The global pandemic has seen a massive surge in online shopping and service use. Unfortunately, it's also seeing a significant increase in client-side cyberattacks, says Tala CEO Aanand Krishnan.
COVID-19 has impacted the world in many ways. From an economic point of view, there’s been a dramatic shift in consumer behavior. Although many businesses have suffered unfortunate downturns, online shopping has increased significantly : 91% in the United States alone.
Good news for e-commerce businesses. Unfortunately, it’s also a good time for cybercriminals: Magecart attacks on online retailers and banks have increased by 20% during the pandemic. We’re seeing ‘MakeFrame’ (a new data skimmer linked to the threat group ‘Magecart Group 7’) using compromised sites for all three of its functions: hosting the skimming code itself, loading the skimmer on other compromised websites and exfiltrating the stolen data.
The skimmer sends stolen data in the form of .PHP files to other compromised sites for exfiltration. In all of these cases, the skimmer is hosted on the victim’s domain. The stolen data is posted back to the same server, or sent to another compromised domain.
In March 2020 alone, we’ve seen big, established brands like Nutribullet, True Fire and Tupperware all hit with these types of attacks; 19 SMB websites were attacked during this period, no business is too small.
Targeting the crisis
As the number of coronavirus domains registered weekly is rocketing, so are the volumes of search and discussion in social media. Inevitably, malicious discussions are tracking upward with that trend, luring increasing numbers of users to fraudulent and malicious websites. Phishing attacks are being launched by cybercriminals using variations on the words ‘corona’ or ‘covid’ to dupe users into entering their credentials to receive information or other health-related offers. Some attackers have even targeted online maps and dashboards designed to track the spread of the disease, injecting malware into the client-side to steal everything from credit card numbers to passwords and other credentials.
Users in search of everything from health information to online bargains are at significant risk from card skimmers and other cybercrime, including data theft. In a sinister twist, scammers are creating websites offering fake home testing kits and apps they falsely claim can protect people from the virus.
Cybercriminals are even offering “COVID-19” discounts for their hacking, exploitation tools and other malware for sale on the dark web, lowering the barrier to entry for would-be online scammers.
This changes everything
While many have observed that the digital disruption in commerce is inevitable, this crisis has accelerated that trend. It seems likely that the shifting priorities in purchases and re-calibration of spending we’re seeing will continue. As billions of people stay indoors, there’s been a surge in demand for online learning platforms, home and kitchen products, fitness and wellness, and online financial services including everything from insurance to banking and lending.
As consumers adapt their behavior to cope with the pandemic, it’s likely that, in the short-term we’ll see brand abandonment driven by availability, while niche or specialist industries with mature online distribution will grow. For e-commerce, this switch in purchase drivers presents a real opportunity for excellence in online experience – with more online shoppers than ever, site performance, frictionless transactions and security can become key differentiators, not least because attackers view this crisis as a great opportunity.
All the security, none of the compromise
As we’ve just seen, if an attacker can get into the browser, they can unleash several modes of attack. Fortunately, the experts that built our rich, highly functional web (and the powerful browsers we use to access it) also developed the standards and controls we need to secure it. Content Security Policy (CSP) is the best known of a comprehensive set of controls including SRI, HSTS and Feature-policy that are vetted and monitored by organizations such as W3C and leading figures in the web security community.
These controls deliver client-side security measures designed specifically to protect against attacks like Magecart, XSS, credit card skimming and customer journey hijacking. Yet only 2% of website operators deploy CSPs capable of preventing client-side attacks.
Activating standards-based security ensures exceptionally efficient website performance. By using the standards that are already in place, already browser-native, you get all the control with no additional overhead. When you automate that process, as Tala does, you can achieve unmatched performance without compromising on client-side security.
Tala has it covered
Tala’s technologies allow you to automate high-quality, standards-based security, including fine-grained CSP and SRI. Our analytics engine provides the insight and analysis of your organization’s unique risk profile . We then automate the activation of these standards to help accelerate security while keeping pace with this rapid shift in consumer behavior - and the accompanying increase in site traffic. Without impacting performance in any way.
Tala enables your WebOps and security teams to focus on delivering a high-quality, secure web experience while supporting the innovations your marketing and digital teams want to deliver for your customers. Book your FREE website analysis now and see how easy it can be to secure your site against every type of client-side attack.