Magento ecommerce sites at 'high risk' of cyberattack

Someone holding a credit card in front of a laptop displaying an ecommerce website.
Image credit: Pixabay (Image credit: StockSnap / Pixabay)

SME websites using the Magento ecommerce platform are currently at high risk from cyberattacks according to new research from Foregenix.

The firm analyzed almost 9m websites worldwide, including 2m in Europe, to discover that 87 percent of SME  websites using the Magento platform are currently at high risk from cyberattacks.

However, just under 10 percent of websites using other major ecommerce platforms surveyed register in the same high risk category.

The analysis was carried out between April and May by Forgenix's Threat Intelligence Group using its website security solution WebScan. The firm's research further revealed that the proportion of Magento websites at high risk has increased from just under 80 percent when compared to research carried out in October of last year.

High risk

Other findings from Foregenix's analysis show the percentage of SME sites using Magento being at high risk is lower in Europe than in North America.

Europe, which accounted for 48 percent of all websites surveyed, registered 28 percent of the high risk Magento sites while North America accounted for 43 percent of global sites analyzed  but registered 60 percent of the high risk sites.

When it comes to sites that have been compromised by hackers, 1.4 percent of Magento sites globally are compromised and show signs of payment card harvesting malware stealing their customer data. However, the one exception to the trend is in Europe where just 0.63 percent of Magento sites were compromised.

Chief commercial officer at Foregenix, Benjamin Hosack provided further insight on the firm's analysis, saying:

"Magento is a market leader for good reason. However, this leadership position also attracts the attention of criminals looking for easy targets, such as websites that have not kept their Magento software up to date or have basic security flaws like leaving their admin page unprotected. In the vast majority of cyber attacks victims are small local businesses which never thought they'd be a target for criminals and didn't realise when they were hacked. Their payment data can be leaked to criminals for months on end before they are notified by credit card companies. 

"Most breaches aren't a result of extremely clever cyber criminal techniques. They are simply the result of basic security issues that have been overlooked by the website owners and developers. A few basic precautions such as deploying software patches quickly can make a big difference to minimising risk, whichever platform is used."

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.