The growing hacking threat to e-commerce websites, part 1
by Ilia Kolochenko - CEO at High-Tech Bridge SA - Tuesday, 17 December 2013.
Recently, a friend of mine, owner of a small online web store, had his website compromised. He asked me lots of questions about why this had happen (he didnít really have much sensitive information on his website), and how to avoid such security incidents in the future.

Many website owners donít even realize that they were compromised. The majority of the attacks remain undetected and unperceived today because of the high level of sophistication of these attacks, as well as the low level of security awareness among the victims. This is why I decided to write a short and simple piece about web application security to help small online merchants secure their websites and avoid security breaches and data leakages.

Why do web security incidents happen? Targeted, semi-targeted and untargeted web attacks

Iíd highlight three main types of attacks: targeted attacks, semi-targeted and untargeted attacks. The concept of a targeted attack is very simple Ė the final target of hackers is your website (or any other technical infrastructure) and nothing else. In the sector of SMB, e-commerce targeted attacks are fortunately quite rare, as they are quite time-consuming, complex and expensive to conduct, while the outcomes from a targeted attack against a small e-commerce website can hardly cover its cost. Hackers are good economists, and will rarely spend more money on the attack than the benefit they can get from it.

However, donít get excited too fast. Many website owners have a false feeling of safety being convinced that, due to the small size of their business [website] or due to an absence of known enemies, nobody will ever try to hack their website. Letís have a look on semi-targeted attacks to demonstrate that this presumption is wrong.

A semi-targeted attack is when hackers target you (quite often among a dozen other resources), but you are not their final target. To become the victim of a semi-targeted attack itís enough that your web server is hosted in the same subnet of a large datacenter where that large companyís server [the final target] is located as well. I am not even speaking about shared web hostings, where one web server has hundreds of different websites, and quite often itís enough to compromise just one to get access to the others. Hackers always follow the most efficient way: compromising the weakest link in the security perimeter, and your website or web server may perfectly fall into the weakest link category in many cases. Sufficient that a person hunted by the hackers has an account on your website, shop, forum or blog: for hackers itís much easier to compromise your website and try to reuse his or her password on other resources rather than attacking front-end of Gmail or PayPal to get access to his or her account there [the final target].

Donít think that if your usersí passwords are encrypted this will demotivate hackers, as the majority of hashing algorithms used in web applications are not strong enough against bruteforce or dictionary attacks; a good hacker may simply backdoor your login form and collect all user credentials in plaintext. In the most unlucky case, you may simply become an accidental victim of hacktivists, even if you are far away from politics, big corporations and banking institutions.

Itís enough that your web resource belongs to a specific country or just mentions products of a company targeted by the hacktivists, and they may come to vandalize your website, expose your customers or delete your database and backups. Why? Simply because your website was one of the most unprotected from their ďto-attackĒ list. Unfortunately, itís much easier to compromise a hundred of small websites to protest and create a media buzz, rather than deface Gazprom or NSA main websites. The above-mentioned examples are semi-targeted attacks, when you and your website are selected by hackers on purpose but just to facilitate their further targeted attack on bigger resources.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th