Ecommerce Security Trends from 2021

The shift from brick-and-mortar environments to ecommerce has not only changed consumer purchasing habits, but also criminal attacks on businesses. This shift has made ecommerce retailers an even larger target for online criminals, which threat actors are exploiting via eskimming. Eskimming is currently one of the most pervasive threats online business owners face today.

E-skimming, also known as formjacking or digital skimming, is difficult to detect, even for the most advanced security teams. In some cases, eskimming can go unnoticed for years. Eskimming has a much broader attack surface because it contains third-party scripts such as business analytics and advertising networks, making it easier for threat actors to attack. Threat actors run reconnaissance scripts, bot traffic, and other strategies to skim information.

Because online criminal activity is automated, the amount of attacks is greater. If you shut down one attack, there are more right behind it. About 4000 websites a day are getting hit with skimming attacks.

To detect whether your company has experienced a breach in your shopping cart, SecurityMetrics developed a tool called Shopping Cart Inspect. Using Inspect, SecurityMetrics Forensic Analysts review your rendered webpage code on your shopping cart URL to collect evidence of a skimming attack.

The results from Shopping Cart Inspect have been insightful into the current and future attack methods in ecommerce. Here is what we’ve found:

VIEW OUR FULL ECOMMERCE SECURITY TRENDS INFOGRAPHIC HERE

Ecommerce Security Trends From 2021 SecurityMetrics Shopping Cart Inspect Investigations

• 88.89% of Shopping Cart Inspect reviews identified malicious, suspicious, and/or concerning issues on researched ecommerce sites.
• 25.3% of inspected ecommerce sites had malicious issues.
• 63.86% of inspected ecommerce sites had suspicious issues.
• 33.73% of inspected ecommerce sites had concerning issues.
• 1.88 issues: Average number of issues identified in a Shopping Cart Inspect review.
• 18.42% of issues discovered were malicious; 61.19% were suspicious; 20.39% were concerning.
• Malicious: Evidence of card data being stolen. (Highest threat level)
• Suspicious: Identified issues increase the probability of a potential exploit. (Medium threat level)
• Concerning: Unlikely method of being breached, but identified issues could lead to a potential exploit. (Low threat level)

Top 5 Malicious Website Issues Found

1. Malicious Javascript
   Javascript appears to be acting in a malicious manner, such as harvesting credit cards or other sensitive data.
2. Malicious Post
   A script is running with a post of data to a known bad site.
3. Form Jacking
   Authorized payment webform is being replaced by a counterfeit.
4. Directory Browsing Enabled
   Directory Browsing is enabled on the web pages analyzed.
5. Malicious Double Checkout
   Double post of credit card data returning to alternate checkout page on merchant's server.

Top 5 Suspicious Website Issues Found

1. Javascript issue
   Out of date JavaScripts can lead to vulnerabilities available for future malicious attacks.
2. Out of date CMS - Suspicious
   Out-of-date web components. Unpatched or un-updated software is a leading cause of sites losing sensitive data.
3. Ads/Business Intelligence
   Advertising/Analytics content is being pulled into the pages being reviewed in the checkout environment. This can be a source of intermittent card/data loss due to drive-by malvertising.
4. Configuration Issue
   Missing required web server security headers.
5. iFrame Source Issue
   iFrame source appears to be suspicious or improperly configured or protected. Attackers often change the iFrame source to point to malicious web forms. iFrame may be misconfigured, allowing cross-site scripting attacks.

Top 5 Concerning Website Issues Found

1. Configuration Vulnerability
   A configuration item with a website or web server is not following best security practices.
2. Checkout Configuration Issue
   The implementation of certain aspects of the checkout process may not follow best security practices and could leave merchants vulnerable to certain types of attacks
3. Out of date CMS - Concerning
   Out of date web components, which would be unlikely to lead to a breach of site security but should be updated.
4. HTTP Header Issue
   Improperly configured HTTP headers can provide attackers with specific information about your web server setup, such as vulnerable software versions.
5. Mixed HTTP/HTTPS
   content called via HTTP in an HTTPS environment, breaking strict SSL/TLS protocol. In severe cases, this can be exploited by bad actors to view privileged content.

Takeaways

Digital skimming is a growing threat to organizations. SecurityMetrics has developed solutions to combat this threat so that you can keep your business secure. Pulse is available through the SecurityMetrics Threat Intelligence Center and is backed by 20-plus years of security industry experience, including over a million scans and thousands of security audits and investigations.

With a focus on continuous improvement, innovation, and collaboration, SecurityMetrics Threat Intelligence Center teams work together and with customers to provide each business with the best products and services for their environment."