In a recent blog post, we discussed your likelihood of suffering a data breach, referencing some of the more recent statistics from the ITRC (Identity Theft Resource Center) 2017 Executive Summary. As the summary points out, data breaches are on the rise, and one of the more insidious methods is through a form of hacking known as ecommerce malware.
Overall, hacking is the number one cause for a data breach, but what exactly is hacking? The term “hacking” is actually an umbrella term that includes breach methods such as phishing, skimming and malware.
Recently, Visa came out with a security bulletin entitled “Protect Against Ecommerce Malware.” While most people are surprised to hear that ecommerce malware is a form of hacking, it is a method that is becoming much more widespread and deadly. This type of malware generally targets the website itself and not the user who visits the website.
Ecommerce malware is like an “online payment data skimmer” designed to capture personal information so it can be used and/or sold illegally. To install the code, the attacker must gain access to your ecommerce server. Most commonly, access is obtained by guessing administrator credentials or using stolen information. That may sound like a tall order until you look further at the ITRC study. Unauthorized Access makes up 10.8% of all breaches.
Additionally, Unauthorized Access can be used for more than just installing ecommerce malware. It can be used for a host of other techniques that cause damage. Between these two reports, it’s becoming even more apparent why you need to have strategies and tools to combat these types of attacks and maintain a Security First mindset.
The best way to fight hackers is by having some ethical hackers on your side. The SpiderLabs team at Trustwave are those ethical hackers. They leverage a Global Threat database and are a significant reason why Trustwave won Best Managed Security Service at the 2017 SC Awards as well as being named a “leader” in Gartner’s Magic Quadrant for Managed Security Services.
Wind River has partnered with Trustwave and the SpiderLabs team to create the Advanced Security Package, a toolkit designed to help our customers be Security First. Web Malware Monitoring and Remote Access Security, two of the 13 tools included in the package, were designed specifically to counter Unauthorized Access and ecommerce malware attacks. If you’d like to learn more, contact us today.