Cybercriminals are ready to pounce this cyber weekend, and consumers and businesses should be on high alert.
That’s according to Melissa Bischoping, Tanium‘s director of endpoint security research. Cyber weekend extends from Black Friday through Monday.
Threats to consumers include stolen accounts and credit card numbers, and holiday shopping phishing lures. For retailers, it’s loss of trust from breaches, website availability from bot activity, and inventory issues when bots are snagging valuable, in-demand products to sell at a markup.
Tanium’s Melissa Bischoping
“We continue to see many of the same risks as previous years; however, we’re seeing more of them,” Bischoping said. “The marketplace to purchase prebuilt kits for bots and malware has made it much easier for new players to participate in crime. The good news is much of the protection, detection and response efforts will also remain the same.”
Cyber Weekend Means Additional Strain on Websites
Increased demand on websites coupled with malicious botnets can put additional strain on websites, Bischoping said. While not all website outages are the result of an attack, a website under strain can offer poor performance. In addition, it may result in increased errors experienced by legitimate shoppers.
“Sites impersonating retail brands in phishing emails and fake retail storefronts increase,” she said. “These types of lures use the established trust consumers have in retail brands paired with social engineering techniques to lure consumers.”
While many risks such as ransomware, credential theft and account takeovers remain the same, staff often run much leaner during the holiday season due to employee time off and observed holidays, Bischoping said. An uptick in online holiday shopping web traffic, plus additional threat actor activity and smaller staff can make “security operations centers (SOC) as busy as the North Pole in December.”
“For retailers, the holiday season often also means restrictive freezes on changes and non-critical updates,” she said. “These change freezes are an essential piece of keeping business-critical systems available to customers. But it means that retailers need a tested, documented process to implement emergency changes for security fixes without unnecessary red tape.”
Earlier Holiday Season Means More Opportunities for Threats
It seems like every year the holiday shopping season starts earlier, Bischoping said. That means more opportunities to successfully use things like holiday sale phishing lures. The ease and availability of toolkits for setting up bots to snag inventory and resell for profit makes it an attractive market for those looking to turn a quick profit.
“Brand protection teams can monitor for website names similar to their own, and subscribe to threat intelligence to stay aware of the specific threats to the retail industry,” she said. “This often includes detailed documentation on known threat actor tactics, techniques and procedures that can reduce the time to detect and respond.”
Buy Now, Pay Later Scheme
Cybercriminals have developed new scams for the holiday shopping period, including a new scheme exploiting buy now, pay later (BNPL) services. That’s according to Kaspersky’s Black Friday alert. Its goal is to educate users to stay safe during the sales season.
An example of this scam is the misuse of the popular service, Afterpay. It has 20 million active users across the world. These tools allow customers to split the cost of the purchase into several interest-free installments.
Perpetrators set up a page mimicking the official website, tricking unsuspecting victims into entering their credit card numbers and security codes into a fake form. After the user has entered their details, cybercriminals will try to steal as much money as possible from this card, emptying the victim’s wallet.
Olga Svistunova is web content analyst at Kaspersky.
Kaspersky’s Olga Svistunova
“The shopping event of the year, Black Friday, is a hot time not only for sellers and their buyers, but also for scammers who want to steal as much money as possible from hurried customers,” she said. “The new scheme exploiting BNPL services only proves that cybercriminals do not stop in their desire to attack victims and come up with new methods to do so. On ordinary days, the customer can easily understand if the product is too cheap, it’s most likely a scam. But during the Black Friday sales period this fact isn’t so clear. Shoppers become less vigilant and are therefore an easy target for cybercriminals. That’s why it’s so important to pay attention to which site you buy from, be careful with unfamiliar companies and use a reliable security solution.”