Connect with us

Cyber Security

E-commerce Channels Must Strengthen Defenses as Cyberattacks Increase during Pandemic

Avatar

Published

on

Hacker

Many physical offices and brick-and-mortar locations are temporarily closed due to the coronavirus pandemic. Consumers are now turning to e-commerce channels for their daily needs. Majority of people in the US are purchasing goods through online stores and groceries. As a result, e-commerce sites have seen a 49 percent increase in their daily average sales.

However, the rise in online activities has prompted hackers and threat groups to exploit the situation. While it’s common for e-commerce websites to have security measures in place, cybercriminals are finding ways to circumvent these defenses. Recently, food container store Tupperware suffered a malware attack that cloned its payment form to collect user information. Smaller retailers and those only recently putting up e-commerce channels as means to cope with this shift are even more vulnerable to such attacks.

To cope with these threats, businesses have to perform threat and risk assessments and determine whether their cybersecurity measures are strong enough to capably prevent hacking attempts while the pandemic rages.

Table of Contents

Attacks on e-commerce

Hackers typically exploit changes in organizations’ processes and people’s behaviors caused by crises. Wide-scale lockdowns have forced businesses and consumers to alter the way they do business. Cybercriminals are looking to capitalize and increase their attack’s chances of success.

One of the most common attacks cybercriminals use against e-commerce channels is credit card skimming. Typically, hackers look for vulnerable endpoints so that they can inject malware to siphon off customer data such as full names, contact details, and credit card numbers that are stored in an online store’s database. They can then sell these in the black market or use them to carry out other fraud attacks. Skimming activities in March are up by 26 percent compared to February.

SEE ALSO:

Defining Residential Proxies

A number of users of e-commerce giant eBay, for instance, reported having their accounts allegedly hacked and were used to make unauthorized transactions. Curiously, these incidents supposedly happened just about the time company’s customer service agents started working from home due to the outbreak. The absence of immediate customer support can deprive users of the ability to quickly restore access to their accounts, giving hackers more time to use these stolen accounts.

Hackers are also carrying out advertising fraud attacks against businesses. Normally, online stores pay websites that display their ads for every click or download they generate. Using botnets, hackers can generate bogus clicks and downloads to force companies to pay them for the fake engagement their sites created. Some hackers even set up bogus online stores and pharmacies selling low-quality face masks and fake coronavirus cures.

Impact of cyberattacks

Falling victim to cyberattacks can be devastating to businesses. Attacks can disrupt daily operations and force companies to temporarily halt their business. Downtime can mean lost income. Considering how digital channels are now the primary means for businesses to ensure continuity, disruption can mean total stoppage to operations.

Organizations may also have to pay hefty fines and compensate users who have their data compromised. The average cost of a data breach for small e-commerce websites is $86,500 while it costs an average of $4 million for large online stores. This can also result in companies suffering reputational damage that would require additional resources to fix.

SEE ALSO:

Why Cybersecurity Is Becoming Vital In Politics

Costly breaches during times of crises can even result in bankruptcy and closure, especially due to the massive economic crunch caused by the pandemic. Suffering from card fraud, scams, and identity theft can also greatly impact consumers who are already struggling financially.

Steps to take against attacks

To combat such threats, organizations must implement strong security measures. They can install antiviruses that can perform regular malware scans and eliminate malicious code. Firewalls can also be used to block suspicious traffic from entering corporate networks. Organizations can also adopt fraud prevention tools such 3D secure authentication that requires a PIN to validate a transaction. This is useful for credit card holders whose accounts have been compromised.

While these solutions can certainly help, they can still fall short. Hackers typically attempt attacks across all vectors until they find flaws in the organization’s infrastructure that they can exploit. A single vulnerable endpoint can cause a data breach. This is why it’s critical that organizations conduct continuous risk assessment of all potential vectors.

A way to address this is by performing constant security risk assessments. Fortunately, approaches such as breach and attack simulations (BAS) can now be performed to comprehensively test an organization’s security posture. Manual risk assessment requires significant resources and technical expertise that not all organizations have. Additionally, businesses do not have much time to conduct these tedious tests as hackers are now quickly ramping up their attacks.

SEE ALSO:

Protect Your Cloud from Privileged Access Controls that Leave You Exposed

For example, BAS platforms can run simulated attacks across vectors to assess how endpoint security such as antimalware solutions and firewalls perform against modern threats. The measures that fail to mitigate the simulated attack can be immediately adjusted or replaced with more formidable ones.

