by | 15 Mar 2016

3 types of ecommerce attacks you should know

The tremendous increase in online transactions has been accompanied by an equal rise in the number and type of attacks against the security of eCommerce sites. Some of these attacks have utilized vulnerabilities that have been published in reusable third-party components utilized by CMS, such as plugins. Other attacks have used vulnerabilities that are common in any web application, such as SQL. Other attacks such as ransomware are less known but more and more popular among hackers. This article discusses these vulnerabilities and how to prevent these from reaching your eCommerce site.

SQL injection attack is the new black

What is an SQL injection? SQL injection attacks, in their most basic form, are methods of abusing an application’s interaction with its back-end database. These attacks leverage non-validated inputs to modify existing database queries to achieve unintended results and frequently target websites and web applications.

How to prevent SQL injection? A key component that makes SQL injection interesting is that the vulnerability is actually based on poor web application implementation on the part of the victim, rather than vulnerabilities in the underlying database itself. The web server and database are essentially pawns in the attack and are just executing valid instructions—albeit with malicious intent. Therefore, there are no “patches” or “software updates” to rid the world of SQL injection. This can truly only be resolved through improved secure development principles and enhanced vulnerabilities detection capabilities that OZON cybersecurity solution can bring to you.

Compromised CMS through unpachted vulnerabilities

What  is a compromised CMS? In today’s network environment, content management systems (CMS) are ubiquitous. CMS provide an incredibly wide array of functionality including publishing, modifying content, organizing data and managing users. As with everything else, the more common it is, the more often it is targeted. CMS vulnerabilities that are left unpatched are often targeted and used as a foothold to install backdoor programs. A backdoor can lay in wait for days, months or even years before threat actors return to use it to gain access again.

How to protect your  CMS? By starting regular vulnerability scans of your website and web applications and implementing a more formal patch management process. This would help mitigate the possibility of known vulnerabilities contributing to another incident. OZON helps you to assess your eCommerce site and patch the discovered vulnerabilities (virtual patching). While these actions wouldn’t prevent all attacks, they were certainly a step in the right direction.

Data ransomware could kill your business

What is a data ransomware? Ransomware is characterized by malware that prevents users, typically through encryption, from accessing their system, file shares or files. After gaining access and control, threat actors hold the data for “ransom” until the user agrees to pay money to regain access to their data. For this reason, we consider data ransomware as a lethal data breach scenario.

How to avoid data ransomware? The only reliable way to defend against this threat is to ensure that your website is secure. It is recommended to run a daily automated scanning and if the website administrators deploy file integrity monitoring systems. These types of operations can also be quickly spotted on regularly updated Web applications.

It is in this context that OZON has developed a cybersecurity solution to protect companies from RansomWeb and other threats.  The virtual patching feature detect vulnerabilities and patch it until full remediation has been applied. Furthermore, OZON is monitoring all website flows and transactions, and protect it in real time from cyber-attacks. Do not wait, test OZON for free!