Electronic commerce has experienced a great increase in the last year and has become a common way of making our purchases thanks to the massive use of smartphones, the improvement in Internet access connections and the appearance of secure online payment gateways .
However, cyberattacks on e-commerce often occur that have serious consequences and end up compromising sensitive customer data or throwing away the platform’s services, leaving the virtual store offline or without access.
Today I share with you four cases of real cyber attacks on online stores and I recommend you visit this link to find out some recommendations on how to make safe online purchases.
1.- Attacks on stores created with Magento
Magento is one of the most popular platforms to create and manage virtual stores together with PrestaShop. In September 2020, there was a global cyberattack with techniques known as Magecart or web skimming aimed especially at online businesses created with this platform.
The objective of this cyberattack was to steal customers’ credit card details and the number of affected e-commerce sites was close to 3,000.
To carry out this attack, cybercriminals inserted scripts (small programs) on websites with the aim of stealing customers’ bank details when they entered their credit card at the time of checkout.
This cyber attack could be carried out because many online stores did not have Magento updated to its latest version and cybercriminals take advantage of vulnerabilities present in previous versions of the Denmark Mobile Database platform to be able to inject their malicious code to steal banking data.
2.- DDoS attacks on online platforms
Denial of service or DDoS attacks are intended to bring down a system or web server, saturating it with a large number of requests for which it is not prepared, so it ends up crashing or functioning poorly.
Online service platforms such as Netflix or Spotify suffered the consequences of this type of cyberattacks a few years ago, seeing how their online services were rendered useless for hours, causing great economic losses and negatively affecting their prestige and image .
This attack occurred with a malware known as Mirai, which infected a large number of smart devices that acted as an “army of zombies” forming a huge botnet , which when it carried out the attack was able to drop platforms of global companies with great prestige .
3.- Theft of data in Social Networks
The stores on Facebook or Instagram are very popular, and although the cybersecurity measures of these two social media giants are very sophisticated and powerful, they have not been spared from being attacked.
Not long ago, a group of Russian cybercriminals was able to compromise the data of millions of Facebook and Instagram users through malicious code that was inserted into browser extensions . These types of extensions facilitate, automate and add functions to the programs we use to navigate the web (toolbars, spam blockers or interface changes are some examples).
4.- Attacks on the Chinese giant Alibaba
The Alibaba group is the world’s largest online sales center with portals such as AliExpress. The latter receives millions of cyber attacks daily and therefore invests a large amount of money in advanced cybersecurity measures.
Throughout its history, AliExpress has suffered attacks that have Brother Cell Phone List compromised the data of the users of its online shopping platform. One of the most serious cases occurred a few years ago with a vulnerability that made it possible to find out the ID of a user connected to the platform with an automated script to track that mailing address.
Fortunately, this vulnerability was detected in time and the damage caused could be minimized . From that moment on, the Asian giant put cybersecurity at the center of its priorities, becoming one of the safest online platforms in the world, but which in turn is one of the ones that receives the most daily attacks.
Photo by AltumCode on Unsplash
Cybercrime does not rest and is always looking for new ways to access websites and virtual stores with the aim of stealing your sensitive data or throwing away your systems. The risks of cyberattacks during Black Friday and other dates with high online shopping peaks, require that the maximum security measures be taken to avoid fraud or unwanted third-party incursions into online businesses.
Cybersecurity must be one of the most relevant factors for an e-commerce, taking the measures and using the appropriate systems to be able to protect the data of your customers, in order to offer a satisfactory and safe user experience.
Keeping the platforms updated to the latest available version is one of the main measures that must be applied to minimize the risks of suffering a cyber attack