Performing regular risk assessment allows business and IT leaders to review their defenses and identify security gaps. This will help them make the necessary adjustments and reduce the risk of suffering an attack.

Stringent security is crucial

Considering the threats e-commerce channels face, organizations must ensure that their defenses are more than capable of mitigating cyberattacks. They can’t be complacent and rely on solutions that they have been using all this time. Security tools and protocols must be reviewed so that even the smallest flaw in the network will be identified and addressed. Performing regular risk assessment will be crucial if companies want to create a robust perimeter that hackers will find difficult to infiltrate in order to keep their operations and customers safe.

Source: https://cybersguards.com/e-commerce-channels-must-strengthen-defenses-as-cyberattacks-increase-during-pandemic/

Cyber Security

Fintechs are ransomware targets. Here are 9 ways to prevent it.

Avatar

Published

on

Cybercriminals are clever, and they often target fintechs for two reasons. They know fintechs handle a lot of sensitive and financial information on a daily basis, and that they probably have the means to meet hackers’ demands and get back to business as usual.

Ransomware attacks are one of the most common fintech cybersecurity risks, and falling victim to one can be devastating — or disruptive at the very least. So, we asked the experts at ESET to explain how to prevent ransomware, and secure your business from the inside out.

Firstly, what is ransomware and how does it work?

With a ransomware attack, a cybercriminal hacks into their victim’s systems and essentially holds their data “hostage” until they pay a ransom. Since hackers know how valuable data is to a business, they tend to set ransoms in the thousands or even millions of dollars.

There are two types of attacks: crypto ransomware encrypts all the files, folders and hard drives on the infected computer, while locker ransomware locks users out of their devices. For cybercriminals, the goal is to get you to pay up so you can retrieve your files and mitigate any damage to your business.

What to do after a ransomware attack

Unfortunately, you don’t have too many options if you fall victim to a ransomware attack. You’ll need to decide to pay the ransom or not, and that involves weighing up how much your data is worth. Just keep in mind that giving in to a cybercriminal’s demands may encourage them to attack you again — and there’s no guarantee that your data will be restored.

Either way, it’s important to go into disaster recovery mode right away. Follow these steps for what to do if you get ransomware:

1. Alert your IT department. If your company has IT professionals or a Chief Information Security Officer, notify them about the attack. Hopefully, they’ll have a plan of actions for situations like these and be able to guide your team through these steps.

2. Trace the source of the attack. Most ransomware attacks have a countdown clock before all your files are deleted forever, so the sooner you find the source, the faster you can act. Typically, ransomware sneaks its way into your system through a malicious link or email attachment. The best-case scenario is the ransomware only attacks that one device, and the worst-case is it infects your entire system. Once you’ve found the culprit, ask the user if they’ve opened other suspicious emails or noticed anything weird about their computer.

3. Remove that device from your network. To stop the ransomware from spreading through your network, you’ll need to unplug the infected device.

4. Let your employees and clients know about the breach. While it’s important not to cause panic, you do need to be transparent. The truth is, most cyber breaches are the result of human error, so your employees need to know what happened and what’s expected of them. As for your clients or customers, contact them if you have proof their data has been compromised. In other words, avoid putting out a statement until you have all the information.

5. Invest in better security systems. When you’ve gotten through the aftermath, look into more sophisticated cybersecurity in fintech practices.

9 ways to prevent ransomware attacks

Ransomware is incredibly common, and as you now know, there are limited ways to deal with an attack. You need to be proactive and prepared, and implement measures to prevent an attack.

As you might have guessed, fintech cybersecurity should be a priority. These are our tips for how to protect against ransomware: 

Set up sophisticated email filters. The majority of ransomware is delivered by spam or phishing emails. To stop ransomware before it has a chance to infect your systems, employ email filters that scan all email content for spam, viruses and other forms of malware.

Run regular security audits. It’s worth assessing your security systems to identify any gaps or weaknesses. If you can, consider outsourcing your cybersecurity, reallocating resources or hiring in-house professionals to give your fintech peace of mind.

Use an up-to-date antivirus and anti-ransomware software. To protect your company devices from ransomware, malware, identity theft and more, install a third-party antivirus software designed for businesses. ESET Digital Security for Business offers the best ransomware protection and defence against a range of advanced cyber threats, and can be tailored to the size and scope of your fintech. Along with blocking persistent threats, it secures your devices with endpoint protection, which is especially handy if you have employees who work remotely.

