BreachExchange mailing list archives
90% of E-Commerce Global Login Traffic is from Hackers
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 24 Aug 2018 08:50:45 -0500
https://hackercombat.com/90-of-e-commerce-global-login-traffic-is-from-hackers/ A report conducted by Shape Security has revealed that 90% of e-commerce login traffic comes from hackers, which once again highlights just how important that internet security is in the current technological age. Hackers are reportedly using a process called “credential stuffing”, which is a form of cyber attack whereby stolen user details are used en masse to gain unauthorized access to accounts associated with a web application via large-scale login attempts. Credential stuffing is becoming a growing problem due to the fact that many users currently use the same passwords for a wide variety of different sites; naturally, this makes hackers’ lives much easier and is the reason you are advised to use different details for every site you visit and change your password as often as possible. It’s estimated that these attacks are successful around 3% of the time, with this type of fraud costing the e-commerce industry around $6 billion a year, whilst the airline and hotel sectors lose out on around $700m a year due to the theft of loyalty points and other bonuses offered to repeat customers. The most proficient hackers are well known for being very particular with regards to the kinds of businesses they target but in the main, it follows that the more lucrative the opportunity, the more chance there is of some sort of cyber attack. Are Hackers Targeting Real Money Sites More? When you consider that 90% login traffic that e-commerce sites receive from hackers compared to the 60% figure cited in the airline and banking industry, it would appear that cyber-criminals believe real money sites represent their best opportunity to score some cash. It, therefore, follows that companies such as Amazon and Paypal are targeted more than most due to the fact that customers are often required to link their debit cards or bank accounts directly to their online profile in order to allow for a smooth transaction. Whilst Amazon and Paypal are now considered to be two of the most secure sites on the internet, hackers are constantly coming up with new ways to bypass security measures, meaning that sites who deal in real money have to be more vigilant than most. Amazon is one of many real money sites that has been targeted by hackers in the past The same can certainly be said with real money gaming sites such as 888poker, where players can play poker cash games with real stakes and are required to deposit real money into their account in order to purchase virtual chips and currency. Many online casino sites have worked directly with hackers for years in order to ascertain just how easy it is to circumnavigate the sites security measures – with the growing popularity of real money Texas Hold’em poker and other poker variants, it is of the utmost importance that online casino sites have systems in place which their customers can trust and feel safe using. It’s important to note that due to the nature of real money sites such as Paypal and online casino companies, their security measures are often the most difficult to breach and so whilst hackers tend to target them more often than most, breaching their defences represents some of the most difficult challenges on the internet. Nevertheless, hackers are essentially virtual chameleons who tend to enjoy this challenge and operate on the mantra of “high risk, reward”, which explains why real money sites have to constantly evolve in order to protect their brand integrity and customer information. Hacker Trends on Real Money Websites Now we’ve established that real money websites are some of the most targeted on the web, it’s now important to consider just how they manage to breach some of the most intricate defence systems. Cyber-criminals are cunningly lazy in a strange way – they will often find the shortest possible route to their targeted destination and because of this, their methods have shifted somewhat over recent years. Back in the day (whenever that was), websites were often the target of most attacks but with the improved security associated with online poker and e-commerce sites, most now seem to prefer directly targeting users in order to obtain their login information. The easiest way to do this is undoubtedly through the use of spam and phishing e-mails, whereby hackers redirect unsuspecting users to sites where they hand over their information without much hassle. Whilst it’s fair to say that more and more internet users are becoming clued up to this kind of attack, those who are less internet savvy such as the elderly are still liable to be conned and so education (and re-education) is important in this regard. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- 90% of E-Commerce Global Login Traffic is from Hackers Destry Winant (Aug 24)