Many online businesses, e-commerce and online retailers still seriously underestimate the [black] market value of the data they possess and handle. Consequently the risks of cyberattacks and importance of information security in general are also significantly underestimated.
The main reason for such behavior is that e-business owners have a very serious lack of information about the “dark side” of the internet, many are not even aware about recurrent data theft from their databases. But let’s start from the beginning.
First of all, e-business owners should remember that cyber criminals are also businessmen, who know how to make money. Customer databases from online stores are one of the most expensive on the black market, because they usually have correct, up2date and complete details about their customers, sometimes even their credit card numbers.
Completeness is a very important factor for [databases] pricing on the black market. Even spammers prefer to purchase personal records from an online shop rather than from a blog or free forum. This is simply because they may better target their subsequent spam emails for a higher click through rate, which consequently generates more income. Obviously, cybercriminals who make money via credit card or identity theft need as much information about their victims as they can obtain. Therefore customers of online stores are perfect targets for them.
Don’t forget that customers of European and US online stores are usually reasonably well-off and may host a good amount of valuable information on their computers. Such information may be used directly by the hackers or be (re)sold on the black market.
This is why quite often e-commerce websites are infected with a malware (an exploit pack targeting and exploiting vulnerabilities in Adobe products or popular browsers) during one night or over a weekend to get control over website visitors’ PCs while the IT security team is “off duty.” Such attacks often remain unnoticed - professional hackers will do their best to go under the radar, and you may not even have any clue that your online shop or database was compromised.
As we hear about attacks on the Targets and eBays of this world, many SME e-business owners gain a false sense of security, believe that they will not be attacked as their customer databases are not big or interesting enough to hackers.
This assumption is wrong because in the majority of cases hackers are not looking for customers and data from a specific web shop, they are just looking for [commercially] exploitable data. It’s much easier, faster and cheaper to hack 50 small e-boutiques than hack one major e-commerce operation, moreover the outcome [number of stolen customer records] will be almost the same, probably even bigger.
Hackers have bots that crawl tens of thousands of e-commerce website for known vulnerabilities, lists of websites as well as vulnerabilities-to-check are being updated weekly or even daily. So, it’s enough that your website is hosted on shared hosting, has an outdated CMS or vulnerable third-party code to get compromised by a bot that will download your databases, install a backdoor, clean the logs and continue crawling. Ninety percent of such hacks are missed by all popular web security scanning services that give “Website verified – 100 percent secure” labels to customers.
Dealing with a security breach
If you do notice that your website has been hacked, immediately notify your web hosting company and temporarily shut down your website.
Immediately change all passwords and copy access logs to secure local storage. They will help in the future to determine how hackers got in and to trace the attackers.
It is very important to understand if the attack against your website was targeted or not. Contact a local security company or a local CERT (Computer Emergency Response Team) to get competent advisers and assistance in the forensics process. Your web hosting company should also be able to help you by analyzing logs and abnormal activities around your website. As soon as you can reconstruct an image of the security incident you should take the following steps:
In short, if you are running an e-commerce website you will probably be attacked at some stage. How you deal with an attack and what you do to prevent another one will determine how much time your site is down and how many customers you alienate.
Antivirus software is not enough. Apex Technology Services used its decades of IT and cybersecurity
experience to create budget-friendly network security packages every company needs.
Please take a moment to fill out your information so we can contact you directly regarding your request.
Google has unveiled the latest version of Flutter, now supports web and desktop applications.
Each day millions of people use Google to find products that they want to buy. Google Shopping Ads put your products in front of the right people at t…
Science fiction and fantasy films offered a glimpse of what holographic technology, from Princess Leia's plea for help, to Tony Stark delivering parti…
Ever since the internet's inception in the '80s, there have been many game-changing developments and innovations. Among these, some of the most exciti…
Handling massive amounts of documents remains one of the key challenges faced by every company and organization on the market. Fortunately, the develo…