Cybercriminals are targeting an ecommerce platform that you use. Online retailers are the most common industry targeted by cybercrime.
Cloud security firms Akamai Technologies The latest report in the State of the Internet Series was released on Tuesday, highlighting the growing number of attacks against the ecommerce sector.
The report, “Entering the Gift Shop – Attacks on commerce”, finds that retail cyberattacks are the most common vertical targeted. This accounts for over 14 billion (34%) of observed intrusions.
In order to enhance the online experience of customers and drive conversions, commerce organizations are increasingly dependent on web applications. The attackers target design flaws or security gaps in order to exploit web-facing applications and servers.
Retail, which is a sub-vertical of commerce, continues to be the target of the most attacks, with 62% of them affecting organizations as well as consumers.
Steve Winterfeld, advisory CISO of Akamai, says the main takeaways from this year’s conference are attack trends.
Record attacks on apps and APIs [application programming interface]A shift in the traditional attack methods. Emerging remote code exploration (RCE). And finally, a resurgence of risk in JavaScript environments [are] Driven by the need to protect Payment Card Industry Data Security Industry, we are bringing about changes. [PCI DSS 4.0] He told E-Commerce Times that he was “not sure what the E-Commerce Times is looking for.”
Tactical Shift Exploits LFI Vulnerabilities
Akamai’s new research shows that attacks involving local file inclusion (LFI), which are attacks aimed at stealing files from a web server, increased by over 300% between Q3 of 2021 and Q3 of 2022. LFI occurs when an attacker exploits vulnerabilities in how the web server stores files or controls their access.
The commerce sector is now most vulnerable to these attacks. These attacks replace SQL injection, indicating a trend towards remote code execution.
Researchers found that hackers exploited LFI vulnerabilities in order to get a foothold and steal data.
Rupeshchokshi is Akamai’s SVP for application security and GM.
Key Findings Anchor Attack Severity
The Akamai report outlines the different types of attacks commerce organizations and customers are facing. Chokshi said that researchers looked at elements like web applications, bots and phishing as well as third-party scripts in order to gauge the current state of this sector.
The results will allow cybersecurity leaders to better understand the threats facing this industry.
Apps and APIs are being adopted by commerce to adapt quickly to customer trends. This transformation increases the scope or attack surface that criminals can profit from and can be a challenge to secure as it is newer technology/methodology [that] Winterfeld said that the traditional security procedures may not be followed.
Threat Report Highlights
The research did not reveal any new threats. Winterfeld said that the report only mentioned a few known threats, and no new ones.
- In recent years, the attack methods of server-side request fraud (SSRF), template injection on the server (SSTI) and code injection on server (SSCI), have become critical to combat. They pose a serious threat to businesses.
- Half of the JavaScript used by the commerce vertical comes from third-party vendors. It increases the risk of client side attacks such as Magecart and web skimming. It is crucial to implement mechanisms to detect attacks in order to comply with the new PCI DSS requirements.
- Attackers can also take advantage of security holes in scripts. They could use this to gain access to more lucrative and larger targets within supply chains.
- Akamai reported malicious bot requests exceeding five trillion events within 15 months. The report outlines attacks on commerce customers, including credential stuffing that can lead fraud.
- In Q1 2023, over 30% of phishing attacks targeted brands associated with commerce.
- Attacks in Europe, the Middle East, Asia, and Africa (EMEA) are heavily skewed toward the retail sub-vertical — accounting for 96.5% of attacks versus 3.3% for hotel and travel.
- Over 20% of web attacks in Asia-Pacific Japan (APJ), targeting commerce, are targeted.
Cyber-attacks: Security practices to deter them
Winterfeld stated that researchers are constantly observing an increase in threats. These attacks can be stopped when organizations put their focus on security.
Security defenses that work include secure coding, and edge defenses that are well-managed. Other approaches include leveraging OWASP’s top ten API recommendation and following frameworks such as zero-trust network access and segmentation.