This is a classic supply chain attack.
UK based FishPig, seller of Magento WordPress integrations, ecommerce software has discovered that its distribution server had been compromised, which allowed threat actors backdoor access to the customer’s systems. The ecommerce software is believed to be used by more than 200,000 websites.
Breach of software maker used to backdoor as many as 200,000 servers | Ars Technica
At this time the cyber criminal’s identity is unknown. The nature of the attack is still being investigated although the malware used is known – Rekoobe. This stealthy malware appears to be an SMTP server and can be controlled remotely from the internet by threat actors, giving them access to issue commands to the infected server.
FishPig is directing all customers to check their systems and reinstall the software, plug-ins and extensions.
Clive Catton MSc (Cyber Security) – by-line and other articles
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
