New CosmicSting Exploit Targets Adobe Commerce and Magento Stores

A new cybersecurity threat, dubbed CosmicSting, is wreaking havoc on Adobe Commerce and Magento stores. Exploiting a critical vulnerability (CVE-2024-34102), attackers are using remote code execution to infiltrate e-commerce platforms, steal sensitive data, and compromise entire systems.

  • 5% of Adobe Commerce and Magento stores compromised due to the CosmicSting vulnerability (CVE-2024-34102), a critical flaw rated 9.8 on the CVSS scale.
  • The vulnerability allows remote code execution by exploiting an improper restriction of XML external entity (XXE) reference, enabling attackers to gain full system control.
  • The U.S. CISA added CosmicSting to its Known Exploited Vulnerabilities (KEV) catalog in July 2024 due to widespread attacks.
  • Attackers are stealing Magento's secret encryption key to generate administrative API access tokens, allowing for further exploitation via Magento REST API.
  • CosmicSting has been chained with CNEXT (CVE-2024-2961) to escalate attacks, allowing attackers to take over entire systems through remote code execution.
  • Companies such as Ray Ban, National Geographic, Cisco, Whirlpool, and Segway have fallen victim to this exploit, with at least seven distinct threat actor groups involved in the attacks.
  • Groups Bobry, Polyovki, Surki, Burunduki, Ondatry, Khomyaki, and Belki are using various techniques, including JavaScript injection, skimmer malware, and covert access to steal payment data.
  • The attacks are happening at a rate of three to five compromises per hour, according to Dutch security firm Sansec.

CosmicSting highlights the growing threat landscape targeting e-commerce platforms, especially Adobe Commerce and Magento stores. Businesses must prioritize cybersecurity by upgrading to the latest versions, rotating encryption keys, and invalidating old ones to defend against these sophisticated exploits.

Net Protector Cyber Security offers comprehensive protection through advanced endpoint security, web security, real-time threat monitoring, and data loss prevention (DLP) to keep your digital assets secure from such attacks.