The Aftermath of Black Friday & Cyber Monday
With the highest global web-traffic dates of the year now behind us, DynaRisk will dive deeper and outline the cyber security risks of e-commerce after the Black Friday and the Cyber Monday shopping sprees.
DynaRisk's surveillance team has discovered new data leaks on various Dark Web forums that should serve as a warning sign not only for shoppers but retailers as well.
As we have recently covered the Black Friday cyber attacks risks for consumers, we shall pursue this theme by approaching this area of cyber security from an online retailing perspective by highlighting the risks for online merchants.
Ecommerce business owners need to be hyper aware of the cyber risks because their customers are entrusting them with their financial and personal data. Typically, online retailers have access to customers' bank account and credit card information, along with user credentials (usernames and passwords), email addresses, and mailing addresses. When this confidential data is not adequately secured then this is an open invitation to cybercriminals who are constantly finding new vulnerabilities to exploit digital defences, with new attack skills developing all the time.
Customers, more often than not, use the same set of login details for accessing multiple accounts. It is therefore business critical for retailers to stay one step ahead by implementing robust and updated cyber security strategies to protect their customers data as well as, of course, other business critical data.
Below is an example of a personal data leak. Our cyber surveillance team discovered a fresh database where multiple UK consumers' data had been leaked and which is now available for purchase on a Dark Web forum. Once they have access to data, criminals will send phishing emails, impersonate legitimate businesses, as well as send malicious links to tempt the reader to click through.
Common security vulnerabilities in e-commerce systems
E-commerce websites are under extreme pressure to be user-friendly, often favoring the user experience over security measures. Online shopping businesses focus on the appealing layout of their website and user experience as priorities to allure consumers to the click-to-chart step. Many unwisely fear that truly robust security protocols might discourage customers from completing their purchases.
The user experience is of course a factor and whilst customers may prefer to not use a 2-factor verification process, the question for any online business owner must surely be this:
Is this a realistic mindset as the potential costs of not doing so for businesses of all sizes can be catastrophic, crippling and in some instances, lead to bankruptcy.
The cyber protection requirement is highly competitive with smaller e-commerce businesses trying to catch up to larger firms in cyber security protection but without a corporate sized budget. The existing infrastructure for a typical small-to-medium enterprise usually involves internet presence, marketing strategies, advertising through free or paid social media and choosing the right hosting provider etc. Online retailers are simultaneously boosting their online business growth for various reasons whilst conversely increasing their risk exposure to cyber-attacks.
Using open-source website tools leaves online retailers more vulnerable to cyber-attacks. It does not mean they should avoid these tools, but there is an increased security risk of e-commerce when using any open source system without ensuring they are proactive in their cyber security practices. E-commerce platforms like Magento and WordPress have many known vulnerabilities, with new security flaws often identified.
Below is an example of a Dark Web forum discussion on how to exploit WordPress vulnerabilities.
DynaRisk discovered examples of many fraud bibles available for purchase or download from the Dark Web. A fraud bible is a form of guidebook, a collection of hacks, techniques, instructions for committing fraud.
This only shows how highly skilled and resourceful cybercriminals became, making it more challenging but not impossible for businesses to defend against cyber crime.
What measures should you take to ensure security in your e-commerce business and customer data?
Recognize cyber security risks
- Denial of Service (DoS) & Distributed Denial of Service attacks (DDoS)
- POS - Point of Sale Attacks
- Social Engineering
- Third-Party Modules
- Web & Mobile App Vulnerabilities
- Use Encryption
- Set up Secure Payment Gateway
- Install SSL certificate and enable HTTPS
- Set up Network Segmentation
- Enable two-factor authentication (2FA)
- Use a secured eCommerce platform
- Set up SSL and PCI Compliance
- Use strict policies
- Ensure customers are using strong passwords
- Set up Secure data - backup
- Use Antivirus Software
- Set up a Data Breach Response Plan
DynaRisk has a team of intelligence experts constantly monitoring the dark web for stolen data. Find out if your business or personal email has already been exposed to a live or historic data breach by trying DynaRisk’s email data breach scanner for free.
Stay safe in CyberSpace
DynaRisk Surveillance Team