The FBI issued an alert warning of an attack targeting e-commerce websites. The bad actors are embedding code directly into the e-commerce site to then skim account information.
The notice, found here, provides the details of this attack.
As always, the best defense against this and other cyberattacks is to have layers of defenses and proactive policies and procedures in place, including:
- Patching systems, including operating systems, software and third party-sourced code
- Patching systems includes ensuring that your remote work force is keeping their devices touching the company’s environment patched, too
- Keep anti-virus and anti-malware up to date
- Remote staff members should be accessing the company’s environment through a secure VPN
- Disable extensions and functions within your site that are not being used
Also, remember that less is more: If you have inactive accounts, consider removing these from your live, connected and operating environments and, instead, retain that data only in off-line archives. Further, review your data destruction policies, and delete old and/or superseded account information.
Other best practices for e-retailers include:
- Remind customers to use robust passwords
- Direct customers to not use the same password for multiple accounts
- Remind remotely working employees to not use the same device for work access as family members use to game, visit school sites and/or visit other e-commerce sites
Be alert, be aware and be secure.