Home / Industry

Using Domain Name Intelligence to Counter E-Commerce Platform Vulnerability Exploit Attacks

In 2018, e-commerce sites proved to be a favored cyberattack target. This trend remains constant this year, as online shops continued to be red-flagged and blacklisted by cybersecurity companies.

One particular shop's owner was prompted to launch an investigation where it was discovered that his website had fallen victim to a new Magento skimming attack. The incident highlights how attackers can find and exploit security gaps in even a major computing platform. This article will show how a WHOIS database can help keep e-commerce sites and their customers safe from skimming attacks.

The Allure of Targeting E-Commerce Sites

Thousands, maybe even millions, of dollars change hands on a daily basis on the e-commerce giants' sites. Imagine how much a successful attacker can gain from, say, breaching Amazon.

Injecting a malicious script into Amazon's site won't only allow an attacker to hijack ensuing customer transactions but also get him closer to stealing the retail giant's customer database. In Amazon's case that would translate to more than 1.5 billion customers worldwide. And let's face it, that many credit card numbers and other personally identifiable information (PII) can land on the attacker's eagerly waiting greedy hands.

The Anatomy of the Skimming Attack

In this particular case, the threat actors infected the target e-commerce site with a JavaScript (JS) code made to look like a Google Analytics script. They used a domain with an internationalized name that when rendered in ASCII reads as "google-analytîcs.com." To an untrained eye, it seemed to come from a reputable source.

The JS in question allowed the attackers to capture data inputted into the infected site, including clicked items from drop-down menus. It then sent stolen information to another fraudulent domain, also disguised to mimic a different Google resource. These sketchy activities were flagged by cybersecurity products, landing the legitimate e-commerce site in users' blacklists.

As a result, the site's owner lost out on potential sales, grounding his business to a halt. Could the blacklisting have been prevented? The answer is yes. How? Read on to find out.

How WHOIS Records Can Help Keep e-Commerce Sites Safe

WHOIS databases have evolved to become a useful tool for identifying threat sources before these can be used in attacks. Here's how an organization or its security service provider could have used it to prevent the Magento card skimming attack.

Early Detection

The card skimming attack was able to get a head start because no one saw it coming, not even by the platform's vendor. By the time the attack was discovered, the site and its customers have already been compromised.

A check on a WHOIS database, however, for the origin of the script could have given warning signs before the attack could take off. Had the site administrator been alerted to the fact that the script was from a spoofed site, he could've stopped further interactions with the malicious domain. This could have saved the company from having its site blacklisted. The business wouldn't have suffered from loss of revenue and a painful drop in its site's reputation.

Verifying domain ownership through a WHOIS database can serve as an extra protective layer to weed out what software developers may have missed. As shown by this example, the attackers got past whatever security features were built into the e-commerce platform.

A Lean Solution to a Sophisticated Problem

The skimming attack was a sophisticated and elegant scheme that targeted weaknesses in Magento's underlying code. Given the platform's enormous code base of over two million lines, it was not easy even for experts to spot where the exploitation took place. Most small and medium-sized businesses (SMBs) will not even have the resources to directly deal with this kind of attack.

For organizations who lack the technical know-how and skills to handle sophisticated threats that rely on code injection, verifying the legitimacy of domain ownership would be a more manageable task. A WHOIS database may not be the perfect solution, but it does provide an affordable means to bolster an organization's long-term protection. Using it does not require a topnotch cybersecurity team, as it is a relatively nontechnical fix that can aid in safeguarding businesses against sophisticated online threats.

* * *

No system or software is ever totally secure, as this incident clearly shows. Website owners or the teams they outsource their security needs to should always expect attackers to exploit every security loophole (whether known or unknown) available. A WHOIS database may not be a silver bullet, but it could help save the victim from a lot of trouble.

Ipify

About Ipify – Ipify is a public IP data provider that works flawlessly with both IPv4 and IPv6 addresses. We offer three main products: A general IP API that allows making millions of requests per minute using a variety of programming languages, a more specific IP Geolocation API with all relevant location data points, as well as an IP Geolocation Database that contains 8+ million IP blocks and locations for close to 5 million records. Visit Page

Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Whois

Sponsored byWhoisXML API

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign