Translated by
2020/01/14 13:10:05

Information security in e-commerce

Content

Information security

Main article Information security

E-commerce

2019

Fortinet: Because of cyberthreats online shopping is more and more similar to combat operation

Security experts of Fortinet company advise not only to enter additional security measures for online shopping, but also prepares for it in advance, carrying out this investigation of reliability of the website of the seller and eliminating vulnerabilities in own gadgets[1].

Preparation

So, before shopping it is necessary to be convinced that the used devices, systems, browsers and applications are updated to the latests version. It is especially important to update and set patches for operating systems on all used gadgets.

In addition it is necessary to check existence of an antivirus and to change passwords for more reliable. Also for calculations it is necessary to prepare the special card. Not superfluous will be to create the special virtual machine which will allow to limit cyberthreat of the borders on the computer or the gadget. And also to set multifactor authentication on the websites, important for you. Doing it, "be not limited only to check through the SMS, use special tools like Google Authenticator or YubiKey" — professionals advise.

Performing online purchases it is necessary to make sure available SSL-enciphering: "For the purpose of security in addition check that safe connection is set before pressing the button "Purchase'. For this purpose it is enough to look at an address bar and to be convinced that at the beginning costs https://, but not http://. Nearby there has to be a small icon with the image of the closed lock. If it is present, so data transmission is protected. Use of content filtering and blocking of advertizing using popular plug-ins with the open HTTPS code Everywhere and uBlock Origin which are available to the majority of browsers free of charge will be good addition for safety of transactions". In addition use for purchases VPN- connection (a virtual private network).

Check of the seller

Special attention should be paid to the website of the seller. Before using it, it is necessary to carry out a number of actions. They consist in the following: "Guide a mouse pointer at the link, and its URL address will appear in the form of a pop-up window or in the bottom of the browser of e-mail or the browser. Attentively study contents of a line before clicking on it. Everything looks normally? Whether there are in the address no too many hyphens or digits whether it looks too long? Whether the website URL address matches a text on the link or conducts somewhere to other place? Whether there is no substitution of letters in digits, for example, of amaz0n.com? Attentively study the URL address before following the link. It is possible to copy it in service of search of domains, for example, of who.is. It will give the complete information, including about when the website was created where it is located physically, given about the owner. Show mistrust to any links if they were created recently or registered in other country".

In addition it is necessary to check design of the website and its functionality, the description on it of goods and payment methods for them. It is worth trusting only those websites where for payment credit cards of the main types are accepted. "It is necessary to avoid the websites where it is offered to pay using direct bank payments, money transfer or using services without a possibility of tracking of payments. At an opportunity it is better to use PayPal or payment systems with marking of Verified by Visa — it will allow to protect in addition bank accounts and assets".

It is worth paying special attention to the goods and the price of it. "You remember if the offer looks too good to be the truth, usually indeed. Of course, really advantageous offers sometimes meet. But in general improbably low prices and easy availability of rare goods are significant signs of possible fraud or sale of counterfeits".

In general online shopping and development of digital platforms change our world, opening quick access to wider range of goods, than ever earlier in the history. However expansion of opportunities involves also emergence of new risks with which it is necessary to reckon.

Qrator Labs: Online retail in Russia is most subject to DDoS attacks and cracking

On November 13, 2019 the Qrator Labs company specializing in counteraction to DDoS attacks and ensuring availability of Internet resources provided results of a research of information security in the Russian sector of e-commerce in 2019. Poll was organized among the Russian representatives of retail doing business on the Internet (medium and large business).

Research Qrator Labs

According to survey conducted in the 3rd quarter 2019, the respondents representing average and large e-commerce most often faced for the last year DDoS attacks (34%) and cracking (26%). At the same time 10% note that they in principle did not fix serious incidents of cyber security.

Research Qrator Labs
«
"Serious, dear DDoS-ataki are usually carried out or in the advertizing purposes — demonstration of opportunities of malefactors or "first attempt at writing" — or for a customer account, as a rule, the direct competitor of the victim. In Russia the main fight of retailers in which any means are used, as usual, happens not between large shops, and between small, often regional, the companies. Modern Russian large e-commerce is a civilized environment, and DDoS attacks on it — generally average and low level, nonprofessional and made, as a rule, for the purpose of racketing. The large and serious attacks noticeable in the market e - commerce - the companies on the whole face less often",
»

Research Qrator Labs

More than a half of respondents note growth of DDoS attacks for the last year. At the same time, according to a third more of respondents, the level of this threat in 12 months did not change. A third of the polled retailers regularly faced for the last year DDoS attacks. 18% of respondents assume that could not fix or not identify correctly small incidents.

Most of respondents of average and large e-commerce consider the main motive of such attacks a racketing factor. Unfair competition is in the second place. In particular, the companies from the product sector in general are not afraid of the custom attacks from competitors.

«
"Racketing becomes frequent the main motive at attacks on average and large retail. Having organized the attack, for example, during "Black Friday", the malefactor can demand the serious amounts for attack suspension. If the shop is not ready to the attack, then even very impressive requests of attacking will be satisfied. Also the attack can be dated for start of an active advertizing campaign. At the same time, as there is an active consolidation of the market, the industry is stabilized, the organization of the attacks because of unfair competition fades into the background and is observed generally in regions and segments where small retail is active",

'Artem Gavrichenkov, the technical director of Qrator Labs noted'
»

Research Qrator Labs

The most effective remedy of protection against DDoS attacks of 42% of respondents consider the hardware solution placed on own infrastructure. More than a quarter – the operator solution. 18% of respondents use services of a distributed network of filtering.

The first method to which retailers usually resort is the organization of independent protection by installation of means of counteraction on own server. However the similar type of security measures is capable to neutralize only the simplest attacks and in most cases does not yield positive result. Some retailers prefer to rely on cloud scaling of server capacities, in clouds like Amazon, however in case of the DDoS-ataki organization of the company it is also necessary to pay all "garbage" traffic, any public cloud will not fulfill parasitic packets free of charge.

Research Qrator Labs

Average and large e-commerce already has enough funds for purchase of expensive "iron" for protection, however, as a rule, buys and installs the equipment without previously ordered and calculated project including the analysis of potential risks of the attacks. The products purchased, actually, at random, nevertheless, often maintain the loading given on them as in view of the settled market serious attacks on large e-commerce very seldom are carried out.

At acquisition of the WAF solution (Web Application Firewall) most of respondents (54%) are focused on protection against cracking, on the second place — protection against search of passwords. The subject of protection against parsing which was often exaggerated within a year concerns respondents from medium and large business much more to a lesser extent. Respondents consider a basic reason of cracking violation of operability of shop, theft of the user base is also often mentioned.

Research Qrator Labs

More than 60% note that they face (constantly or periodically) the bots preventing working activity. Modern retail really suffers from the attacks organized using bots and directed to the application layer of the websites, i.e. on web pages.

Research Qrator Labs

Bots are also engaged in search of passwords on the websites of large retail for the purpose of theft of credentials in the programs of loyalty allowing to receive goods for the saved-up points or for the purpose of purchase of goods on the plastic card of the cracked user linked to online store. For search the numerous bases including themselves email password pair, from other cracked resources — as those which are in a public access, and private are also used. There are also bots which are engaged in price analysis and a product line – so-called web scraping (parsing).

See Also





Notes