8 predictions for eCommerce cybersecurity in 2017

From creative ransomware to DDoS through the industrial Internet of Things, we will see an increased professionalization of attacks targeting eCommerce sites in 2017. We rank the most popular attacks of the year we have seen and describing in our blog articles, analyzing their evolution and taking a look at the cyber threats that 2017 has in store.

Prediction #1: Growing Cybercrime

Prediction 1: Growing #Cybercrime Click To Tweet

According to CSO, cybercrime damages expected to cost the world $6 trillion by 2021. Cybercriminals focus their efforts on those attacks which can rake in the most profit, using more effective tactics and professionalizing their operations in a way that allows them to make quick and easy money in an efficient manner.

Once again, healthcare, eCommerce and financial will be the sectors most targeted by cyber criminals. SMBs will become a bigger target for cybercriminals because they lack the security budgets of large enterprises.SMBs are more vulnerable to hacking attacks that can easily compromise their systems and steal sensitive information.

Prediction #2: Taking advantage of known vulnerabilities

Prediction 2: Taking advantage of known #vulnerabilities Click To Tweet

We will continue to see the majority of attacks beginning with an exploit taking advantage of a known vulnerability where a patch has been readily available. Recent research indicates that 80% of data breaches happen by way of known vulnerabilities. Hackers will exploit these security holes via spyware, ransomware, rootkits and spambots. Update, patch, or prepare to be hacked.

Prediction #3: New trends for online fraud

Prediction 3: New trends for online #fraud Click To Tweet

Counterfeit credit cards will reduce thanks to countermeasures adopted by the financial institutions, such as the diffusion of EMV cards and the adoption of digital wallet solutions. Unfortunately, that will push more fraudsters online to monetize fake and stolen credit cards.  You should also expect a growing number of attacks on third-party payment applications that link to accounts at the financial institution.

Prediction #4: Ransomware everywhere

Prediction 4: #Ransomware everywhere Click To Tweet

This year, FBI has stated that the utilization of ransomware has reached an incomparable high. Within the first 3 months of 2016 alone, cyber criminals have collected $209 million by extorting businesses and establishments to unlock computer systems. In 2017, we tend to predict digital ransom attacks will become more prevalent and sophisticated. Ransomware attacks will target more and more eCommerce websites to hit their customers. We want you to keep in mind that paying the ransom does not guarantee the total recovery of stolen data.

Prediction #5: IoT devices as a springboard to DDoS

Prediction 5: #IoT devices as a springboard to #DDoS Click To Tweet

Next year, we will assist with a growing number of cyber-attacks powered by compromised IoT devices. New attacks powered by improved versions of the dreaded Mirai Botnet will emerge. The lack of security by design and poor security settings will be the principal reasons for the success of the attacks that will target IoT devices next year. Unfortunately, IoT vendors will continue to release on the market devices that can be easily exploited for cyber-attacks. Some of them will also be offered for rent to power massive DDoS attacks.

Prediction #6: DDoS Attacks to block online shopping

Prediction 6: #DDoS Attacks to block online #shopping Click To Tweet

The final months of 2016 witnessed the most powerful DDoS (Distributed Denial of Service) attacks in history. These attacks were carried out by bot networks that relied on thousands of affected IoT devices (IP cameras, routers, etc.). 2017 will see an increase in this kind of attack, which is typically used to blackmail companies or to harm their business (by blocking web access, online shopping, etc.). More information on DDoS with our last article on Chrismas gifts for carrying out DDoS.

Prediction #7: Social eCommerce platforms will turn malicious

Prediction 7: Social #eCommerce platforms will turn #malicious Click To Tweet

Many traditional social networking sites such as Pinterest, Facebook and Twitter have announced plans to add “buy” buttons to their platforms in an effort to increase stickiness with their users and help monetize their user base. This will attract criminals looking to conduct fraudulent transactions on these platforms.

Prediction #8: HTTPS as a mandatory for eCommerce sites

Prediction 8: #HTTPS as a mandatory for eCommerce sites Click To Tweet

After Google and Mozilla, Matt Mullenweg the founder of WordPress is taking steps to ensure that the services you use are secure. Automaticc, the company behind the WordPress blogging and content management platform announced it will be investing heavily in SSL security technology. Considering HTTPS as a necessary evolution in the fight against cybercriminals, it will be mandatory in 2017 for many eCommerce sites.

Régis Rocroy

Engaged in IT security at the beginning of the Internet revolution, I’m acting as security consultant and security architect for accounts in banking and eCommerce.