Cyber Monday is one of the biggest online shopping days of the year. In 2017, Cyber Monday online sales grew to a record $6.59B, compared with $2.98B in 2015, and $2.65B in 2014.
It’s also becoming one of the biggest online crime days of the year. Sixty-four percent of companies report an increase in cyber crimes on Cyber Monday. Hackers are fully aware of how much money they can steal from e-commerce sites and customers during this very busy day, that it’s the day to hit big sites that do not have proper protection.
What is in it for them?
- Bragging rights: Little is as attractive to a hacker than taking down an e-commerce site during the biggest shopping day of the year and bragging about it on social media.
- “Free” stuff: Hackers will use automated tools to exploit known vulnerabilities on e-commerce and payment platforms to trick goods out of online sites.
- Stealing customers: Unscrupulous businesses can use hacking tools and bots to send huge amounts of traffic to your site. This creates stress on your servers and causes a poor experience, or completely blocks legitimate customers, prompting them to leave your site to search for alternatives.
Common Attack Methods
- Automated Scanners: scanning thousands of sites searching for vulnerabilities.
- Phishing attacks: using emails, popups, and messages to trick users into sharing account credentials and credit card information.
- Malware: injecting malware into e-commerce sites and using it to steal money and credentials from users, such as MagentoCore Malware.
- DoS and DDoS attacks: using open source tools and/or paid services to easily and inexpensively produce a DoS/DDoS attack; on Cyber Monday e-commerce sites expect a burst in traffic, making it harder to detect traffic anomalies.
- Gift Card Cracking: Running millions of number variations through gift card forms to identify gift card numbers that have positive balances and then sell them before the legitimate card holder has a chance to use it.
- Account Takeover: Using automated bots to hijack customer account credentials.
- Manipulating Payment Systems: Hacking payment systems to change pricing and then purchasing expensive products at low or no price.
How To Protect Your Site
- Use HTTPS encryption from a known Certificate Authority (CA): Implement strong authentication for web and data protection.
- Patch your system: Make sure that your e-commerce system and plugins are always up to date and don’t use untrusted open source software.
- Don’t store sensitive customer data: Only store what is mandatory for maintaining your e-commerce site; storing credit card numbers, expiration dates, and CVV codes is forbidden by PCI Standards.
- Scan for vulnerabilities: Scan your site’s code and application layer regularly; there are multiple tools online that can provide information and suggestions for securing your e-commerce site.
- Use a Web Application Firewall: Protect your application against malicious traffic and monitor the traffic to your site.
- Implement L3, L4, and L7 Denial of Service Attack Protection: Protect against these common attacks before they happen, instead of having to mitigate the aftermath.
Protecting Your Website With StackPath
StackPath Web Application Firewall security features provide exceptional protection for your e-commerce site.
- Block vulnerability scanners and brute force attempts: Hackers use bots to scan your web application’s surface, and search for vulnerabilities that can be exploited during future attack and penetration activities. Our automated traffic detection and prevention tools block unauthorized vulnerability scans, creating a headache for potential hackers, who are denied the ability to map your site and plan malicious activities, making an attack much more difficult and expensive.
- Full DDoS Protection: The StackPath network provides massive L3 and L4 DDoS protection while the WAF provides full L7 DDoS protection with an extremely high degree of accuracy.
- FREE private SSL certificates: Enable a free private SSL certificate , issued by Comodo, for your domain. Your certificate will be auto-renewed every 3 months to keep your security consistently up to date.
- StackPath rate limitation: Create rate limitation rules in StackPath WAF for specific URLs to prevent resources abuse.