Main article Information security
Fortinet: Because of cyberthreats online shopping is more and more similar to combat operation
Security experts of Fortinet company advise not only to enter additional security measures for online shopping, but also prepares for it in advance, carrying out this investigation of reliability of the website of the seller and eliminating vulnerabilities in own gadgets.
So, before shopping it is necessary to be convinced that the used devices, systems, browsers and applications are updated to the latests version. It is especially important to update and set patches for operating systems on all used gadgets.
In addition it is necessary to check existence of an antivirus and to change passwords for more reliable. Also for calculations it is necessary to prepare the special card. Not superfluous will be to create the special virtual machine which will allow to limit cyberthreat of the borders on the computer or the gadget. And also to set multifactor authentication on the websites, important for you. Doing it, "be not limited only to check through the SMS, use special tools like Google Authenticator or YubiKey" — professionals advise.
Performing online purchases it is necessary to make sure available SSL-enciphering: "For the purpose of security in addition check that safe connection is set before pressing the button "Purchase'. For this purpose it is enough to look at an address bar and to be convinced that at the beginning costs https://, but not http://. Nearby there has to be a small icon with the image of the closed lock. If it is present, so data transmission is protected. Use of content filtering and blocking of advertizing using popular plug-ins with the open HTTPS code Everywhere and uBlock Origin which are available to the majority of browsers free of charge will be good addition for safety of transactions". In addition use for purchases VPN- connection (a virtual private network).
Check of the seller
Special attention should be paid to the website of the seller. Before using it, it is necessary to carry out a number of actions. They consist in the following: "Guide a mouse pointer at the link, and its URL address will appear in the form of a pop-up window or in the bottom of the browser of e-mail or the browser. Attentively study contents of a line before clicking on it. Everything looks normally? Whether there are in the address no too many hyphens or digits whether it looks too long? Whether the website URL address matches a text on the link or conducts somewhere to other place? Whether there is no substitution of letters in digits, for example, of amaz0n.com? Attentively study the URL address before following the link. It is possible to copy it in service of search of domains, for example, of who.is. It will give the complete information, including about when the website was created where it is located physically, given about the owner. Show mistrust to any links if they were created recently or registered in other country".
In addition it is necessary to check design of the website and its functionality, the description on it of goods and payment methods for them. It is worth trusting only those websites where for payment credit cards of the main types are accepted. "It is necessary to avoid the websites where it is offered to pay using direct bank payments, money transfer or using services without a possibility of tracking of payments. At an opportunity it is better to use PayPal or payment systems with marking of Verified by Visa — it will allow to protect in addition bank accounts and assets".
It is worth paying special attention to the goods and the price of it. "You remember if the offer looks too good to be the truth, usually indeed. Of course, really advantageous offers sometimes meet. But in general improbably low prices and easy availability of rare goods are significant signs of possible fraud or sale of counterfeits".
In general online shopping and development of digital platforms change our world, opening quick access to wider range of goods, than ever earlier in the history. However expansion of opportunities involves also emergence of new risks with which it is necessary to reckon.
Qrator Labs: Online retail in Russia is most subject to DDoS attacks and cracking
On November 13, 2019 the Qrator Labs company specializing in counteraction to DDoS attacks and ensuring availability of Internet resources provided results of a research of information security in the Russian sector of e-commerce in 2019. Poll was organized among the Russian representatives of retail doing business on the Internet (medium and large business).
According to survey conducted in the 3rd quarter 2019, the respondents representing average and large e-commerce most often faced for the last year DDoS attacks (34%) and cracking (26%). At the same time 10% note that they in principle did not fix serious incidents of cyber security.
| ||"Serious, dear DDoS-ataki are usually carried out or in the advertizing purposes — demonstration of opportunities of malefactors or "first attempt at writing" — or for a customer account, as a rule, the direct competitor of the victim. In Russia the main fight of retailers in which any means are used, as usual, happens not between large shops, and between small, often regional, the companies. Modern Russian large e-commerce is a civilized environment, and DDoS attacks on it — generally average and low level, nonprofessional and made, as a rule, for the purpose of racketing. The large and serious attacks noticeable in the market e - commerce - the companies on the whole face less often",|| |
More than a half of respondents note growth of DDoS attacks for the last year. At the same time, according to a third more of respondents, the level of this threat in 12 months did not change. A third of the polled retailers regularly faced for the last year DDoS attacks. 18% of respondents assume that could not fix or not identify correctly small incidents.
Most of respondents of average and large e-commerce consider the main motive of such attacks a racketing factor. Unfair competition is in the second place. In particular, the companies from the product sector in general are not afraid of the custom attacks from competitors.
| ||"Racketing becomes frequent the main motive at attacks on average and large retail. Having organized the attack, for example, during "Black Friday", the malefactor can demand the serious amounts for attack suspension. If the shop is not ready to the attack, then even very impressive requests of attacking will be satisfied. Also the attack can be dated for start of an active advertizing campaign. At the same time, as there is an active consolidation of the market, the industry is stabilized, the organization of the attacks because of unfair competition fades into the background and is observed generally in regions and segments where small retail is active",|
'Artem Gavrichenkov, the technical director of Qrator Labs noted'
The most effective remedy of protection against DDoS attacks of 42% of respondents consider the hardware solution placed on own infrastructure. More than a quarter – the operator solution. 18% of respondents use services of a distributed network of filtering.
The first method to which retailers usually resort is the organization of independent protection by installation of means of counteraction on own server. However the similar type of security measures is capable to neutralize only the simplest attacks and in most cases does not yield positive result. Some retailers prefer to rely on cloud scaling of server capacities, in clouds like Amazon, however in case of the DDoS-ataki organization of the company it is also necessary to pay all "garbage" traffic, any public cloud will not fulfill parasitic packets free of charge.
