CosmicSting: A Critical Vulnerability Threatening E-Commerce Security

In the ever-evolving landscape of e-commerce, security remains a paramount concern for businesses and consumers alike. Recently, a critical vulnerability known as “CosmicSting” has emerged, posing significant risks to online stores powered by Adobe Commerce and Magento platforms. Despite initial detection of the vulnerability, a surge of attacks has been reported globally, raising alarms about the safety of e-commerce transactions.

Understanding the Threat

The CosmicSting vulnerability, officially designated as CVE-2024-34102, affects several versions of Adobe Commerce, including:

• Version 2.4.7 and earlier
• Version 2.4.6-p5 and earlier
• Version 2.4.5-p7 and earlier
• Version 2.4.4-p8 and earlier

According to research conducted by Sansec, threat actors are exploiting this vulnerability at an alarming rate of 3-5 attacks per hour. The nature of the attack is particularly concerning as it requires no user interaction, making it a silent but deadly threat for unprotected systems. Within just 15 days of Adobe’s initial disclosure, mass scanning operations targeting Adobe Commerce stores were launched worldwide. Stores that failed to upgrade before June 25th are at a heightened risk, as their secret keys may have been compromised, leaving them vulnerable to ongoing attacks.

The vulnerability allows for page manipulation and stealthy user data exfiltration, making it a prime target for cybercriminals. The National Vulnerability Database (NVD) describes it as an Improper Restriction of XML External Entity Reference (XXE) vulnerability, which could lead to arbitrary code execution. Attackers can exploit this flaw by sending crafted XML documents that reference external entities, all without requiring any user interaction.

The Scale of the Attacks

The ongoing cyber-heists linked to CosmicSting are reportedly being executed by at least seven different cybercrime organizations. Recent findings from Sansec indicate that approximately 4,275 merchants using Adobe Commerce and Magento have been targeted throughout the summer, representing about 5% of all such stores. Alarmingly, many of these stores ended up with payment skimmers on their checkout pages, despite ongoing warnings about the vulnerability.

The situation escalated when thousands of private crypto keys were compromised, leading to automated attacks that began shortly after Adobe rated the threat as critical on July 8. The vulnerability allowed for illegal alterations to stores because secret keys were not automatically expired when systems were changed. Although Adobe provided instructions for manually deleting outdated keys, not all merchants followed these guidelines, leaving them exposed.

Mitigation Strategies for CosmicSting

Given the severity of the CosmicSting vulnerability, it is imperative for affected stores to take immediate action. Here are some recommended mitigation strategies:

1. Update Software: Merchants should promptly update to the latest versions of Adobe Commerce or Magento to patch the vulnerability.

2. Rotate Secret Keys: It is crucial to rotate secret encryption keys and ensure that old keys are invalidated. This step can significantly reduce the risk of unauthorized access.

3. Follow Best Practices: For detailed instructions on how to secure your store against CosmicSting, you can refer to Sansec’s comprehensive guide here.

4. Utilize Advanced Monitoring Tools: Implementing tools like SOCRadar’s Advanced Dark Web Monitoring can provide real-time insights into potential threats. This service tracks Personal Identifiable Information (PII) exposures and identifies malicious activities, ensuring that businesses are aware if threat actors are discussing them.

5. Conduct Regular Vulnerability Assessments: SOCRadar’s Vulnerability Intelligence service can help businesses understand which vulnerabilities are actively being exploited, allowing them to prioritize their security efforts effectively.

6. Implement Attack Surface Management: SOCRadar’s Attack Surface Management (ASM) module can identify exposed digital assets, helping businesses understand potential entry points and gain critical insights for patch management. Continuous monitoring for risks is essential to reduce the attack surface.

Conclusion

The emergence of the CosmicSting vulnerability serves as a stark reminder of the persistent threats facing e-commerce platforms. As cybercriminals become increasingly sophisticated, it is crucial for businesses to remain vigilant and proactive in their security measures. By updating software, rotating keys, and utilizing advanced monitoring tools, merchants can protect their online stores from the dangers lurking in the hidden corners of the internet. The stakes are high, and in the world of e-commerce, security is not just an option—it is a necessity.