If criminals are more likely to follow the money, it’s no surprise that the internet is a veritable wild west, jam-packed with digital delinquents and have-a-go hackers prowling the web in their droves.
In 2017 alone, the Ecommerce market made an estimated $1.4 trillion in global sales, giving plenty of motivation for thieves to target online retailers — especially since the chances of getting away scot-free are pretty high.
Whether you’re running an online business, or you’d just like to brush up on your cyber security knowledge, read on as we delve into the 6 most common cyber attacks (along with ways you can avoid them!).
We’ve all received a spam email at some point, whether it’s an advertisement for ‘male enhancement’, or an urgent message from a Nigerian prince regarding a sudden windfall of cash. However, while they’re often regarded as comically inept and relatively harmless, these emails can cause immense damage to anyone who does fall for them.
The most dangerous emails potentially lurking in your inbox are those that are designed to catch information that can be used to siphon money from you. Phishing emails aim to do this in several ways. Some may lead you to a website that looks identical to your online bank’s login page, but upon entering your credentials, they’ll be sent straight to the hackers running the scam. Others may masquerade as email providers or support teams, falsely claiming that your account has been compromised. Upon receiving a response, the scammers will then employ social engineering techniques to glean sensitive information in an attempt to gain access to the victim’s account.
To protect your business from these attacks, read every email you receive very carefully. It’s important to understand that most companies will never ask for sensitive information via email, and so if this is the case, we’d recommend ending the conversation there! If you’re unsure about an email message, check the address it came from, and use a search engine to verify that it matches the real contact information.
Distributed Denial Of Service (DDoS) attacks are an increasingly prevalent problem. These attacks are very similar to a targeted phishing campaign, except instead of trying to trick users into revealing personal information, attackers flood sites with fake requests. As a result, legitimate users might experience slowdowns, errors, or even find themselves completely unable to reach certain web pages at all.
While DDoS attacks are, unfortunately, rather common, there are steps you can take to mitigate their effects.
- Maintain a strong update schedule. You may not need to worry too much if you’re using a quick-start CMS, but it’s fairly common for ambitious sellers to host their own open source solutions for extra customization. If that’s you, be sure to regularly update your core services and plugins.
- If your website gets targeted by hackers, then the damage is usually done before you realize anything is wrong. So, if you’re going to host your site on the internet, make sure you choose a reliable web host that offers DDoS protection. Most reputable companies will offer both basic and advanced DDoS mitigation services. Service providers like Cloudways, for instance, offer extra protection against DDoS attacks. Any site using the Cloudways cloud hosting platform as a base for their ecommerce business should find their store well-defended due to its free Cloudflare integration.
- Keeping up with industry trends is important. Every day brings news of new attacks, new ways hackers might try to get into your systems, and new ways companies are trying to protect themselves. Keeping an eye out for relevant information and staying aware of the latest developments in technology will help you stay ahead of the curve. Be sure to follow security blogs or subscribe to a curated Twitter feed to keep yourself updated.
While some criminals may try to gain access to your main email account through social engineering methods or by exploiting a vulnerability, brute force attacks rely on hackers using specialized software. This software will systematically attempt millions of character combinations in order to force its way into your account.
Needless to say, this tactic is extremely time-consuming and prone to failure, but it can work; especially if your password is one of the most commonly used — check this list to ensure this isn’t the case!
To protect against a brute force attack, be sure to choose a complex password — avoid common word or number combinations and always aim to use at least eight characters, with a good mix of uppercase, lowercase and special characters. It’s also a good idea to employ multi-factor authentication, as this will immediately scupper any attempts to access your account.
SQL injections are as common as they are dangerous. Put simply, SQL is a programming language used for databases that serve as a foundation for a website. When a weakness is discovered within this coding, criminals can easily exploit it, injecting malicious commands which will allow them to control and manipulate your site, or shut it down entirely.
While SQL injections are a relatively old-fashioned method of attack, there’s still a good chance your site could be vulnerable to some extent. By its nature, SQL is a language designed to ease the process of sharing information, with the first version released decades before the internet was founded. As a result, hackers are still rather fond of exploiting the vulnerabilities of the language and so it’s worth protecting yourself, especially as it’s likely your store’s database is built with SQL.
To stay adequately protected against SQL injections, it’s important to keep your store software up to date. You should also avoid using cheap website builders and instead opt for a professional web developer to build your site from the ground up. This way, if something does go awry, you won’t be the one left to untangle the mess.
Malware (malicious software) is an umbrella term to describe software designed with the intent of damaging or disabling computer systems, or siphoning information from an infected host machine. There are many different types of malware, including viruses, worms, Trojans, and spyware. In most cases, Malware is installed on the victim’s computer with neither the user’s knowledge nor consent and is often disguised as a legitimate file or program. Malware can be difficult to remove once it has been installed, causing long-term damage that can be challenging to repair.
There is a myriad of different types of malware. Viruses and worms are designed to spread to other computers, infecting them in the process. This allows the creators of the malware to then sell software that removes the virus or worm. Spyware collects information which is then sold to marketing companies and ransomware can disable a victim’s PC, with hackers demanding payment in order to restore the machine to full functionality.
As is often the case, the best way to defend against these attacks is by keeping all your software up to date — this way, any vulnerabilities or potential areas of exploit will be patched, closing any security holes before hackers have a chance to take advantage of them. A fully-featured antivirus package should provide adequate protection too, but again, be sure to update it regularly. Scan your computer weekly, and proceed with caution when opening any email attachments, as they’re a common vector for malware infection! As a general rule of thumb, it’s best to not open any email attachments unless you recognize and trust the sender.
This form of attack involves a malicious actor intercepting communication between two victims to secretly eavesdrop, alter, or hijack any data being exchanged. This is usually achieved through an attacker spoofing the IP address of one victim to the other, or by using a compromised server as a relay point. Once the attacker is in place, they can passively ‘listen in’, or actively tamper with the data being exchanged to inject false information, redirect traffic, or hijack the session altogether.
Man-in-the-middle attacks can be very difficult to detect, as the victims may be left completely unaware that anything untoward is happening, and the perpetrator can easily masquerade as one of the legitimate parties. This type of attack is often used to lift sensitive information, like login credentials or financial data, or as a launchpad to direct further attacks at the victims.
Pay attention to the security of websites you use to prevent man-in-the-middle attacks. Whenever entering confidential information, make sure the URL is “HTTPS” instead of HTTP. You should also pay attention if your browser warns you about an out-of-date security certificate on a website, as attackers could exploit these websites by using man-in-the-middle techniques.