Using Domain Name Intelligence to Counter E-Commerce Platform Vulnerability Exploit Attacks

By Ipify
Ipify

In 2018, e-commerce sites proved to be a favored cyberattack target. This trend remains constant this year, as online shops continued to be red-flagged and blacklisted by cybersecurity companies.

One particular shop's owner was prompted to launch an investigation where it was discovered that his website had fallen victim to a new Magento skimming attack. The incident highlights how attackers can find and exploit security gaps in even a major computing platform. This article will show how a WHOIS database can help keep e-commerce sites and their customers safe from skimming attacks.

The Allure of Targeting E-Commerce Sites

Thousands, maybe even millions, of dollars change hands on a daily basis on the e-commerce giants' sites. Imagine how much a successful attacker can gain from, say, breaching Amazon.

Injecting a malicious script into Amazon's site won't only allow an attacker to hijack ensuing customer transactions but also get him closer to stealing the retail giant's customer database. In Amazon's case that would translate to more than 1.5 billion customers worldwide. And let's face it, that many credit card numbers and other personally identifiable information (PII) can land on the attacker's eagerly waiting greedy hands.

The Anatomy of the Skimming Attack

In this particular case, the threat actors infected the target e-commerce site with a JavaScript (JS) code made to look like a Google Analytics script. They used a domain with an internationalized name that when rendered in ASCII reads as "google-analytîcs.com." To an untrained eye, it seemed to come from a reputable source.

The JS in question allowed the attackers to capture data inputted into the infected site, including clicked items from drop-down menus. It then sent stolen information to another fraudulent domain, also disguised to mimic a different Google resource. These sketchy activities were flagged by cybersecurity products, landing the legitimate e-commerce site in users' blacklists.

As a result, the site's owner lost out on potential sales, grounding his business to a halt. Could the blacklisting have been prevented? The answer is yes. How? Read on to find out.

How WHOIS Records Can Help Keep e-Commerce Sites Safe

WHOIS databases have evolved to become a useful tool for identifying threat sources before these can be used in attacks. Here's how an organization or its security service provider could have used it to prevent the Magento card skimming attack.

Early Detection

The card skimming attack was able to get a head start because no one saw it coming, not even by the platform's vendor. By the time the attack was discovered, the site and its customers have already been compromised.

A check on a WHOIS database, however, for the origin of the script could have given warning signs before the attack could take off. Had the site administrator been alerted to the fact that the script was from a spoofed site, he could've stopped further interactions with the malicious domain. This could have saved the company from having its site blacklisted. The business wouldn't have suffered from loss of revenue and a painful drop in its site's reputation.

Verifying domain ownership through a WHOIS database can serve as an extra protective layer to weed out what software developers may have missed. As shown by this example, the attackers got past whatever security features were built into the e-commerce platform.

A Lean Solution to a Sophisticated Problem

The skimming attack was a sophisticated and elegant scheme that targeted weaknesses in Magento's underlying code. Given the platform's enormous code base of over two million lines, it was not easy even for experts to spot where the exploitation took place. Most small and medium-sized businesses (SMBs) will not even have the resources to directly deal with this kind of attack.

For organizations who lack the technical know-how and skills to handle sophisticated threats that rely on code injection, verifying the legitimacy of domain ownership would be a more manageable task. A WHOIS database may not be the perfect solution, but it does provide an affordable means to bolster an organization's long-term protection. Using it does not require a topnotch cybersecurity team, as it is a relatively nontechnical fix that can aid in safeguarding businesses against sophisticated online threats.

* * *

No system or software is ever totally secure, as this incident clearly shows. Website owners or the teams they outsource their security needs to should always expect attackers to exploit every security loophole (whether known or unknown) available. A WHOIS database may not be a silver bullet, but it could help save the victim from a lot of trouble.

Related topics: Cyberattack, Cybersecurity, Domain Names, Whois

Comments