• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » Four Types of Cyberattacks, and How to Prevent Them

Think Tank
Think Tank RSS FeedRSS

Four Types of Cyberattacks, and How to Prevent Them

Securing Supply Chains
Computer code and text displayed on computer screens. Photo: Bloomberg.
April 15, 2021
Sonal Puri, SCB Contributor

If 2020 taught us anything, it’s that change can really happen overnight. Within days of the first coronavirus shutdowns, stay-at-home orders, and physical businesses closing their doors, Americans were forced to change how they purchased goods like toilet paper and groceries.

Those new habits stuck around. According to data from the U.S. Census Bureau, e-commerce sales in 2020 totaled a massive $791.7 billion, an increase of 32.4% from 2019. As COVID-19 vaccinations roll out across the country, many remain hesitant to return to the pre-pandemic normal. An estimated 40% of consumers say they plan to shop in-store either the same amount or less after being vaccinated, according to a study from First Insight.

With more people buying goods online, hackers are taking advantage of the sea of personal information shared in these transactions. Early on in the pandemic, the FBI reported receiving between 3,000 to 4,000 cybersecurity complaints per day, a 400% increase over pre-pandemic numbers. The 1,572 e-commerce merchants surveyed by Webscale for our 2021 Global E-commerce Security Report reported that cybersecurity threats were their number-one business challenge during peak sales events — including bad bots, SQL injections, cross-site scripting (XSS) attacks, distributed denial of service (DDoS) attacks, and Magecart attacks. For a vast majority of businesses, the financial impact of these security incidents is significant, ranging from $100,000 to $250,000 on average.

Last year taught us that cybersecurity should be top of mind for all e-commerce businesses. They are committing to a 15% to 20% increase in security spending over the next three years. In order to be prepared for the road ahead, it’s important to understand the trends that emerged in this watershed e-commerce year, and which technologies can help businesses tackle these threats now and in the years ahead.

Four types of cyberattacks stood out last year due to their frequency and dramatic economic impact: Magecart attacks, carding attacks, credit card fraud, and ransomware.

Magecart Attacks

Magecart-type attacks were the biggest threat to e-commerce in 2020 and beyond. It’s the umbrella term for 13 different cybercriminal groups who practice digital skimming or form jacking to hack their way into customers’ personally identifiable information, especially credit card details, and sell them on the dark web. One of the biggest Magecart-type attacks was on British Airways in September 2018, affecting up to 380,000 customers and costing the airline $230 million in fines. Retail websites use third-party vendors and open-source libraries of code to deliver a rich customer experience. Unfortunately, these scripts introduce risks to the brand and business.

There are a handful of ways that businesses can detect or prevent such attacks. Real-time content-security policies (CSP) protection enhances trust between the browser and application server, validating trusted domains and preventing blocked domains from executing scripts. Multi-factor authentication (MFA) is also helpful by locking down the admin to only authorized users. This is a critical first step in security. and prevents bad actors from getting access to the back end.

Carding Attacks

These are the silent killer. Once credit card information is stolen, cybercriminals have to validate the cards to either sell them on the dark web or use them for committing credit card fraud. E-commerce websites are used to validate cards by attempting low-value transactions. Numerous application programming interface (API) calls are made in the process. If the website has tight security in place, this type of nefarious traffic can be identified quickly, and rate limiting can be activated on the checkout process to defend against the attack.

Credit Card Fraud

Many e-commerce merchants haven’t subscribed to a credit card fraud-detection system. Without it, an e-commerce website becomes a prime target. An intelligent fraud-detection and mitigation solution can detect anomalies in contact and shipping addresses, country of origin and IP, to flag suspicious transactions.

Ransomware

In 2020, ransomware became one of the most common cyberattacks among organizations. Ransomware is a kind of malicious software that infects a computer system and demands a sum of money be paid in order to mitigate the issue. The most recent high-profile attack against PC manufacturer Acer in March, 2021 is the highest ransom demand ever — $50 million paid in the Monero cryptocurrency. Despite the high risk, there are actions that businesses can take to minimize damage from ransomware attacks, including:

  • Maintain offline backups. The availability of backup files can help a business recover quickly from a ransomware attack.
  • Implement a data theft-prevention strategy. This is critical, as businesses today upload large amounts of data to cloud storage platforms that bad actors can misuse.
  • Monitor user account behavior. Monitor and analyze user behavior to identify potential security risks. If you suspect abuse, act quickly.
  • Deploy multi-factor authentication on all remote access points into an enterprise network. Focus on securing or disabling remote desktop protocol (RDP) access, a vulnerable entry point into a network for attackers.
  • Conduct penetration testing to identify weak points in enterprise networks and vulnerabilities such as CVE-2019-19781 that should be prioritized for patching.

The year 2020 was a challenging one for the world. It was also a year of tremendous growth and opportunity for the e-commerce segment — and sadly, one of the best for cybercrime. Today’s cybercriminal networks are well-funded, organized, and highly capable. While these groups are scaling their operations, the cybersecurity industry has gotten better at predicting attacks and developing solutions that can monitor, identify, and defend against a myriad of cyber threats. E-commerce businesses of all sizes should follow this four-step plan to get ahead of the cybercrime threats that arose in 2020 , and will continue into 2021 and beyond:

  • Evaluate the security vulnerabilities of your business, and the possible economic impact of a data breach, such as compliance fines or expensive customer litigations.
  • Create a cyber threat strategy that covers your complete ecosystem, including customers, partners, vendors, and employees.
  • Invest in automated, comprehensive cybersecurity services that offer full visibility into infrastructure, traffic, and assets, along with an expert team (internal or external) that understands the cloud and e-commerce.
  • Enforce a zero-trust strategy. Educate employees about cybersecurity best practices, the company’s data policy, and the cost of non-compliance.

With a clear plan in place, and lessons from the past year in mind, e-commerce businesses will be prepared for another successful year in 2021.

Sonal Puri is chief executive officer of Webscale.

Quality & Metrics Regulation & Compliance Supply Chain Security & Risk Mgmt E-Commerce/Omni-Channel

RELATED CONTENT

RELATED VIDEOS

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • DOCUMENTS BEARING THE INSIGNIA OF US CUSTOMS AND BORDER PROTECTION LIE ON A TABLE

    New CBP Regs Call for Greater Diligence by Brokers in Reporting Security Breaches

    Freight Forwarding/Customs Brokerage
  • A WORKER IN A WAREHOUSE, SUPERIMPOSED WITH GRAPHICS SHOWING SUPPLY NETWORK

    Enabling Intelligent Visibility With Supply Chain Analytics

    Data Management (Big Data/IoT/Blockchain)
  • GSCMS-Promo.png

    Watch: Introducing the Global Supply Chain Marketing Summit

    Education & Professional Development
  • A HAND TURNS A LARGE, LIGHTED DIAL WITH THE WORD RISK ON IT iStock-NicoElNino-1364371014.jpg

    Measuring KPIs and KRIs for Comprehensive Supplier Performance Management

    Technology
  • DEEPLY CRACKED EARTH UNDER A BLUE CLOUDY SKY

    Why Maritime Supply Chains Must Adapt to Sustainability Regulations

    Ocean Transportation

Digital Edition

Scb nov 2022 sm

2022 Supply Chain Innovator of the Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing