The E-Commerce Landscape Report prepared by SOCRadar analysts has been published this week. The report includes a detailed analysis of the cybersecurity threats that most impact the e-commerce sector.
The threat landscape of e-commerce is growing every day, with threat actors’ adaptiveness to new technologies and automated tools that enable them to target multiple institutions with one click.
You can read the full report by clicking here.
Cyber Threats to the E-commerce Sector Increased by 37 Percent
E-commerce is one of the top four industries targeted by threat actors concerning the total number of posts and shares on deep web and hacker channels together with the finance industry, IT firms, and government/public institutions.
According to the report, the ratio of deep web posts targeting the e-commerce sector has increased by 37% in the third quarter of 2021 compared to the first quarter of the same year.
One of the report’s highlights is that companies need to work with the right cyber threat intelligence solutions to gain visibility under the surface web.
According to the report, companies need to work with the right cyber threat intelligence solutions to gain visibility under the surface web.
Threat Actors Mostly Prefer Data Sharing
The majority of deep web posts targeting e-commerce institutions are related to sensitive data changing hands, either being sold or shared by threat actors. The exposed data on sale includes credit card information, employee PII data, and customer databases.
Are Ransomware Attacks Not a Threat to E-commerce?
With unauthorized initial access sales, e-commerce‘s most significant problem is the databases in the wrong hands.
One of the most interesting points in the report published by SOCRadar this week is that compared to many other industries, “ransomware” is not a significant threat vector for e-commerce. Threat actors try to stay as long as possible to maximize their data collection using tactics like skimming or phishing.
Ransomware and DDOS Attacks Against E-commerce
A recent Sophos report shows that 44% of retail organizations were hit by ransomware in the last year, and 54% of these attacks were successful, and customer data was encrypted. Almost one-third of the companies whose data was encrypted paid average ransomware of $150K, but they only got back two-thirds of their data on average.
The average bill from recovering from a ransomware attack in the retail sector (downtime, people time, device cost, network cost, lost opportunity, ransom paid, and more) was US$1.97 million
Denial of Service is a cyber-attack allowing threat actors to render the website unusable for legit users by sending an overwhelming traffic volume. In the case of a distributed denial of service (DDoS) attack, multiple sources, multiple bots from untraceable IP addresses send constant traffic to the target server to crash.
As a result, it could cause business disruption, which could significantly bother during the peak business periods. Threat actors use DDoS attacks to put pressure on ransomware victims or as an extortion tactic.
In February 2020, Amazon Web Services defended against a DDoS attack with a peak traffic volume of 2.3 Tbps (Terabits per second), the largest ever recorded. Amazon said that the attack was mitigated by AWS Shield, a service designed to protect customers of Amazon.
With SOCRadar® Free Edition, you’ll be able to:
- Discover your unknown hacker-exposed assets
- Check if your IP addresses tagged as malicious
- Monitor your domain name on hacked websites and phishing databases
- Get notified when a critical zero-day vulnerability is disclosed
Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets. Try for free