Cyber Security Strategy

Cybersecurity First: The Benefits of Proactive, Real-Time Security

by
Cybersecurity

This week’s theme is Cybersecurity First. It’s a reminder that even though Cybersecurity Awareness Month is coming to a close, cybersecurity should always be top of mind. Digital businesses must proactively establish a robust security infrastructure to protect their web apps before it is too late.

The risk of automated fraud and client-side attacks is higher than ever. It's not a matter of whether malicious hackers will breach an organization, but when. In referencing security experts and hundreds of millions of stolen user accounts, Yahoo News stated, “Sorry, America, you’ve already been hacked.”

Fortunately, many types of cyberthreats are well-known, and there are proven techniques to meet malicious hackers head-on. Proactively enabling real-time security measures gives you continuous visibility and control over attacks. Read on to discover what threats to look out for and how to prevent them, before your site is attacked and fraud is committed.

Get ahead of these top threats

Magecart, Digital Skimming and Formjacking

In 2020, there were 4,800 incidents of Magecart, digital skimming and formjacking attacks per month. Cybercriminals inject malicious scripts into third-party JavaScript code that skims credit card information from payment forms. They then use the cards to purchase items or resell the card data on the dark web. Because the attacks happen inside consumer web browsers, the vendors have no visibility into the client-side code changes that make the skimming possible.

Formjacking happens when cybercriminals inject malicious third-party JavaScript code into an online payment form on an e-commerce site. This allows them to hijack the form to collect payment card data, including card numbers, card verification values (CVVs), card expiration date, consumer name, address and phone number.

One example of this is the infamous SolarWinds supply chain attack. Cybercriminals injected a backdoor Trojan into the vendor's Orion Platform software source code repository to establish covert, unauthorized access. SolarWinds unwittingly transferred the Trojan to installations of its software across its customer base. Hundreds of public and private organizations that were SolarWinds customers had their systems infected as malicious hackers siphoned off their data.

The Volusion breach is the e-commerce version of the SolarWinds Hack. Criminal hackers compromised the infrastructure of Volusion, a provider of cloud-hosted online stores. The cybercriminals delivered their malicious Magecart attack code through Volusion servers to more than 6,500 e-commerce sites that used the platform. They stole payment card data from customers using payment forms across those e-commerce sites.

Credential Stuffing

Cybercriminals go shopping for credentials on the dark web where billions of stolen usernames and passwords are up for sale. Criminal hackers capture these credentials in PII harvesting and social engineering, attacks which doubled in volume last year.

Cybercriminals then launch credential stuffing attacks, using bots to attempt logins across social, travel, financial and e-commerce sites. If credentials are validated, bad actors can use them to gain unauthorized access to user accounts — and this is where the real havoc begins. Account takeover (ATO) attacks allow bad actors to steal assets stored in those accounts, sell the verified accounts on the dark web, and commit identity theft.

Unfortunately, this type of attack goes beyond the theoretical: Verizon Visible, Verizon’s budget offering, recently experienced a credential stuffing attack where customer accounts were taken over and orders were placed using stored payment information.

Twitter suffered a major ATO attack last year as malicious hackers used accounts belonging to high-profile politicians, businesspersons, and celebrities to tweet tens of millions of followers, scamming them into sending cryptocurrency to the attackers.

Carding

Carding works similarly to credential stuffing, but with credit card numbers instead of account logins. Malicious hackers can purchase credit and debit card numbers on the dark web and then use bots to test them by making low-value purchases on e-commerce sites. If the transactions go through and remain unnoticed by the cardholders, they have a winner.

Cybercriminals then use verified cards to make withdrawals or buy gift cards to convert to high-value products such as TVs, computers and smartphones. They then sell the popular items for profit. Credit card companies refund customers for fraudulent transactions, but vendors are held accountable. They can lose goods and revenue, and pay increased credit card processing fees if they fall victim to carding attacks.

The top carding cybercrime boss, The Joker, announced retirement early this year after raking in $2.1 billion in Bitcoin. The criminal’s site, The Joker’s Stash, was the biggest stolen payment card marketplace on the dark web. Although the Joker’s site is a thing of the past, carding fraud continues.

Prevent automated fraud and client-side threats in real time

Cyberthreats aren’t going away any time soon, so it’s best to be prepared. Being able to respond to threats in real time is crucial to staying ahead of automated fraud. Organizations can leverage state-of-the art cloud solutions that utilize machine learning and behavioral analytics to continuously detect attacks and respond in a targeted way. This ensures that cybersecurity is always put first, without requiring extra resources from your team to manage digital threats.

Want to learn more?

Read the complete Cybersecurity Awareness month blog series:

PerimeterX is Named as a Leader in Bot Manangement by Forrester

Download Report
© PerimeterX, Inc. All rights reserved.