Security Pros Warn of Black Friday Cyber Threats
Today is Black Friday, the day after Thanksgiving which marks the start of the Christmas shopping period. Retailers across America, and increasingly other parts of the world, offer huge discounts to spur shoppers into action.
Given the rush at brick and mortar stores across the country many are choosing to mark Black Friday by shopping online, and retailers like Amazon have also slashed prices to attract more shoppers. However, as we’ve seen so many times recently, where people go online, cyber-criminals follow.
While many online shoppers are savvy enough these days to know how to best protect themselves it is the retailers that are most likely to suffer on Black Friday, according to experts.
“Much has been spoken about how customers can protect themselves from online thieves, however it’s retailers themselves that will be more at risk due to the scale and nature of the information they hold,” said Ross Brewer, vice-president and managing director of international markets at LogRhythm.
“Cyber-criminals will undoubtedly take advantage of online sales peaks to access networks unnoticed, or, more than likely, they will execute malware that has been sitting on the network for months,” Brewer added. The Target hack is a perfect example of what can happen around this time of year, when increased shopping means more credit cards details to steal.
Another threat facing retailers at this time of year is DDoS attacks. According to security firm Digital Shadows, Black Friday is a chance for cyber-criminals to show off their skills.
“Some might deem the busy sales period as an opportune moment to showcase their capability or cause widespread disruption by targeting retailers,” the company said. “Allied to this is the threat of DDoS extortion, as attackers may use the threat of disabling retail operations during the busiest period of the year as a means of earning a quick profit.”
Digital Shadows also warned shoppers about the possibility of compromised eCommerce sites, where keyloggers could be used to steal credit card and other payment information. On a similar theme, phishing pages are also a threat this Black Friday. Cyber-criminals set up fake websites with enticing offers on popular products, which then steal credit card information when the shopper tries to pay.
Retailers are of course taking action. NuData Security points out that many are boosting their automation, account takeover and fraud detection capabilities, but that cyber-criminals are evolving more complex ways to get around these defenses.
The company has taken a look at some of the cyber-threats facing online retailers on Black Friday and Cyber Monday. This is the Monday following Black Friday when online retailers launch their sales, although it’s worth pointing out many start on Black Friday rather than waiting the extra couple of days.
According to its research, many fraudulent accounts are created throughout the year and left dormant until now. “Typically, cyber-criminals target these times of year because they know security teams are stretched and policies are loosened up to accommodate volume. They can generally hide attacks within the volume of transactions,” the company said.
This time last year NuData picked up on 50 million fraudulent attempts; it expects that figure to be 82 million this holiday period. Account takeovers are also likely to cause problems. This period in 2015 saw a 600% rise in login anomalies. “Both volume and sophistication has spiked, as stolen personal data is so easy to obtain, and consumers continuing to use the same user names and passwords from site to site, login processes have never been so easy to subvert,” NuData Security’s research said.
“Organizations must be ever vigilant as fraudsters leverage the mass of freely available data on the dark web for cybercrime. Expecting consumers to maintain strong, non-reused passwords isn’t realistic, meaning retailers need to shoulder an even larger responsibility to protect their brand and users,” said Robert Capps, VP, business development, NuData Security.
Source: Information Security Magazine