by Stan Wisseman in CyberRes, Micro Focus
Black Friday and Cyber Monday are the biggest selling days of the year for e-commerce. Online shopping established a lead over in-store purchasing during 2020. Although foot traffic bounced back in 2021, digital shopping acceptance accelerated further. Online holiday sales across November and December rose 5% year over year worldwide to $1.14 trillion and 9% in the US to $257 billion. Profits are maximized for businesses at this time of the year with meticulous planning and execution – allowing sellers in all industries to thrive in big ways.
But businesses must protect themselves ― and their customers ― since Black Friday and Cyber Monday are also the pinnacle of opportunity for cyber criminality, and cybercriminals ramp up their malicious activity during this period. As cyber threat actors prepare to strike – and strike they will – businesses need to be proactive about spotting potential scams early, limiting the damage, and recovering quickly from any possible attack. As we enter the holidays, e-commerce websites are at an increased risk for security threats like skimmers, MageCart, ransomware, and phishing.
Digital Skimming Attacks Targeting E-commerce Platforms
Software vulnerabilities remain one of the most common threats impacting e-commerce websites. Nearly 75% of fraud and data breach cases investigated by Visa’s Global Risk team involved e-commerce merchants, according to the Visa Biannual Threats Report. Magecart, Formjacking, and other digital skimming cyberattacks targeting e-commerce platforms and third-party code integrations are common.
In the past few years, the headliners for cybersecurity incidents tended to involve attacks on core utilities and critical services, state-sponsored campaigns, ransomware, massive data breaches, and disruption on a broader scale than the issues that digital skimming victims today often experience. However, this doesn’t mean that the problem has gone away. Last year the UK’s National Cyber Security Center (NCSC) reported thousands of MageCart attacks on compromised payment portals right before Black Friday.
We shouldn’t forget that it’s not only SMBs at risk: large brands have fallen prey to this type of cyberattack in the past as well, including British Airways, Newegg, and Ticketmaster. On June 20, Malwarebytes researcher Jérôme Segura said in a blog post that while Magecart attack rates appear to have diminished, recent reports suggest the market for stolen credit card information is still considered worthwhile – and a new campaign has shown that some operations still operate a “pretty wide infrastructure.”
Increased Cyberattacks on Organizations Through Software Supply Chains
Cybercriminals continue to find new ways to infiltrate organizations, and in recent times, there have been increased cyberattacks on organizations through software supply chains. Open-source software is hugely valuable to e-commerce businesses, but if vulnerabilities exist in that software, it’s a dangerous problem that can lead to significant security incidents.
A reports unveiled during the 9th BlackBerry Security Summit last month stated that following a software supply chain attack, there was a significant disruption in operations (59%), data loss (58%), and reputational impact (52%). Moreover, nine out of ten organizations would take up to a month to recover, which could result in significant disruption to the business.
On November 1st, the OpenSSL team released an advisory detailing two high severity vulnerabilities — CVE-2022-3602 and CVE-2022-3786. OpenSSL is one of the predominant encryption libraries and is underpinning a significant portion of the internet’s TLS protected communications. While pre-announced as critical, the vulnerabilities were later downgraded to high severity for the actual release. While this article won’t go into details of what exactly the vulnerabilities are (for more details, see this Fortify report), but this is an example of how e-commerce sites can be impacted by these types of vulnerabilities.
Retail Cybersecurity Tips
What steps can businesses take as the World Cup of cybercrime approaches?
- Reduce software supply chain risk: The prevalence of third-party vendor systems is a security challenge that must be addressed. Closely monitor and manage the configuration of any assets or information accessed by third party vendors and implement a secure development lifecycle to make sure software suppliers are applying security controls and following secure coding best practices.
- Implement zero trust: Enforcing zero-trust solutions is essential: it restricts third-party access to information the website has authorized and blocks access to consumers’ private and payment information.
- View your site as a customer: It’s important to keep tabs on how your website appears to customers themselves and not focus solely on the server side. Viewing it from the browser perspective can help spot issues that may signal a compromised site. You should also run dynamic application security scans on your websites to identify and fix vulnerabilities that could be exploited.
- Train your staff: Humans are the weakest link of the security chain. Clicking on a bad link, not recognizing a suspect email attachment, or sloppy or unattuned security awareness are all things that can lead to a breach. Prepare staff by reviewing up-to-date threats, scenarios, and recovery plans.
- Backup your data: If you have sufficiently backed up your company’s sensitive data you will be less vulnerable to the pressure of having to pay a ransom in the event of a ransomware attack.
The current threat landscape poses extreme risk to every business, no matter the size or vertical. The cost of not being prepared could be the loss of the business itself. This should force business retailers to embrace a dedication and awareness of relevant protections that can help them fend off a cyberattack.