Average and large e-commerce already has enough funds for purchase of expensive "iron" for protection, however, as a rule, buys and installs the equipment without previously ordered and calculated project including the analysis of potential risks of the attacks. The products purchased, actually, at random, nevertheless, often maintain the loading given on them as in view of the settled market serious attacks on large e-commerce very seldom are carried out.
At acquisition of the WAF solution (Web Application Firewall) most of respondents (54%) are focused on protection against cracking, on the second place — protection against search of passwords. The subject of protection against parsing which was often exaggerated within a year concerns respondents from medium and large business much more to a lesser extent. Respondents consider a basic reason of cracking violation of operability of shop, theft of the user base is also often mentioned.
More than 60% note that they face (constantly or periodically) the bots preventing working activity. Modern retail really suffers from the attacks organized using bots and directed to the application layer of the websites, i.e. on web pages.
Bots are also engaged in search of passwords on the websites of large retail for the purpose of theft of credentials in the programs of loyalty allowing to receive goods for the saved-up points or for the purpose of purchase of goods on the plastic card of the cracked user linked to online store. For search the numerous bases including themselves email password pair, from other cracked resources — as those which are in a public access, and private are also used. There are also bots which are engaged in price analysis and a product line – so-called web scraping (parsing).
- Censorship on the Internet. World experience
- Censorship (control) on the Internet. Experience of China
- Censorship (control) on the Internet. Experience of Russia, Roskomnadzor
- Law on regulation of Runet
- VPN and privacy (anonymity, anonymizers)
- Protection of critical information infrastructure of Russia
- Law On security of critical information infrastructure of the Russian Federation
- National Biometric Platform (NBP)
- Single Biometric System (SBS) of these clients of banks
- Biometric identification (market of Russia)
- Directory of solutions and projects of biometrics
- Digital economy of Russia
- Information security of digital economy of Russia
- SORM (System for Operative Investigative Activities)
- State detection system, warnings and mitigations of consequences of the computer attacks (State system of detection, prevention and elimination of consequences of computer attacks)
- National filtering system of Internet traffic (NASFIT)
- Yastreb-M Statistics of telephone conversations
- How to bypass Internet censorship of the house and at office: 5 easy ways
- The auditor - a control system of blocking of the websites in Russia
- The Single Network of Data Transmission (SNDT) for state agencies (Russian State Network, RSNet)
- Data network of public authorities (SPDOV)
- Single network of telecommunication of the Russian Federation
- Electronic Government of the Russian Federation
- Digital economy of Russia
- Cyber crime in the world
- Requirements of a NIST
- Global index of cyber security
- Cyber wars, Cyber war of Russia and USA
- Cyber crime and cyber conflicts: Russia, FSB, National coordination center for computer incidents (NKTsKI), Information Security Center (ISC) of FSB, Management of K BSTM of the Ministry of Internal Affairs of the Russian Federation, Ministry of Internal Affairs of the Russian Federation, Ministry of Defence of the Russian Federation, National Guard of the Russian Federation
- Cyber crime and cyber conflicts: Ukraine
- Cyber crime and cyber conflicts: USA, CIA, NSA, FBI, US Cybercom, U.S. Department of Defense, NATO, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA)
- Cyber crime and cyber conflicts: Europe, ENISA
- Cyber crime and cyber conflicts: Israel
- Cyber crime and cyber conflicts: Iran
- Cyber crime and cyber conflicts: China
- As the USA spied on production of chips in the USSR
- Security risks of communication in a mobile network
- Information security in banks
- Digital transformation of the Russian banks
- Overview: IT in banks 2016
- The policy of the Central Bank in the field of data protection (cyber security)
- Losses of the organizations from cyber crime
- Losses of banks from cyber crime
- Trends of development of IT in insurance (cyberinsurance)
- Cyber attacks
- Overview: Security of information systems
- Information security
- Information security (world market)
- Information security (market of Russia)
- The main trends in data protection
- Software for data protection (world market)
- Software for data protection (the market of Russia)
- Pentesting (pentesting)
- Cybersecurity - Means of enciphering
- VPN - Virtual private networks
- Security incident management: problems and their solutions
- Authentication systems
- Law on personal data No. 152-FZ
- Personal data protection in the European Union and the USA
- Quotations of user data in the market of cybercriminals
- Virus racketeer (encoder)
- WannaCry (virus racketeer)
- Petya/ExPetr/GoldenEye (virus racketeer)
- Malware (malware)
- APT - Targeted or target attacks
- DDoS and DeOS
- Attacks on DNS servers
- DoS-attacks on content delivery networks, CDN Content Delivery Network
- How to be protected from DDoS attack. TADetails
- Fraud Detection System (fraud, fraud, fraud detection system)
- Solutions Antifraud directory and projects
- How to select an antifraud system for bank? TADetails
- Security Information and Event Management (SIEM)
- Directory of SIEM solutions and projects
- Than a SIEM system is useful and how to implement it?
- For what the SIEM system is necessary and as it to implement TADetails
- Intrusion detection and prevention systems
- Reflections of local threats (HIPS)
- Confidential information protection from internal threats (IPC)
- Phishing, DMARC, SMTP
- Botha's botnet
- Worms Stuxnet Regin
- Information loss preventions (DLP)
- Skimming (shimming)
- Sound attacks
- Antispam software solutions
- Classical file infectors
- Cybersecurity: means of protecting
- Backup system
- Backup system (technologies)
- Backup system (security)