The worldwide pandemic has wrought havoc on our well-being, our health, and our economy. The virus, governmental actions, and the consequential consumer behavior have resulted in many businesses freezing operations, or closing their doors altogether. It seems as if every day, we receive news of a fresh batch of regulations and rules due to Covid-19. While many countries move towards a new kind of normalcy, the world is currently still a very different place for most people.
At the same time, merchants must run their online stores with renewed vigor to ensure their businesses stay afloat and remain available for their customers. Meanwhile, hackers are using this opportunity to develop new online viruses, scams, malware, and other types of fraud.
How does online crime relate to the Covid-19 pandemic?
It may be surprising that a global pandemic has triggered excessive online attacks, but it’s not a new phenomenon in the world of hackers (or in the general world of crime). Major events, such as large-scale elections, the Olympic games, and natural catastrophes have all provided the perfect distraction in the past for nefarious individuals to take advantage of extraordinary situations. However, we’ve never had a global distraction of this magnitude in modern times. Ordinary people, along with corporations and governments, are all focused on the virus and the consequences trickling from the aftereffects. A large percentage of the workforce is working from home, and people have digitized their daily errands and activities, such as shopping, entertainment, and sports.
Because daily routines have changed, businesses need to cater to the new needs of their customers. This means online stores may be offering different services, products, and entertainment. Online customers may notice things are different, but they may not be able to identify suspicious changes to their favorite digital storefront. Customers may be visiting an online store for the first time, and they may not be familiar with their regular flows, and processes.
Online businesses have experienced unexpected growth in demand and may not be prepared to handle the demand from an operations perspective nor from a security standpoint. Additionally, many businesses were not prepared to adjust to a fully-remote workforce for an extended period.
As a result:
- Working-from-home employees may be accessing sensitive data from unsecured networks or devices
- Employees may have been given access to data erroneously
- Employees may not be following security protocols correctly, or at all, from their home office
Due to a distracted public and corporate world, along with massive changes in consumer needs, businesses find themselves especially vulnerable to online attacks.
How do data breaches occur? (aka, “To Err is human.”)
A CybSafe report compiled from data from the UK’s Information Commissioner’s Office confirmed that a whopping 90% of data breaches in 2019 occurred due to human error. This includes simple blunders, such as sharing passwords and login details, writing passwords in open areas online and offline, using easily compromised login details, opening questionable emails, and clicking on suspicious links. Frequently, human errors are caused by carelessness, a lack of time, inadequate security training, poor processes, distractions, and good intentions. It’s a common scenario where a person shares their username and password in order to save time, money, and effort.
The distraction due to Covid-19, employees working from home, and human error, all create a perfect environment for online criminals. Online security firms report that scammers are using the virus as bait for would-be victims. Using email campaigns, hackers can deliver spam, steal credentials, infect a computer with malware, and con people into paying outstanding invoices to the wrong bank account. Scammers impersonate organizations, like banks or government agencies, to trick victims under false pretenses.
While some attacks are directly related to Covid-19, many attackers use the distracted public to carry out their tried and true methods at increased volume and scope. For example, in January 2021, USA officials announced Russia as a likely source of a massive ongoing cyber attack carried out through a popular server software company. The company, called SolarWinds, is used by hundreds of thousands of organizations, including large corporations and US federal agencies. The threat allegedly originated from the same attack campaign that affected cybersecurity firm FireEye, foreign governments, and major corporations.
Book a call with Lokte’s team to discuss how our Data Breach Monitoring tool can help secure your online business against the world’s deadliest security breaches.
A Closer Look at Magecart Attacks
The volume of criminal organizations that are carrying out Magecart attacks is increasing. While these groups may have different motives, they still utilize identical methods and tactics with the usual financial objective. Commonly, Magecart attacks are used to expose personal information, such as credit card details, in order to sell the information on the black market. Additionally, stolen credentials may be used for more sophisticated attacks to commit fraud on other websites.
Magecart, a front-end type of attack, usually utilizes JavaScript’s vulnerabilities along with the client-side browser as a direct gateway to a customer’s private data. First, an attacker gains access to a website by either breaking into the infrastructure and inserting skimming malware, or by exploiting the vulnerabilities of third-party tools. Usually, businesses use third-party code and tools on their online storefronts for the efficiency, convenience, and enhanced user experiences they can provide. However, this means that the merchant does not control the entire code on their website, because third-party code has the same level of privilege as proprietary code. An online store may have code from 20 different companies that all have the same privileges as the website owner’s code.
This makes it easy for hackers to break into numerous websites once they find a third-party vulnerability. When hackers place malware into a website, it collects sensitive data entered by customers in the website. This collected data is then sent to an outside location designated by the hackers.
Magecart or front-end attacks can have catastrophic after effects
Magecart attacks are almost impossible to identify, which means they can sit in place for months until they are detected. As a result, they can affect a large number of websites and wreak havoc. Once the malware is removed from the website, it’s often not appropriately secured; this means that hackers can simply re-inject the Malware again (as in the cases of Marriott and Nutribullet). The consequential damage to a company’s reputation and the legal ramifications may be colossal.
Online stores with high traffic are especially attractive for attackers, because they potentially hold a large amount of data. That’s why eCommerce solutions that are currently experiencing a surge in traffic and transactions because of changing consumer behavior have also attracted unwanted attention to themselves unknowingly. Brand new customers, distracted existing customers, and a busy business create a perfect storm for attackers to break into sites, insert malware, and cause irreversible damage. McKinsey & Company found that in the US, eCommerce sales were predicted in 2019 to reach 24% of total sales by 2024; but by July 2020, online sales had already claimed 33% of total retail sales. In other words, during the first 6 months of 2020, the growth of online sales in the US equaled that of the last decade.
It’s important to note that company size does not matter for online criminals; hackers often prefer smaller businesses because they correctly assume they have a smaller budget for security measures.
How can businesses decrease the spread of malware and avoid data breaches?
- Businesses need to make online security their number one priority. Ensure that the access to your infrastructure and security protocols have not been compromised due to changes in your operations.
- It’s important to keep up with current trends and threats in the world of online security. By understanding the risks that may affect your business, you will be able to appropriately mitigate them before they happen. The most common risks include phishing, hacking malware, identity theft, and keylogging. Are you and your employees trained to recognize the signs of these attacks, and do you have clear procedures to follow? Make sure to mandate security awareness training for your employees, as it’s vital that everyone understands the basic principles of online security and knows which suspicious activity to flag, and how to follow security measures.
- Establish strong security protocols and ensure they are customized to your current working environment and followed. In addition to security policies, formulate a response plan or review your existing one and make sure it’s up to date with current conditions. For example, if your response plan was created when everyone was working in the office, but they are now working from home, the plan will need to be updated.
- Make sure that your software, hardware, and tools are up-to-date and patched. If your employees utilize personal devices, make sure those are also secured, and that security protocols are followed when using personal devices.
Lastly, ensure that you have the appropriate tools to safeguard your online business and that you are alerted when a potential breach is detected, so it does not go unnoticed for an extended period. You can find out about Lokte’s arsenal of security tools and services here. Online security is a complex business and it requires a multi layered approach to ensure that you keep your sensitive data, your customers, and your infrastructure safe and sound.
Schedule a call with Lokte’s dedicated security team today to learn more about protecting the digital security of your business and customers!
