What purpose do hackers use analytics for. Protecting businesses from cyberattacks
Hackers have found a way to use data from Google Analytics. This became known in the summer of 2020. Companies like Perimeter, Kaspersky and Sansec found that financial information was stolen from online stores that were attacked.
No one wants their business to suffer losses, no one wants to become a victim of fraudsters. Therefore, it is necessary to know how to protect yourself from intruders. In this article, we will look at what methods of protection exist.
How are hackers attacking Google Analytics?
PerimeterX specialist Amir Shaked decided to investigate the CPS. What is this? Content Security Policy, it enables us to detect and eliminate user weaknesses as well as attacks like Magecart. It’s a threat to e-commerce systems, they try to hack them to steal customers’ bank card data.
Magecart often attacks websites. Infected code is used for this purpose. Through it they steal information about the cards of users who are currently performing banking transactions online. CSP “tells” the browser that the domain is secure and scripts can be downloaded. The process acts as a protection against intruders so that they do not introduce a virus from other sites into the browser of the user of your resource.
This is where the problem arises. The CSP treats Google Analytics as a secure source of scripts. This enables attackers to embed their Google Analytics code into resources, as well as bypass the content security protocol. In this way, Google Analytics becomes a conduit for information.
Kaspersky Lab determined in its research that hackers added viral code to resources, it collected data that the site visitor indicated, then sent it via GA. The hackers eventually have access to the stolen information in the GA account.
Fraudsters have another way – registering a domain that looks like Google Analytics, but contains an error. To find out if your site is subject to such attacks, you need to find out if more than one Google Analytics code is used on the resource. If your code has displaced malicious code, it will be noticeable by the lack of traffic to the site.
How to protect yourself from intruders?
If you are a website user, it is recommended that you install software that can detect malicious scripts and Trojan viruses. The next recommendation is not to conduct transactions when using public Wi-Fi. Open connections are a tidbit for hackers because they are not highly secure. If the situation requires you to perform transactions over public access, run a DNS leak test.
When you own a resource, exclude the installation of web applications and CMS components from unverified sources. It is recommended to update the software systematically. Minimize the rights of users, introduce records of visitors who have access to the interface of the resource. Should optimize the security of maps, provided that the site has a cookie _gaip. The debug_mode=11 command in the local repository can disarm the virus. Strong passwords for accounts should be generated.
For e-commerce resources, it is necessary to use payment gateways that are compliant with PCI DSS standards. A filter should be installed on the data that the visitor enters and on the request parameters. This helps prevent the introduction of malware.
Setting up the Google Analytics filter
- Open the list of standard reports;
- Use the “Administrator” button, then “All Filters”, then “New Filter;
- Form a new filter using the “Create New Filter” button;
- Specify the name, you must make it up yourself;
- Choose “Custom filter” and also “Exclude”.
- Specify the name of the site. Check “Considering the case.
If you are interested in hosting services, please contact the specialists of our company. We will be glad to answer your questions!