It’s hard to believe the time has come already, but Black Friday 2016 is just a few days away.
Where this weekend was historically peppered with pictures of people wrestling over televisions, many people now choose to shop online instead.
And who could blame them?
But this sudden surge in ecommerce isn’t only an opportunity for retailers – cybercriminals will also be looking to take advantage.
Never fear, though – we’re here to tell you what to watch out for in the hope you’ll be less likely to fall foul of an online attack.
Together with our partner Recorded Future, we studied attacks reported during the 2015 holiday period and identified a number of new techniques, tactics and procedures (TTPs) that have emerged, enabling us to anticipate what might come this year.
The seven main modes of attack we’re expecting this year are:
- Pre-installed malware
- Point-of-sale (POS) malware
- Distributed denial of service (DDoS) attacks
- Account takeover
- Twitter customer service fraud
Let’s take a look at each of those in a bit more detail…
1. Distributed Denial of Service (DDoS) attacks
DDoS attacks have the power to take down a retailer’s website during the busiest shopping days of the year, often accompanied by extortion.
This is obviously a huge risk for any brand this Christmas. And with DDoS attacks among the most consistent threat to retailers according to Akamai, they are arguably the most critical.
On 21st October, the Mirai internet of things (IoT) botnet attacked DNS service provider Dyn and took a number of websites offline.
This will likely be a huge source of threat over the holiday, particularly as the source code has since been released.
Criminal botnet operators will likely use Mirai’s success as a way to extract blackmail payments from retailers and banks by threatening to interfere with online shopping.
The number of phishing links increases by up to 336% around Thanksgiving, according to research by ZeroFox. So we can expect this type of threat to dramatically increase around Black Friday, too.
Links could come in via email, text message or social media. They could be from someone purporting to be PayPal, for example, offering coupons or refunds.
We’ve even heard reports of cybercriminals handing out holiday phishing packages to help fraudsters lure people in, with Dynamoo’s website currently reporting cases of Locky malware being spread.
3. Point-of-sale (POS) malware
POS malware steals credit card details directly from retailers, and Symantec says the most common route of attack against POS systems is through the corporate network.
Once an attacker breaches that network – through a vulnerable public server or phishing email, for example – they can traverse it until they’re able to gain access to a POS network entry point – often the same one a corporate administrator would use to maintain the POS systems.
The POS malware variant FastPOS was reportedly updated in October, so we can definitely expect attacks of this type over the festive period.
Malvertising – a type of cyberattack that uses online ads to distribute malware via reputable websites – affected a number of big names such as Huffington Post, Yahoo! and eBay last holiday season, according to Invincea.
Popular publishers like the BBC and the New York Times have already been found to be serving malware via malvertising this year, and more recently Spotify and Google AdWords have suffered the same.
If 2015 is anything to go by, malvertising has the potential to cause quite a few headaches for retailers and their customers in the coming weeks.
5. Pre-installed malware
Sometimes it’s hardware you have to watch out for. There were reports of pre-installed malware on tablets purchased from a number of retailers, including Amazon, in the run-up to Black Friday last year.
And it wasn’t the first time attacks like this have happened, with Android, Lenovo and other smartphone manufacturers all having been infected this way in the past.
This year, pre-installed malware has already been reported on CCTV devices and some of the lower-end Android devices.
6. Account takeovers
These are big business for cybercriminals, and they’re looking for more than just bank information.
Anything from mobile contracts to PayPal and Uber can be targeted, with all kinds of customer data being sold on the black market.
There was a large increase in account creation and takeover fraud last year, according to a ThreatMetrix report, driven by the increased availability of stolen identities harvested from data breaches.
Overall attacks increased by 100% compared to 2015, with that figure rising to 250% during peak shopping days.
There have already been some high-profile data breaches this year, with much of that data likely being openly shared now and potentially useable for account takeovers.
7. Twitter customer service fraud
Customer service is critical to any business, and in this social media age that support has spread to platforms like Twitter.
Fraudulent accounts purporting to be brands such as Apple and Barclays are offering support to customers via direct messages.
Where the customer has contacted an official account, the fraudulent account then posts a reply to that tweet in the hope of stealing sensitive account, delivery or personal information.
Find out more about this method from our partner, ProofPoint.
Other threats to watch out for…
These are the main threats we see retailers facing in the coming festive period, but there are a number of other dangers to be aware of.
The New York Times warned fake retail and product apps are being pushed out on the Apple store ahead of the holiday season, with hundreds of them popping up in recent weeks. Just in time to deceive unsuspecting holiday shoppers.
Hopefully this article will help you avoid having your Christmas ruined by cybercriminals this year.
Stay vigilant, and be sure to get in touch if you have any questions!
Check out our threat monitoring service for insight and advice on how to overcome these threats.
Latest posts by Paul McEvatt (see all)
- How the public sector is keeping UK citizens safe from cyber-attack - July 23, 2018
- The Year Ahead: Five Key Thoughts on Cyber Security In 2018 - January 5, 2018
- Why misuse of enterprise platforms could be your worst nightmare - October 31, 2017