Attacks Shopping mall industry have seen in past

The last few years were critical for many companies in the E-commerce sector, due to the high amount of cyber-attacks and emerging threats.

The study of Business Insider shows that for the period of one year at least 16 separate security breaches have occurred at large retailers. Many of them are due to security flaws in payment systems.

Recent report by shape Security showed that many people that log in to a retailer’s E-commerce site are hackers using stolen data. This is the highest percentage of any sector. Some of the largest retailers like Adidas, Macy’s, Best Buy, Forever 21 and others have been affected. Large amount of compromised data is being sold on “dark web”, including databases with personal data, credit card numbers and confidential corporate data, used by the competitors.

Lets See What CEO of Indian Cyber Security Solutions, Mr. Abhishek Mitra has said about this

Another issue in the sector is being caused by the high amount of IoT devices, which allow more and better ICMP and DDOS attacks to be crafted. Many vulnerabilities are caused due to input validation errors, client side gaps, vulnerabilities in database servers or network related vulnerabilities.

It is very important for an E-commerce organization to provide layered security infrastructure, as well as to perform regular assessments in order to check the security of their systems, networks, web and mobile applications and employees.

GDPR and other law requirements provide a strong challenge for most organizations, operating with personal data.

In the white paper we will observe the following topics:

Malware

Log Injection

Log files can be used by an attacker to inject malicious content or forge log entries if there is a vulnerability which allows unvalidated user input to be written in the logs.

Log injection vulnerabilities occur when the data comes from an untrusted source or the data is written to an application or system log file.
Log files are typically used by the applications to store a history of events or transactions which could be later reviewed. Logs could also be used for statistics gathering, or debugging. Depending on the application’s functionality, log files could either be reviewed manually or with the help of automated tool that automatically reads logs and searches for trending information or important events.

Log files might get corrupted if an attacker can supply data to the application that is subsequently logged verbatim.

Bad bots

Bots have many names — crawlers, spiders, Internet robots, web bots and more. They are frequently used to perform repetitive jobs and simple tasks, like indexing a search engine. However they often come as part of a malware. They are used to gain full control over a computer system. Some of them have the functionality to infect the host and connect back to a CNC (command and control) central server(s), which could be used to control a network of compromised computers and hosts.

Phishing

Hackers may try to attack your E-commerce business by launching phishing campaigns. For the purpose they might craft fake emails, phone calls and SMS messages. Hackers can also inject malicious JavaScript snippets to checkout pages in popular E-commerce platforms like Magento, Woo Commerce, PrestaShop and others. Many merchants use PayPal as a payment method, which means that if PayPal account gets suspended it will limit the consumer’s ability to purchase new items. That makes merchants to consider important if they receive an email claiming to suspend their account due to malicious or unusual activity. If they lack security awareness, merchants may follow a fake page link and according to the instructions provide their login credentials. They can also download, complete and submit invoices, bills and proposals in the form of attachment, which will provide the cybercriminal with their user names and passwords and full access to the merchant’s PayPal account. The attachment could also auto-install malicious software on the victim’s computer.

DDoS

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Online stores are especially vulnerable to those attacks especially during discount periods, like Black Friday. However, there are easy to implement measures, to protect against such type of attacks.

Vulnerabilities in firewall

Firewalls are usually important assets of every network security infrastructure. Their job is to restrict the inbound do outbound access and vice versa to specific IP addresses and networks. Firewall vulnerability might be caused because of an error made during firewall design, implementation, or configuration that can be exploited to attack the trusted network behind the firewall. Some common firewall vulnerabilities and misconfigurations include:

Preventive measures in Shopping Mall industry:

#shopping mall #hacking #cybersecurity #icss

Related posts:

Maximize fundraising opportunities for your project with ICO software development. We reinvigorate our clients’ innovative ideas with our intelligent strategies to steer the business towards success…

I was reading yet another interview with a self-published author who wrote a novel that was selling dozens of copies every day. I can’t remember the author’s name or title of the book but I do…

The Faceter system is an intelligent software product designed to analyze surveillance camera feed with face recognition capability. It was above all created to increase crime solving rate and drive…