As Retail Businesses Shift Online, Hackers Getting More Sophisticated
As more retailers sell online, hackers are capitalizing on the surge in online shopping with increasingly sophisticated methods of stealing data.
A study by NuData, a Mastercard company, confirms how hackers are becoming progressively more sophisticated in their tactics as retail businesses shift online.
In the ‘2020 H2: Fraud and Risk at a Glance’ report, NuData analysed cybersecurity trends in 2020. The research found that in the second half of 2020, 76% of retail attacks were sophisticated with attackers using sophisticated scripts that imitate human behavior.
Retail Hackers Using Advanced Tactics
In the same period, 45% of IP addresses used in attacks were new instead of reused. This proves how hackers are using significantly more advanced tactics to improve the success of their attacks.
2.6% of stolen credentials used in attacks in the second half of 2020 were successful. This marks an almost twofold increase in the average percentage of successful attacks in the first half of the year, which stood at 1.4%.
The report provides invaluable insight into the growing prevalence of hacking as the popularity of online shopping escalates. In being aware that cybercrime targeting online retailers is on the rise, businesses can take the necessary steps to protect themselves.
As the authors of the report write:
“Companies must be ready to detect these attacks from the start and block them effectively – and do so without impacting legitimate users who are trying to access a company’s goods and/or services.”
Rise of Human-Driven Attacks
As well as using more complex software scripts, hackers are turning to another tool to bypass security protections – humans. The report found that ‘old’ hacking methods, including bot-detection tools, CAPTCHAs, and other technology that mitigate basic automation, are becoming increasing less effective. Consequently, cybercriminals are looking for alternatives to sidestep security defenses, particularly when targeting high-value accounts, such as loyalty points.
One such option is to use humans. Hackers are turning to using human farms to complete online tasks, such as posting reviews, creating new accounts, and solving CAPTCHAs.
NuData’s research found that during the summer of 2020, there was a four-month spike in attacks using human labor. Within the financial industry, there was a 350% increase in human-driven attack traffic during this period compared to the 2020 average.
What Can Online Retailers Do to Protect Themselves?
NuData reiterates the importance for small businesses to never drop their guard even if they see a low overall attack traffic. The report also points to the need to adapt strategies to stop cyberattacks from the start and block them effectively. The challenge is finding a way to block attacks without impacting legitimate users who are trying to access goods or services online.
According to NuData, tools that include biometrics and behavioral analytics are crucial to identifying tell-tale patterns in human farm behavior. Such patterns include how they type personal information into a farm or how far they move the mouse.
The full ‘2020 H2: Fraud and Risk at a Glance’ report can be downloaded here.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.