fbpx
More
  • By Category

  • By Type

  • Reset Your Search

Entering Through the Gift Shop banner Cyberattacks banner

 

 

The commerce sector continues to be the primary target for web application and API attacks, with over 14 billion incidents reported. This vulnerability is largely due to the ongoing digitalization within the industry and the persistent exploitation of web application weaknesses by cyber attackers.

A significant trend observed is the 314% increase in Local File Inclusion (LFI) attacks from Q3 2021 to Q3 2022. This surge indicates a shift towards remote code execution (RCE), where attackers utilize LFI vulnerabilities to establish initial access and exfiltrate data. In addition to LFI, other critical attack techniques such as Server-Side Request Forgery (SSRF), Server-Side Template Injection (SSTI), and Server-Side Code Injection have emerged as major threats. These methods pose significant risks to commerce organizations, requiring robust defenses to mitigate potential damages.

The commerce industry’s reliance on third-party JavaScript, which constitutes half of its usage, introduces substantial risks of client-side attacks like web skimming and Magecart attacks. These threats underscore the importance of implementing detection mechanisms on payment pages to comply with the updated PCI DSS 4.0 requirements. The potential abuse of security gaps in third-party scripts also raises concerns about supply chain attacks, which could target larger, more lucrative entities.

Moreover, Akamai’s observations reveal an alarming increase in malicious bot activities, with over 5 trillion events recorded in just 15 months. Commerce customers face escalating assaults from credential stuffing attacks, which often lead to fraudulent activities.

To combat these threats, it is crucial for commerce organizations to prioritize security measures that address these diverse attack vectors. By enhancing their defenses and staying vigilant, they can better protect their digital assets and customer data from the ever-evolving landscape of cyber threats.