Since the start of the Covid-19 Pandemic, how we do business has dramatically changed. The stocks of big online retailers like Amazon, Costco, Walmart are soaring to new heights.
Firms with no online presence got the hardest hit through the pandemic. On the other hand, this online activity created new opportunities for cybercriminals. Online retail and e-commerce sites became prime targets for cyber attacks.
The threat landscape of e-commerce is growing every day, with threat actors’ adaptiveness to new technologies and automated tools that enable them to target multiple institutions with one click.
The E-Commerce Landscape Report prepared by SOCRadar analysts has been published this week. The report includes a detailed analysis of the cybersecurity threats that most impact the e-commerce sector.
You can read the full report by clicking here.
Why Are E-commerce and Online Retailers Being Attacked?
There are many reasons for this continuing trend of cyber attacks on e-commerce. First of the many reasons is the high expectations of the customer experience through shopping medium, either a website or mobile app. When companies try to improve customer satisfaction, they try to create a hassle-free, frictionless experience.
When a verification for identification or payment process fails, it is straightforward for the customer to try a different site among the many choices available. Therefore, an unfinished transaction is a current and future business loss for the company.
To provide the frictionless experience that customer demand, companies either ease their cyber security requirements or involve third-party vendors, expanding the external attack surface.
The second reason for cyberattacks on e-commerce and online retailers is the high value of the customer data like credit card transactions and general personal details.
Big retail companies have a wealth of data on their frequent users to provide a unique and pleasant experience. This kind of personal data makes the customer more vulnerable to different attack vectors like social engineering.
We also need to add the payments systems and IoT devices to the expanded attack surface mentioned above. The past cyber-attacks showed that PoS devices could be the low-hanging fruit for hackers. It is easy to install malware on them. Unprotected IoT devices also could be a foothold for cybercriminals.
Some Key Findings to Know Before Black Friday Season This Year
- The number of posts targeting e-commerce institutions increased by 37% in the third quarter of 2021 compared to the first quarter of the same year.
- The percentage of deep web posts targeting the e-commerce industry has reached 8.3% in 2021.
- Almost ten thousand phishing domains impersonating retail e-commerce sites registered in 2021.
- There are 6.44 million leaked account information on the dark web most so far in 2021 only in the e-commerce industry, which could be used for account takeovers.
There are Things to Protect Yourself
User and payment verification for clients. Research shows most people agree with increased protection in check-out pages as long as an explanation is provided.
You could protect your endpoints, including POS and IoT devices using trusted security hardware software as much as possible.
You must have backup policies and practices. In addition, you should have multiple recent copies (preferably at least one offline) of your critical data and settings and configurations of your security devices.
And finally, SOCRadar provides the actionable and timely intelligence context you need to manage the risks in the era of transformation.
How Can SOCRadar Help?
- Darknet and Deep Web Monitoring: SOCRadar’s fusion of its unique dark web Recon technology with the human analyst eye achieves further to provide in- depth insights into financially-targeted APT groups and threat landscape.
- Credit Card Monitoring: Enhance your fraud detection mechanisms with automation speed by identifying stolen credit card data on popular global black markets, carding forums, social channels, and chatters.
- Protecting Customers’ PII: Scan millions of data points on the surface web, deep web, and darknet to accurately identify the leakage of your customers’ personally identifiable information (PII) in compliance with regulations.
- 360-Degree Visibility: Achieve digital resiliency by maintaining internet-facing digital asset inventory. Significantly accelerate this process by automated discovery, mapping, and continuous asset monitoring.
With SOCRadar® Free Edition, you’ll be able to:
- Discover your unknown hacker-exposed assets
- Check if your IP addresses tagged as malicious
- Monitor your domain name on hacked websites and phishing databases
- Get notified when a critical zero-day vulnerability is disclosed
Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets. Try for free