Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

How to mitigate Magecart attacks

By Archis Gore

Over the past three years the name Magecart appears regularly in the news surrounding data breaches and is especially relevant as British Airways was recently fined a record £20m for the 2018 data breach that exposed customers’ personal information. However, there is a lot of misunderstanding on Magecart and what it really is.

Magecart is not actually a vulnerability but rather an association of multiple hacker groups. You can think of Magecart as a private cooperative vulnerability and exploit sharing network. Magecart targets popular PHP-based e-commerce platforms such as Magneto and WordPress mainly through code injection giving them full power over a website – which is what makes it so dangerous.

Why aren’t current security solutions enough?

Traditional defenses are reactive, meaning any Magecart attacks that are discovered or get flagged take time to be classified as malicious. In the time between flagging and malicious identification, attackers are still able to inject code that the target system believes is legitimate approved code. To add insult to injury, once Magecart plants scripts in servers and systems, it can be a long time before they are discovered and eradicated. The only way to detect any changes is to compare the entire e-commerce code stack line-by-line to see what has changed.

Polyscripting works where other security measures fail.

Fortunately, there is another way to stop these attacks before they start and even detect them when they occur. Polyscripting removes the mechanism that otherwise enable hackers to execute injected code on a server, making this entire threat category futile. Polyscripting transparently scrambles the syntax and grammar of PHP, thereby preventing any non-approved code written in regular PHP, from executing at all.

When a Polyscripting defense works, it enables multiple responses, both short-term tactical, and long-term permanent:

  1. In the short term, quick and efficient eradication of said injected code (which is now obvious and trivial to remove.)
  2. In the long-term, the discovery of the vulnerability leads to a conclusive patch. It forever removes that zero-day from being able to be used again.

To learn more about Magecart and how Polyscripting mitigates these threats, read our whitepaper Mitigating Magecart.

Interested in learning more?

Be the first to hear about the latest product releases and cybersecurity news.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.