The number of cyber threats against e-commerce that appeared on the darknet and the deep web continues to increase from year to year. SOCRadar has released a report that summarizes the top threats for e-commerce during 2021.
The SOCRadar team monitored deep web posts, thousands of chatters on hacker channels, ransomware attacks targeting the e-commerce companies. DDoS threats, vulnerabilities, and supply-chain threats are also mentioned in the report.
To achieve this objective, they steal and sell sensitive data or choose extortion by holding the data encrypted with ransomware, threatening data sharing, or executing DDoS attacks. Exploiting vulnerabilities on the supply chain is also an effective method for threat actors to gain access.
You can read the full report by clicking here.
Deep Web Threats to E-commerce Sector
SOCRadar Research Team monitored around ten thousand posts and shares on darknet/ deep web forums and hacker channels on different mediums. 7.3% of these posts were about the e- commerce industry.
Concerning the deep web post and hacker channel shares targeting e-commerce institutions, the most targeted countries in the first three quarters of 2021 are:
- The US
- The UK
The Importance of E-commerce is Increasing All Over the World
According to United Nations trade and development experts, e-commerce retail sales jumped from 16% to 19% in 2020. Moreover, online retail sales in the U.S. increased 32.4% year-over-year in 2020.
The same trend continued with a 39% increase in the first quarter of this year. Consumers started using online shopping more frequently for items from groceries to school supplies. This growing market became even more interesting for money-motivated threat actors.
E-commerce business owners are aware of the increasing cyber security issues and are taking measures accordingly. In the VMWare Carbon Black 2020 Cybersecurity Outlook Report, 77% of businesses surveyed purchased new security products last year, and 69% increased security personnel.
However, big and small, e-commerce shops still became prime targets for web skimming attacks, extortion, DDoS threats, vulnerabilities, and supply-chain threats. The threat landscape of e-commerce is expanding with new technologies, automated tools, and bot armies.
Threat actors` most dangerous attack vector is web skimming. Obfuscated malware stays hidden when stealing credit card information using compromised third-party libraries.
What are SOCRadars’ Recommendations?
Threat actors target e-commerce firms because they have money and a wealth of information on their clients, the same as money for the threat actors. There are some precautions that could be taken to protect your website and your client’s personal information.
Some of the suggestions SOCRadar will offer you to protect yourself from all the threats listed in the report are as follows:
- Keeping Track of the Vulnerabilities on Digital Assets: There are particular vulnerabilities and sometimes zero-days that threat actors exploit. SOCRadar discovers almost all of your digital assets and their vulnerabilities. SOCRadar’s External Attack Surface Mapper tracks your digital assets and the software versions installed on the assets and their vulnerabilities. Therefore, you stop attacks before they start.
- Identifying and Monitoring Threat Actors: Many organized threat actors like APTs have signature Tactics, Techniques, and Procedures (TTPs). Some of them are only active and specific regions and sectors. Monitoring the threat landscape and threat actors will make your defenses stronger. SOCRadar’s threat intelligence threat feeds, IOCs, IOAs will give you the proactive readiness you need.
- Phishing Control: Social engineering and phishing are still the starting attack vectors for many cyber attacks. In addition to your company’s training for not clicking untrusted links and email attachments without verifying their authenticity, SOCRadar can discover impersonating and typo-squatting domains which could be used for phishing campaigns against your customers and employees.
- Dark Web and Deep Web Awareness: Threat actors often find their way into systems by purchasing credentials or intelligence from dark and deep web forums and chatter channels. SOCRadar monitors these channels and creates alarms and incidents for anything related to your company.
You can read the full report by clicking here.
With SOCRadar® Free Edition, you’ll be able to:
- Discover your unknown hacker-exposed assets
- Check if your IP addresses tagged as malicious
- Monitor your domain name on hacked websites and phishing databases
- Get notified when a critical zero-day vulnerability is disclosed
Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets. Try for free