Accept all software updates. Cybersecurity companies often release new patches to fix bugs and address vulnerabilities, which is why it’s essential to stay on top of any updates. In other words, you could have the most sophisticated antivirus ransomware software in the world, but that won’t do you any good if you ignore every notification that pops up! Updates usually take a few minutes to download and require you to restart your computer, but they make your company much less vulnerable to ransomware.

Implement multi-factor authentication. Two-factor authentication is good, but multi-factor authentication is better. This means employees will need to enter their username, password and one more piece of additional information — usually a code sent to their phone or email — before they can log into the system. It also makes it harder for hackers to break in.

Create a whitelisting program. This is effective in preventing ransomware, and it involves restricting the applications that can run within your company’s system. Think of it as the opposite of blacklisting — only applications that have passed the approval process will work.

Encrypt your company files. Ideally, all of your data should be end-to-end encrypted, and access limited to the people who need that information to do their jobs. The good news is, most computers and phones have built-in operating systems that encrypt stored data and prevent unauthorised users.

Tighten your cloud security. Speaking of the cloud, some cloud services don’t offer secure encryption and can’t distinguish between authorised users and other people trying to access the cloud. ESET Cloud Office Security will configure your cloud security so hackers can’t bypass your company’s policies and tap into sensitive information.

Routinely back up your data and systems. By backing up your data regularly, you’ll be able to recover any lost or corrupted data if your server crashes or if you fall victim to a ransomware attack. We recommend always having two encrypted backups: one on the cloud, and one an external hard drive.

Get in touch with ESET today!

Ready to protect your business from the inside out? With ransomware, prevention is always better than cure, so head to ESET’s site to learn more about their top-rated cybersecurity systems.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://australianfintech.com.au/fintechs-are-ransomware-targets-here-are-9-ways-to-prevent-it/

Continue Reading

Cyber Security

What are Insecure Direct Object References (IDOR)?

Avatar

Published

on

HackerOne Hacker Noon profile picture

@hacker0x01HackerOne

HackerOne empowers the world to build a safer internet.

Insecure Direct Object References (or IDOR) is a simple bug that packs a punch. When exploited, it can provide attackers with access to sensitive data or passwords or give them the ability to modify information. On HackerOne, over 200 are found and safely reported to customers every month. 

What is an IDOR?

There are several types of IDOR attacks, including:

  • Body Manipulation, in which attackers modify the value of a checkbox, radio buttons, APIs, and form fields to access information from other users with ease.
  • URL Tampering, in which the URL is modified at the client’s end by tweaking the parameters in the HTTP request. 
  • HTTP Requests in which IDOR vulnerabilities are typically found in GET, POST, PUT, and DELETE verbs.
  • Mass Assignment, where a record pattern can be abused to modify data that the user should not be able to access. While not always a result of IDOR vulnerabilities, there are many powerful examples of this being the result of it. 

In its simplest and most common form, an IDOR vulnerability arises when the only input required to access or replace content is from the user. This vulnerability submitted to Shopify by California-based hacker Rojan Rijal (a.k.a. @rijalrojan) in 2018 is the perfect example.

By observing how file attachments were labeled when sending a query to Shopify’s Exchange Marketplace application, Rojan was able to replace documents by leveraging the same file name from different accounts. 

Figure 1: IDOR vulnerability reported by @rijalrojan to Shopify on the HackerOne platform.

For retail and ecommerce companies, IDOR vulnerabilities represent 15% of what organizations pay bounties for and represent the top vulnerability for programs across government (18%), medical technology (36%), and professional services (31%) industries. 

If they’re so simple, why are they so common? 

In short, IDORs can not be detected by tools alone. 

IDORs require creativity and manual security testing to identify them. They require you to understand the business context of the target application. While some scanners might detect activity, it takes a human eye to analyze, evaluate, and interpret. Understanding the deeper context is an innately human skill that machines cannot replicate. In traditional pentests, unless a pentester tests every possible parameter in every request endpoint, these vulnerabilities can go undetected. 

What are the implications of an IDOR vulnerability? 

Perhaps the most infamous IDOR vulnerability as of late is that found in alt-tech social media platform Parler. The company ordered their posts by number in the URL, a telltale sign of IDOR. If you add a sequential digit to a Parler post URL, you could access the next post on the platform indefinitely. Without authentication or access limits, an attacker could easily build a program to download every post, photo, video, and data from the entire site. While this was just public posts (not necessarily IDs used to verify accounts), geolocation data from posts was also downloaded, which could reveal GPS coordinates of users’ homes.  

