[BreachExchange] 90% of E-Commerce Global Login Traffic is from Hackers
Destry Winant
destry at riskbasedsecurity.com
Fri Aug 24 09:50:45 EDT 2018
https://hackercombat.com/90-of-e-commerce-global-login-traffic-is-from-hackers/
A report conducted by Shape Security has revealed that 90% of
e-commerce login traffic comes from hackers, which once again
highlights just how important that internet security is in the current
technological age. Hackers are reportedly using a process called
“credential stuffing”, which is a form of cyber attack whereby stolen
user details are used en masse to gain unauthorized access to accounts
associated with a web application via large-scale login attempts.
Credential stuffing is becoming a growing problem due to the fact that
many users currently use the same passwords for a wide variety of
different sites; naturally, this makes hackers’ lives much easier and
is the reason you are advised to use different details for every site
you visit and change your password as often as possible.
It’s estimated that these attacks are successful around 3% of the
time, with this type of fraud costing the e-commerce industry around
$6 billion a year, whilst the airline and hotel sectors lose out on
around $700m a year due to the theft of loyalty points and other
bonuses offered to repeat customers. The most proficient hackers are
well known for being very particular with regards to the kinds of
businesses they target but in the main, it follows that the more
lucrative the opportunity, the more chance there is of some sort of
cyber attack.
Are Hackers Targeting Real Money Sites More?
When you consider that 90% login traffic that e-commerce sites receive
from hackers compared to the 60% figure cited in the airline and
banking industry, it would appear that cyber-criminals believe real
money sites represent their best opportunity to score some cash. It,
therefore, follows that companies such as Amazon and Paypal are
targeted more than most due to the fact that customers are often
required to link their debit cards or bank accounts directly to their
online profile in order to allow for a smooth transaction.
Whilst Amazon and Paypal are now considered to be two of the most
secure sites on the internet, hackers are constantly coming up with
new ways to bypass security measures, meaning that sites who deal in
real money have to be more vigilant than most.
Amazon is one of many real money sites that has been targeted by
hackers in the past
The same can certainly be said with real money gaming sites such as
888poker, where players can play poker cash games with real stakes and
are required to deposit real money into their account in order to
purchase virtual chips and currency. Many online casino sites have
worked directly with hackers for years in order to ascertain just how
easy it is to circumnavigate the sites security measures – with the
growing popularity of real money Texas Hold’em poker and other poker
variants, it is of the utmost importance that online casino sites have
systems in place which their customers can trust and feel safe using.
It’s important to note that due to the nature of real money sites such
as Paypal and online casino companies, their security measures are
often the most difficult to breach and so whilst hackers tend to
target them more often than most, breaching their defences represents
some of the most difficult challenges on the internet. Nevertheless,
hackers are essentially virtual chameleons who tend to enjoy this
challenge and operate on the mantra of “high risk, reward”, which
explains why real money sites have to constantly evolve in order to
protect their brand integrity and customer information.
Hacker Trends on Real Money Websites
Now we’ve established that real money websites are some of the most
targeted on the web, it’s now important to consider just how they
manage to breach some of the most intricate defence systems.
Cyber-criminals are cunningly lazy in a strange way – they will often
find the shortest possible route to their targeted destination and
because of this, their methods have shifted somewhat over recent
years. Back in the day (whenever that was), websites were often the
target of most attacks but with the improved security associated with
online poker and e-commerce sites, most now seem to prefer directly
targeting users in order to obtain their login information.
The easiest way to do this is undoubtedly through the use of spam and
phishing e-mails, whereby hackers redirect unsuspecting users to sites
where they hand over their information without much hassle. Whilst
it’s fair to say that more and more internet users are becoming clued
up to this kind of attack, those who are less internet savvy such as
the elderly are still liable to be conned and so education (and
re-education) is important in this regard.
More information about the BreachExchange
mailing list