As more people move their shopping habits online, e-commerce websites and hosting platforms have become commonplace.
Unfortunately, for both customers and business owners alike, online shopping also comes with serious risks. As e-commerce becomes more widespread, and online retailers add increasingly innovative technologies to their sites to stay competitive, cyber attackers are equally honing their skills and finding new vulnerabilities to exploit.
“For businesses of all sizes, a security breach resulting in a loss of data, as well as customer trust, could be hugely damaging,” says Zuzana Hromcova, Malware Researcher at global IT security company ESET. “Because of this, prioritizing e-commerce security has become a must for both large and small businesses alike.”
Hromcova and her team of ESET researchers conducted a comprehensive research study on server-side malware operating as extensions for Internet Information Services (IIS), Microsoft’s web server software. Server-side malware is used by hackers to track the traffic coming through a server in order to intercept and influence how the traffic is processed. ESET researchers analyzed 14 IIS malware families, 10 of which were newly identified and have never been previously studied.
“The potential that this malware can have is very concerning,” she says. “Victims of IIS malware are not limited to compromised servers – all legitimate visitors of the websites hosted by these servers are potential targets, as the malware can be used to steal sensitive data from the visitors or serve malicious content.”
If an e-commerce site is hosted by an infected server, cyberattackers can intercept a customer’s personal and financial information. And although there are a number of safety tips customers can use to protect themselves while online shopping, such as using third-party payment options, checking out as a guest and only purchasing from familiar sites, it ultimately lands in the hands of the owner and website host to ensure your server is not compromised.
With the “red flags” identified, ESET has put together the following list of tips to ensure your e-commerce site, and your customers, are protected:
Ensure your server has reliable and up-to-date security software to protect you from malware and ransomware – While many understand the importance of security software on their computer or laptop, a security solution like ESET Endpoint Security can protect a server and mitigate the risks associated with these new malware families. If you’re an online retailer that pays a website hosting service to host your e-commerce site on a webserver, ask questions about what the hosting company does to protect their servers from being compromised with malware.
Redirect your customers to a payment gateway – This security practice for vendors can give both customers and online retailers peace of mind knowing that even if your server is compromised, your customer’s payment information will be kept safe after checkout.
Perform regular analysis of your website and server – Maintaining your online retail website and server is an important part of regular website maintenance. Make sure you are routinely checking for malware to keep your customers safe.
If you do experience a malware attack, inform your customers immediately – Although you might be fearful that you could lose the trust of your customers, it is important to send an alert should there ever be a breach of information.
“Unfortunately, it is still common for administrators to not use any security software on servers,” says Hromcova. “If securing your e-commerce site against cyber threats is a priority, then ensuring the website hosting service and server you use is protected from malware should be top of mind.”
On August 4, Zuzana Hromcova presented her research at Blackhat USA 2021. Her presentation focused on the essentials of reverse-engineering native IIS malware. Previously, no comprehensive guide has been published on the topic of detection, analysis, mitigation and remediation of these malware groups.
For more technical details about ESET Canada’s research, you can read the whitepaper on the Anatomy of Native IIS Malware here.