How XDR can Benefit Retail and E-commerce Stores

Retail and e-commerce sites have proved to be high-profile targets for security breaches. This requires extra vigilance on the part of businesses operating in this space. In this post we will outline how XDR can play an important role in detecting and preventing breaches in retail and e-commerce environments.

High Profile Breaches

We only need to pay passing attention to the news to see how frequently retail sites are impacted by security breaches. This is not surprising, given that they hold valuable data such as credit card details which are highly desirable to cybercriminals.

High profile retail breaches have seen the details of millions of customers stolen. This has caused significant reputational damage to the retailers affected and in some cases customers whose details were stolen have become victims of crimes such as identity theft. Here we will explore some of the more significant retail and e-commerce breaches:

• Personal and financial details of more than 10 million customers of fashion retailer JD Sports, who placed orders between November 2018 and October 2020 were breached. According to JD Sports the impact was limited as it did not hold full payment data and it had no reason to believe that account passwords were leaked.
• In 2018 150 million of UnderArmour’s MyFitnessPal accounts were compromised. To its credit, UnderArmour notified the affected customers very quickly even though all of the passwords were stored using strong encryption algorithms.
• In 2021, a database containing 1.1 billion records which included customer email addresses, belonging to CVS Health was exposed as a result of a misconfiguration. The database was stored unencrypted and had no password protection to prevent unauthorized access.
• In 2014 Hackers who managed to gain access to staff credentials were able to access account details of about 145 million eBay users. Records which were stolen included customer passwords but luckily no payment card details were exposed. While the passwords were encrypted, eBay advised customers to change their passwords immediately. Subsequently, details of 14 million Amazon and eBay accounts from 2014 to 2021 were sold in 2021 for $800 on a hacker forum. It is not clear whether the eBay accounts were related to the 2014 breach.
• Neiman Marcus, a luxury retailer, disclosed in 2021 that details including credit card and gift card numbers of 4.6 million account holders had been breached in May 2020. While card numbers and expiry dates had been exposed, no CVV numbers were compromised. According to Neiman Marcus, of the 3.1 million payment card and gift card numbers exposed, 85% were invalid or had expired.

Retail and E-commerce Sites Face a Number of Threats

Retail and e-commerce sites face a variety of threats, requiring comprehensive security measures in order to provide protection. Some of the most notable threats which they face include:

• E-skimming: This involves capturing information that customers enter in real-time - analogous to more traditional “card-skimming” in the physical world. Access to the e-commerce site is usually gained through a successful phishing attempt, cross-site-scripting (XSS) attacks, or even brute force attacks.
• Phishing: Probably the most significant threat faced by online retailers is in the form of phishing attacks against their customers. Cybercriminals attempt to trick customers into disclosing valuable information like passwords, account numbers or payment card details. Even more devastating are phishing attacks against the staff of e-commerce sites, aimed at gaining access to the internal systems of the site owner by stealing staff credentials. Cybercriminals who manage to compromise staff credentials sometimes go on to steal significant amounts of sensitive data.
• Fake e-Commerce Sites: Cybercriminals sometimes try to lure unsuspecting customers to fake retail sites which often look surprisingly like the genuine sites and which have domain names very close to the real site names. The criminals’ aim is usually to defraud customers who purchase goods which are never delivered. The owners of the real e-commerce site suffer through reduced customer numbers and loss of customer trust.
• Malware: E-commerce sites are attractive targets for cybercriminals who want to target site customers with malware. They can either inject malware into the site through attacks such as XSS or via authentic-looking messages, typically delivered via email.
• Distributed Denial of Service (DDoS): Cyber criminals often try to disrupt e-commerce sites by using botnets to bombard them with requests in order to overload their systems. This kind of attack is not focused on data theft, but is rather intended purely to disrupt the retailer’s systems.

Protecting E-commerce Sites Against Cybercrime

Owners of e-commerce sites need to develop comprehensive security strategies and practice defense in depth. Given the competitive nature of online retail, site operators tend to use agile development methodologies which allow them to release new features onto their sites very quickly. While many have adopted a DevOps methodology to speed up their development, an improvement on this is to adopt a DevSecOps process, which includes security at every step of the development and operations process.

Despite the best efforts of site operators, it is sometimes still possible for threat actors to bypass security measures and manage to breach the site. Their efforts do still leave traces, and this is where technologies like XDR can be of great value to detect and prevent attacks.

How XDR Helps to Protect E-commerce Sites

The comprehensive security requirements of retail sites mean that site owners will usually need to implement a diverse array of security tooling. Each tool will, in turn, generate its own alerts and telemetry.

XDR provides the ability to bring all of the telemetry and alerts from the diverse security tools in an environment back to a single location. XDR presents security alerts for the entire environment in a single interface providing an organization with a single pane of glass to manage the investigations of potential security incidents.

Samurai XDR provides you with the ability to bring all of the telemetry across your entire infrastructure into a single application for all of your detection and response needs. Start your free 30 day trial of Samurai XDR today.