With e-commerce sales set to increase by between 25-35% compared to last year this Black Friday and Cyber Monday, retailers need to be on alert for potential cyber security threats.
According to the Global Information Security Survey by Ernst and Young, customer information is the most valuable type of data for most attackers. The threat to cyber security and privacy is increasing: 59% of organisations have faced a significant incident in the past 12 months, and the National Cyber Security Centre recently shared its yearly report, detailing that over 15,000 coronavirus-related scams were taken down.
The rise of online shopping and working from home has created new vectors for attackers, so security professionals need to guard against new threats carefully as they emerge. NordVPN Teams highlights 4 threats retailers have to watch out for.
Web-skimming, or magecart, is an attack where malware infects online checkout pages to steal payment and personal information of shoppers. Magecart is a very common type of attack in e-commerce and is attributed to 7 to 12 attack groups, who are behind the theft of millions of online shoppers’ credit card information.
Overall, there have been an average of 425 Magecart incidents per month in 2020. In many cases, attackers deploy social engineering tactics, such as sending shoppers a bogus promotion for a site. When shoppers respond to the fake offer, they enter their personal data on a page that is actually a skimming scam.
The Gocgle’s malicious campaign, which hit hundreds of shopping websites, demonstrates how hackers used Google’s legitimate tool for impersonation in order to compromise the code and steal valuable information.
In November 2019, Macy’s confirmed there was a credit card-skimming Magecart malware on its checkout and wallet pages just as Black Friday and the holiday shopping season approached. Macy’s indicated that the malware allowed a third party to capture customers’ data on the pages if they input their credit card information and clicked “Place order.”
The fact that there are multiple third-party vendors that support online sales further exposes retailers to possible threats. Cybercriminals often target third parties because they’re the weak links in the supply chain. On average, e-commerce sites use 40 to 60 third-party tools and intend to add three to five new third-party technologies each year, amplifying the risks.
Outdated or fake plugins also add to the risk package.
Open-source software uses code that anyone can view, modify, or enhance. And while it has been hugely valuable to e-commerce businesses, it also carries several cyber security challenges.
Any vulnerabilities found in the code can be a massive problem across a huge number of websites, with COVID-19 intensifying the problem even more. Companies are advised to make technical improvements to their website fast if they want to avoid a potentially catastrophic breach.
Other security threats to e-commerce sites include phishing, ransomware, SQL injection, DDoS attacks, and cross-site scripting (XSS). “The minute retailers see unusual traffic patterns, they should assume an attack designed to slow the site down, take it offline, or steal data is underway,” the NordVPN Teams expert adds.
E-commerce security is never a done deal. Threats and hacking methodologies evolve at an alarming rate, so maintaining awareness and a security-focused mindset is the key to staying secure. Layering multiple solutions for business security is one of the best ways to keep an online business safe against cyber-attacks.
Do you work in the logistics sector? You may be interested in content from our sister title, SHD Logistics. Provider of news, case studies and opinions from the logistics sector, has launched a new app. It is available on the Apple App Store and on your desktop. Once downloaded, the app will allow you to save, read, search and share digital editions of SHD Logistics. SHD covers many verticals including retail and fashion, food and beverage, engineering, manufacturing, and transport and distribution.
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
