Cybercrime is a global problem that’s been dominating the new century. It represents a challenge to individual security and poses an even bigger threat to large international businesses, banks, and governments. Today’s organized cybercrimes far out of rogue hackers of the past: modern cybercriminals function like startups and often employ highly educated developers who are continuously improving online attacks. Most companies have preventive security software to constrain these types of attacks or hire reliable partners to host their data. But no matter how secure you are, anyone dealing with cyberspace as a business owner should be aware of common cybercrime vectors and be able to ensure the website security within that space.
Common types of cybersecurity attacks
At the beginning of 2020, Norton reported a figure of 4.1 billion of records exposed to hackers or a +54% increase in number for half the year 2019 as compared to the same period of the year 2018. Cyberattacks touched the most financial, entertainment, healthcare, government, and business data (ranked from top to bottom).
The UK’s Department for Digital, Culture, Media, and Sport in its ‘Cyber Security Breaches Survey 2019: Statistical Release’ states:
‘Among 32 percent of businesses and 22 percent of charities facing breaches or attacks, the most common types are:
• phishing attacks (identified by 80% of these businesses and 81% of these charities);
• others impersonating an organization in emails or online (28% of these businesses and 20% of these charities);
• viruses, spyware or malware’.UK’s Department for Digital, Culture, Media, and Sport
Although the statistics relate to the UK region, the global stats reflect the same trend dominating the common attack vectors.
Based on Verizon’s 2018 Breach Investigation report, 92 percent of malware was delivered by email, and 32% of data breaches involved phishing.
Let’s examine this most common email malware delivery method.
Phishing is a type of social engineering used to steal the user sensitive data like credit card numbers and login credentials. Posing himself as a trusted individual, an attacker tricks the victim to open a text message, email, or instant message. The victim is then deceived to open a malicious link that can cause the system freezing as part of a ransomware attack, revealing sensitive information, or the installation of malware.
There may be different types of phishing: Vishing (phishing done over phone calls); smishing (SMS phishing), Search Engine Phishing, Spear Phishing, and Whaling.
You can explore some examples of phishing emails here.
The only way of self-defense against phishing is to be proactive – to protect your computer, mobile, phones, and accounts:
- by using security software;
- by setting software to update automatically;
- by using multi-factor authentication to include more credentials to log in to your account.
Let’s study what other self-protection measures you can apply.
Cybercrime self-protection measures
We’ve prepared a list of the security gaps mostly employed by hackers and your to-do list to divert danger from your business or significantly reduce risks of the security breaches for your online store or marketplace. As we have covered these issues many times, the below to-do list looks like a hub of references to more granular articles.
Tick in the points below for self-control. Don’t hesitate to ask our in-house information security specialist for explanations. It is simply his job to monitor and keep all our customers’ projects and websites safe and secure.
Don’t use the adminer.php script or other suspicious tools. Why?
Restrictions on what authenticated users are allowed to do are often not properly enforced there. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users’ accounts, view sensitive files, “sph” files, modify other users’ data.
The Simtech Development Hosting users can forget about the manual check of such suspicious scripts as we configured our server environment in such a way to automatically find, report and delete them.
Don’t use admin.php/administrator.php/etc. Why?
- If hackers know your CS-Cart version, it is easier for them to exploit the known vulnerabilities or features of a particular version in their favor;
- Captcha is absent here, hackers can discover your password by submitting many passwords to your admin panel login;
- Because of default passwords and emails. Be sure, most of them have been once hacked (check it here);
- Because of the cron password. The default CS-Cart one must be changed!
Our DevOps team monitors, discovers and thwarts attempts of attackers to use brute-force and vulnerabilities to compromise your website. We conduct research, find threats for web page security, report the CS-Cart original software developer about them and release patches faster then they are officially fixed.
Check for open ports. Why?
Information including the sensitive one leaks through open ports. This is an easy way for hackers to steal data. You can lock down some ports such as TCP port 80 (HTTP).
Be sure to check these and other vulnerabilities!
Don’t know how to check your website for vulnerabilities? Use our free software:
Update regularly both the store and the add-ons. Why?
Every piece of software gets older and accumulates vulnerabilities. They are known to hackers. The newer software is, the less it is known to hackers.
Aren’t confident in your powers? Entrust the upgrade to experts with over 14 years in webdev experience!
Self-protection is the first and the basic key to your online business security. However, it’s not often enough and cooperation with hosting providers is required. A big cloud service provider won’t be easy to attack. The Simtech Development AWS Cloud hosting team includes a quick response infosec guy committed to monitoring hackers’ attempts against our clients’ websites. The same team consists of other certified engineers and expert bug hunters. So, if you face a server-related issue threatening your webpage security, simply contact them.