Cybercriminals target e-commerce sites

Eden Estopace
27 Nov 2014
00:00

With the share of online sales from personal computers, smartphones or tablets growing every year, cybercrime activities targeting these transactions are also increasing.

Security firm Imperva said that this year’s Imperva Web Application Attack Report (WAAR #5) indicated that retail web applications suffer twice as many SQL injections than other web applications. The top three attack types were SQL injection, Directory Traversal and Cross-Site Scripting.

Imperva said there is a reason why cybercriminals are also in a shopping frenzy.

“The unusual motivation may stem from their desire to participate in the [seasonal] shopping fest. However, the most appealing hypothesis we’ve found for the secret motivation factor is belief; attackers believe that retail applications are more vulnerable during this time of the year, and that attacks are more likely to succeed,” Imperva said.

There could be two potential explanations for this. One is that to win the heart of the consumer, many online retailers come up with new campaigns and special sales, usually translated into new pages in their web application, which may present many vulnerabilities such s bad design, unsafe coding and usage of insecure third-party libraries.

During this season, retailers are also more reluctant to impose strict security measures as they may annoy users.

“Whatever the reasons may be, with the hope for increased income during the holiday season, retail application providers should make sure to be prepared for a wave of cyber-attacks,” Imperva said.

Related content

Follow Telecom Asia Sport!
Comments
No Comments Yet! Be the first to share what you think!
This website uses cookies
This provides customers with a personalized experience and increases the efficiency of visiting the site, allowing us to provide the most efficient service. By using the website and accepting the terms of the policy, you consent to the use of cookies in accordance with the terms of this policy.