Attempts to break into retail sites increased by 161% in the July to November period compared with the first six months of this year, according to security firm SecureWorks.
Katie Evans , Managing Editor, International Research
Hacker attacks against retail sites increased by 161% in the July to November period compared with the first six months of this year, according to security firm SecureWorks. After a big increase in network-scanning reconnaissance attacks in October, hackers dramatically increase efforts to fraudulently authenticate themselves to e-retailers, the firm says.
The authentication exploits include attempts to determine consumers’ user name and password combinations, which would allow criminals to make fraudulent purchases. “It is not surprising that the attempts to steal customer credentials greatly increased just before the holiday shopping season,” says Wayne Haber, director of architecture at SecureWorks. “The November authentication attacks also followed a significant increase in network scanning in October where we blocked 202,000 network scans per client.”
Network scans, in which hackers seek to find vulnerabilities in a retailer’s computer infrastructure, increased from an average of 56,000 per client per month in the January-to-June period to 90,000 monthly from July through November. Authentication attacks increased from an average of 6,000 per month in the first half of the year, to an average of 34,000 for the last five months, spiking at 137,000 in November, SecureWorks says. The data is based on 36 large U.S. retailers served by SecureWorks. All those attacks were blocked, SecureWorks says.
The firm called attention to a big increase this summer in attacks aimed at Microsoft SQL Server, a back-end database technology used by many retailers, SecureWorks says. The hackers initiated thousands of what are known as SQL injection attacks that attempt to inject malicious code into a target computer that could, for instance, copy all the customer information in a database and send it back to the hacker.
Other types of fraud threats against online retailers also are increasing, according to Retail Decisions, a payment card issuer and specialist in card fraud and payment processing. The company says its client retailers registered a 40% increase in attempted online fraud on the day after Thanksgiving, and that the average value of an attempted fraud was $248, 25% higher than last year.