Managing Editor, IFSEC Insider

Author Bio ▼

James Moore is the Managing Editor of IFSEC Insider, the leading online publication for security and fire news in the industry.James writes, commissions, edits and produces content for IFSEC Insider, including articles, breaking news stories and exclusive industry reports. He liaises and speaks with leading industry figures, vendors and associations to ensure security and fire professionals remain abreast of all the latest developments in the sector.
November 27, 2020


Lithium-Ion batteries. A guide to the fire risk that isn’t going away but can be managed

Cyber security

4 cyber security threats retailers should be aware of on Black Friday and Cyber Monday

With e-commerce sales set to increase by between 25-35% compared to last year this Black Friday and Cyber Monday, retailers need to be on alert for potential cyber security threats.

CyberThreat-Attack-Security-20According to the Global Information Security Survey by Ernst and Young, customer information is the most valuable type of data for most attackers. The threat to cyber security and privacy is increasing: 59% of organisations have faced a significant incident in the past 12 months, and the National Cyber Security Centre recently shared its yearly report, detailing that over 15,000 coronavirus-related scams were taken down.

The rise of online shopping and working from home has created new vectors for attackers, so security professionals need to guard against new threats carefully as they emerge. NordVPN Teams highlights 4 threats retailers have to watch out for.

1. Magecart/E-skimming 

Web-skimming, or magecart, is an attack where malware infects online checkout pages to steal payment and personal information of shoppers. Magecart is a very common type of attack in e-commerce and is attributed to 7 to 12 attack groups, who are behind the theft of millions of online shoppers’ credit card information.

Overall, there have been an average of 425 Magecart incidents per month in 2020. In many cases, attackers deploy social engineering tactics, such as sending shoppers a bogus promotion for a site. When shoppers respond to the fake offer, they enter their personal data on a page that is actually a skimming scam.

The Gocgle’s malicious campaign, which hit hundreds of shopping websites, demonstrates how hackers used Google’s legitimate tool for impersonation in order to compromise the code and steal valuable information.

In November 2019, Macy’s confirmed there was a credit card-skimming Magecart malware on its checkout and wallet pages just as Black Friday and the holiday shopping season approached. Macy’s indicated that the malware allowed a third party to capture customers’ data on the pages if they input their credit card information and clicked “Place order.”

2. Third-party vendors

The fact that there are multiple third-party vendors that support online sales further exposes retailers to possible threats. Cybercriminals often target third parties because they’re the weak links in the supply chain. On average, e-commerce sites use 40 to 60 third-party tools and intend to add three to five new third-party technologies each year, amplifying the risks.

Outdated or fake plugins also add to the risk package.

3. The increased danger of open-source software vulnerabilities

Open-source software uses code that anyone can view, modify, or enhance. And while it has been hugely valuable to e-commerce businesses, it also carries several cyber security challenges.

Any vulnerabilities found in the code can be a massive problem across a huge number of websites, with COVID-19 intensifying the problem even more. Companies are advised to make technical improvements to their website fast if they want to avoid a potentially catastrophic breach.

4. And all the others…

Other security threats to e-commerce sites include phishing, ransomware, SQL injection, DDoS attacks, and cross-site scripting (XSS). “The minute retailers see unusual traffic patterns, they should assume an attack designed to slow the site down, take it offline, or steal data is underway,” the NordVPN Teams expert adds.

How to protect your e-commerce site

E-commerce security is never a done deal. Threats and hacking methodologies evolve at an alarming rate, so maintaining awareness and a security-focused mindset is the key to staying secure. Layering multiple solutions for business security is one of the best ways to keep an online business safe against cyber-attacks.

  1. Implement Zero Trust. It’s essential to enforce zero-trust solutions that restrict third parties to information the website has authorised them to access while blocking access to consumers’ private and payment information, also known as “least privilege.”
  2. View your site as a customer. Too many businesses only see their website as it appears on the server side, instead of viewing it from the customer’s browser perspective. The browser page is what customers “see” when they shop, and these pages are subject to compromise. Therefore, you need to assess what you’re doing to protect your pages once they leave the web server.
  3. Bonus: implement firewalls (including web application firewalls), making sure the connection is secure and passwords are strong, implementing multi-factor authentication, using intrusion detection systems, and constantly monitoring and updating web platforms.

Do you work in the logistics sector? You may be interested in content from our sister title, SHD Logistics. Provider of news, case studies and opinions from the logistics sector, has launched a new app. It is available on the Apple App Store and on your desktop. Once downloaded, the app will allow you to save, read, search and share digital editions of SHD Logistics. SHD covers many verticals including retail and fashion, food and beverage, engineering, manufacturing, and transport and distribution. 

Subscribe to the IFSEC Insider weekly newsletters

Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.

Sign up now!

man reading a tablet, probably the IFSEC Global newsletter

Related Topics

Notify of
Inline Feedbacks
View all comments