Hacking expert reveals how EASY it is to get into your technology
June 2023 by Expert
In the last 12 months, approximately 2.39 million cyber crimes have been recorded against UK businesses. As more businesses have chosen to move online, and with technology constantly changing, cyber-attacks have become a common issue. These attacks are leaving owners increasingly vulnerable and concerned for the security of their data.
With this in mind, Indusface has provided some industry tips on how scams can be avoided and how to securely protect your online business from being hacked in these unprecedented times.
Venky Sundar, Founder and President of Indusface, has revealed some methods hackers use in order to demonstrate how easy it is for a cyber attack to occur.
Hackers don’t really know your application. The first step is for them to understand the weakest link in your online business application. They can use any of the numerous open-source and free DAST scanners to find open vulnerabilities. Once they understand vulnerabilities, the next step is to send targeted attacks like an SQL injection to get access to confidential data, encrypt it and then demand ransom.
Take your website down
Hackers use Distributed Denial of Service (DDoS) Attacks to take down websites. It is as cheap as $5 to launch a targeted DDoS attack for a duration of 1 hour. Downtime’s impact could be revenue lost for that duration, cost incurred for restoring operations and a brand image hit that will prevent people from coming back to you.
Takeover your admin consoles
Running a brute force attack is probably the simplest form of attack. The hacker would use a script to repeatedly hit your admin consoles with various username/password combinations and, when successful, this leads to a demand for ransom too.
Steal credit card information
Payment processing is the heartbeat of any online business. It is also among the most targeted areas in an online application where hackers try to inject code into the payment processing page and just skim all the credit card details that are entered. They store these details for other financial fraud. Businesses will face huge fines because of non-compliance with PCI-DSS and it is also a death knell to your business as customers will never trust you with their credit card information.
Start a price war
Leverage bots to crawl the website and scrape critical information such as price and quantity from the website. Then use that data to cause inventory stock-outs or price wars by undercutting the price. While hackers might not do this directly, your competitors could be employing someone who can carry out these tactics.
Although any company could be attacked, the larger and more successful ones are hit the most. In just 2023 alone there have been 23 data breaches within some of the world’s
largest companies such as Twitter, JD Sports, Reddit, T-Mobile and more.
Indusface also spoke to Security Expert Ian Reynolds, Managing Director of SecureTeam commented on the importance of being cyber-aware whilst running an online business:
“Hackers look out for businesses that have vulnerable security systems. These might range from accounts with weak passwords, a lack of two-factor authentication, inadequate security systems, etc. They may also look to target newer or more junior staff, who could be easier to phish.
“There are several key ways businesses can protect themselves from cyber-attacks. These include training all employees thoroughly and keeping all security software up-to-date. Failing to achieve these basic security measures is one of the leading causes of cyberattacks.”
Whilst there is no 100% secure or safe way for business protection, these tips and ensuring all software is up-to-date, as well as staff training could help reduce the risk of a cyber attack.
1. Indusface wanted to find out the best ways to avoid a cyber attack and how to successfully protect your online business.
2. To do this, they utilised an internal expert in the industry in order to provide detailed advice.
3. Ian Reynolds, Managing Director of SecureTeam also provided expert commentary on how to be cyber-aware and how important it is to have the correct security software.
4. Data was collected on 22nd May 2023, and is accurate as of then.