach is critical to defending your Magento store from the CosmicSting attack. Here’s a step-by-step guide to help you secure your store:

  1. Understand the Threat: Gain awareness of the attack’s nature and its potential to impact your business operations and data security.
  2. Emergency Fix (Pre-Adobe Patch): Before Adobe released its official patch, an emergency fix was suggested
    php
if (strpos(file_get_contents('php://input'), 'dataIsURL') !== false) {
header('HTTP/1.1 503 Service Temporarily Unavailable');
exit;
}
  3. This fix should be replaced by Adobe’s official patch for a permanent solution.
  4. Apply Adobe’s Security Patch: Adobe’s isolated patch is a critical measure and can be applied to versions from Magento 2.2.0 and above without needing a full upgrade. Immediate implementation is essential.
  5. Switch to Report-Only Mode: When upgrading, consider enabling “Report-Only” mode first. This allows you to identify any incompatible modules that might disrupt checkout functionality.
  6. Enable CSP Monitoring: Content Security Policy (CSP) monitoring detects malicious script injections. Many agencies offer free CSP monitoring services to set up quickly.
  7. Seek Professional Support: Given the complexity and potential risks, engaging a certified Magento solutions provider can ensure proper patching and ongoing monitoring.

How TheCommerceShop Can Help

TheCommerceShop, a certified Magento solutions partner, offers emergency support for stores facing the CosmicSting threat. With experience in securing over 120 Magento stores, TheCommerceShop can immediately apply Adobe’s fix, helping protect stores from this critical vulnerability.

Vulnerability Summary: CosmicSting and Broader E-commerce Threats

The CosmicSting vulnerability, designated CVE-2024-34102, is classified as an information disclosure flaw. When combined with CVE-2024-2961, a Linux iconv function security issue,
attackers can achieve remote code execution, raising the stakes for affected sites.

Community Impact

E-commerce platforms, particularly within retail and hospitality sectors, are facing heightened risks from CosmicSting. For example, RH-ISAC members using Adobe Commerce or Magento are advised to review CosmicSting intelligence and adhere to suggested mitigations.

Vulnerability Background and Attack Landscape

This critical flaw affects Adobe Commerce 2.4.7 and earlier versions, including various plugins. Security researchers have identified seven major threat groups using CosmicSting to compromise stores, including notable attackers like Polyovki, Surki, and Ondatry. These groups target customer information and Mag

High-Profile Incidents

Notable brands such as Whirlpool, Ray-Ban, and National Geographic have already fallen victim to CosmicSting, underscoring the high-profile nature and scale of the attacks.

Recommended Updates for Adobe Commerce and Magento Users

Administrators should upgrade to the following versions (or later) as soon as possible:

  • Adobe Commerce: Versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9.
  • Adobe Commerce Extended Support: Versions 2.4.3-ext-8 through 2.3.7-p4-ext-8.
  • Magento Open Source: Versions 2.4.7-p1 through 2.4.4-p9.
  • Adobe Commerce Webhooks Plugin: Version 1.5.0.

Sansec has also released a vulnerability checker tool and an “emergency hotfix” to prevent CosmicSting attacks.

Conclusion

The CosmicSting attack presents a severe and urgent threat to Adobe Commerce and Magento stores worldwide. As the situation evolves, proactive measures, such as applying the latest patches, employing emergency fixes, and engaging professional support, are essential for e-commerce security. By taking immediate action, businesses can safeguard their stores from current and future threats posed by CosmicSting and other emerging vulnerabilities.

Comprehensive IT Security and Development Solutions with PinBlooms Technology Pvt Ltd

For advanced protection and comprehensive support, PinBlooms Technology Pvt Ltd offers specialized services, including Magento security, patch application, and ongoing monitoring. We
provide solutions across various IT domains, including Website development, app development, and digital marketing, helping businesses safeguard their digital assets against emerging threats like CosmicSting and beyond

Post Views: 144
Categories