I wanted to learn more about E-commerce and the type of breaches that take place so I volunteered to take the bulk of the E-comm cases for my team. Over the last 18 months I went from zero to "go-to guy" and I learned a lot. Now it's time to share.
From what I've seen; there are 3 main phases to a successful website breach:
1. Reconnaissance - An attacker singles out your site and begins to hammer away with port scans, nessus plugins, automated SQL injection attacks, etc.
2. Infiltration- This is the actual attack. They exploit a vulnerability to upload code, bypass credentials, or brute force their way in to an admin console or SSH, etc.
3. Exfiltration- Attackers access your data and take what they want. In my line of work I see a lot of financial data gathered and stolen, but I have also worked defacement's, theft of Personally Identifiable Information (PII) and breaches of copyrighted information.
I'm going to tackle these 3 points 1 blog post at a time. The first one on reconnaissance is below.