Homehow ToHow to protect e-commerce sites from client-side attacks?

How to protect e-commerce sites from client-side attacks?

In September 2020, Criminals of cyberspace violated 2.800 e-commerce sites (e-commerce sites), introducing malicious code, with the aim of theft of financial information thousands of customers. The attack is considered her work Magecart, which uses JavaScript malware to target "shopping carts" related to the open-source e-commerce platform Magento. The experts security It is said to be the largest Magecart incident detected, but it is another client-side attack. These attacks are extremely profitable but also very common. In fact, such an attack takes place every 39 seconds.


Client-side attacks have a significant impact on retailers managing e-commerce sites. The successful ones attacks can lead to a loss of $ 508.000-598.000 per hour.

Ecommerce companies need to follow new strategies and take new measures for safety in cyberspace, to protect themselves. It is obvious that traditional tools and old approaches are not enough. To respond effectively to Magecart and other client-sides attacks, should incorporate the following crucial elements into their strategies:


Security solutions that prevent an attackThe security teams of e-commerce sites benefit from solutions that allow real-time monitoring, detection and prevention of breaches, before any damage is done. Most likely, the experts noticed that last year, they had allocated too many resources on the server side and not on the client-side. In 2021, they need to focus on the client-side, using tools that prevent and deter any infringement of e-commerce sites.

Full knowledge of third party / supplier activity: Ecommerce companies use 40 to 60 third-party tools, while adding three to five new third-parties technologies on their sites, every year. When so many "foreign" tools are used, there is always danger. Sites should have full knowledge of the activities of suppliers and partners. This is necessary not only for the security of the site, but also because it is a requirement of the General Protection Regulation Data of the European Union (GDPR). The Regulation stipulates that the sites are responsible for the actions of their third party suppliers.

Zero-trust approach: Once e-commerce sites gain full knowledge of the environment, they must enforce effective controls in this. Ideally, to have as much as possible safety, third parties should not have access in a lot of information, except the necessary ones. This means that companies follow Zero-trust approach, in which there is no absolute trust in anyone and therefore access to systems and data is limited to what is absolutely necessary. The virtual websites for third party access play an essential role as they create a copy of the actual website, which excludes anything that third party companies should not see. As third-party scripts are isolated from the actual site, JavaScript changes made by hackers will not cause any damage.

In most cases, hackers seek two things: to earn as much money as possible and do it as easily as possible. The client-side attacks are ideal for both of these criteria and that is why they are so popular. This means that e-commerce companies can not hold a passive stance. They must implement defense strategies based mainly on prevention, full knowledge of everything and zero confidence. In this way, they can increase their security to some extent.

Source: Infosecurity Magazine

Digital fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!