How can you prevent IDORs from cropping up?

“Avoiding IDOR is only possible by building a robust access control mechanism, choosing the best fit methodology for your scenario, log all access and if possible do an audit with a post authorization check,” said HackerOne hacker Manoel Abreu Netto, better known online as @manoelt.

“However, if you want to reduce the impact of an IDOR, avoid using a simple pattern to reference objects in the backend, thus not using a sequential integer value but something like uuid or even a MAC (hashed ID) with a salt per user session.

This does not eliminate the IDOR, but reduces the overall impact and the ability to enumerate objects.”

To remediate IDOR vulnerabilities, below are a few best practices. 

  1. Developers should avoid displaying private object references such as keys or file names.
  2. Validation of parameters should be properly implemented.
  3. Verification of all the referenced objects should be checked.
  4. Tokens should be generated in such a way that it can only be mapped to the user and is not public.
  5. Ensure that queries are scoped to the owner of the resource. 
  6. Avoid things like using UUIDs (Universally unique identifier) over Sequential IDs as UUIDs often let IDOR vulnerabilities go undetected.

For more information about reducing risk and getting started with hacker-powered security, check out our CISOs Guide to Deriving Value from Hacker-Powered Security.

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://hackernoon.com/what-are-insecure-direct-object-references-idor-hz1j33e0?source=rss

Continue Reading

Cyber Security

80% of Global Enterprises Report Firmware Cyberattacks

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://threatpost.com/enterprises-firmware-cyberattacks/165174/

Continue Reading

Cyber Security

Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://threatpost.com/qnap-nas-devices-zero-day-attack/165165/

Continue Reading
Blockchain6 hours ago

Knut Svanholm im Interview: „Bitcoin verwischt die Grenze zwischen Besitz und Wissen“

Esports7 hours ago

Dota 2: ChYuan Replaces Masaros On Fnatic’s Offlane

Esports8 hours ago

ana reunites with OG ahead of DreamLeague Season 15

Esports8 hours ago

Ana is back! Again

Esports9 hours ago

OWL 2021 Power Rankings – #16 Houston Outlaws

Esports10 hours ago

Dota 2: EHOME Signs Sylar, Ahjit Moves To Bench

Esports10 hours ago

Code S RO16 Preview: Rogue, Zoun, INnoVation, Dark

Esports10 hours ago

The best way to play Hecarim in League of Legends season 11

Esports12 hours ago

A detailed look at Dawnbreaker, Dota 2’s first carry in four years

Esports14 hours ago

These 2 Overpass lineups let CTs lock up the B bombsite from A

Esports16 hours ago

Fortnite: Blatant Cheater Finishes Second In A Solo Cash Cup

Esports18 hours ago

LoL: LCS MSS Lower Bracket Finals Recap- Team Liquid vs TSM

Esports18 hours ago

Atlanta FaZe advance to the Grand Finals at the Stage 2 Major by defeating Dallas

Esports18 hours ago

Why did Twitch ban the word “obese” from its predictions?

Esports18 hours ago

Hikaru Nakamura accused of striking Eric Hansen’s YouTube channel

Esports18 hours ago

FPX player zehN accidentally reveals roster information

Esports18 hours ago

Broodmother reworked, Necronomicon removed in 7.29 update

Esports18 hours ago

Gambit vs Heroic ESL Pro League Season 13 betting predictions

Esports18 hours ago

Riot reportedly investigates Sentinel for sexual assault threats

Esports19 hours ago

Rogue make history in 3-1 losers’ bracket win over G2 Esports

Esports19 hours ago

Minnesota ROKKR shock OpTic Chicago at the Stage 2 Major

Esports19 hours ago

Jensen picks Annie in Mid-Season Showdown against TSM

Esports19 hours ago

100 Thieves advance to Grand Finals of VCT after defeating Envy

Esports20 hours ago

Rogue knock G2 out of LEC Playoffs with a historic win

Esports22 hours ago

G2 Esport Rekkles awarded with the 2021 LEC Spring MVP

Esports22 hours ago

Dota 2: Team Nigma Completes Dota 2 Roster With iLTW

Esports22 hours ago

LoL: Rekkles Named 2021 LEC Spring Split MVP

Esports23 hours ago

LoL: LEC 2021 Spring Lower Bracket Finals Recap- G2 Esports vs Rogue

Esports24 hours ago

New lineup shows that Sova can still domi on Split

Esports24 hours ago

Nigma welcome iLTW to the team

Trending