Feb 1, 2009
The authentication exploits include attempts to determine consumers' user name and password combinations, which allow criminals to make fraudulent purchases. "It is not surprising that the attempts to steal customer credentials greatly increased just before the holiday shopping season," said Wayne Haber, director of architecture at SecureWorks. "The November authentication attacks also followed a significant increase in network scanning in October, where we blocked 202,000 network scans per client."
Network scans, in which hackers seek to find vulnerabilities in a retailer's computer infrastructure, increased from an average of 56,000 per client per month, from January to June, to 90,000 monthly from July through November. Authentication attacks increased from an average of 6,000 per month in the first half of the year, to an average of 34,000 for the last five months, spiking at 137,000 in November, SecureWorks said. The data is based on 36 large U.S. retailers served by SecureWorks. All the attacks were blocked, SecureWorks said.
The firm called attention to a big increase this summer in attacks aimed at Microsoft SQL Server, a back end database technology used by many retailers, according to SecureWorks. The hackers initiated thousands of what are known as SQL injection attacks that attempt to inject a malicious code into a target computer that could, for example, copy all the customer information in a database and send it back to the hacker.
Other types of fraud threats against online retailers are also increasing, according to Retail Decisions, a payment card issuer and specialist in card fraud and payment processing. The company says its client retailers registered a 40 percent increase in attempted online fraud on the day after Thanksgiving. The average value of an attempted fraud was $248, which is 25 percent higher than a year ago.
This article was edited from a story on InternetRetailer.com.
Topic: Wholesale News
Related Articles: security fraud
Article ID: 914
Entire contents ©2019, Sumner Communications, Inc. (203) 748-2050. All rights reserved. No part of this service may be reproduced in any form without the express written permission of Sumner Communications, Inc. except that an individual may download and/or forward articles via e-mail to a reasonable number of recipients for personal, non-commercial purposes.