Cyber threats loom on the e-commerce sector during COVID-19 epidemic

Recent attacks on e-commerce

• In April 2020, a new Magecart skimmer dubbed MakeFrame had compromised at least 19 different e-commerce websites to steal payment card details of their customers.
• In March 2020, hackers had collected around $1.6 million by selling over 239,000 payment card records on the Dark Web, that were collected from thousands of online shops running a vulnerable version of Volusion e-commerce software.
• In Jan 2020, hackers were seen targeting e-commerce sites powered by AmeriCommerce software by injecting a malicious script with the ‘Add to cart’ button, which could change the value of the form’s action parameter.

Key threats to e-commerce

• Malware: Cybercriminals may be using some malware (like Pipka, JS-sniffers, Saefko, etc.) to target e-commerce websites.
• Phishing: Several cybercriminals were seen nursing phishing websites to lure their victims, as was observed in the case of MakeFrame, Amazon Prime, Amazon Alexa, and Google Home.
• Vulnerabilities: The attackers may also attempt to exploit the vulnerabilities in the e-commerce website, as was the case with Amazon Echo Show, Verisign, Blink XT2, Amazon Kindle, etc.
• Data Theft: Attackers also often target the e-commerce websites for the valuable data they hold, like credit or debit card details. Some recent examples of such attacks include PinnacleCart Server-Side Skimmers, Volusion, PlanetDrugsDirect, etc.

How to stay safe