It's Cyber Monday again, and while e-commerce companies are preparing for an onslaught of shoppers, they are also heightening their awareness and preparation for potential cyberattacks.
The Monday following the US Thanksgiving weekend means shoppers can get great deals on products and take advantage of offers by small, medium and large retailers.
Unfortunately, the run on deals also presents an opportunity for malicious actors to prey upon those who are seeking to take advantages of those offers and compromising some of those millions of shoppers in search for great deals.
Not only are the shoppers targeted but also the shops themselves are heavily targeted. Past experiences defending very large online shops during high season shopping have shown me that many campaigns are planned well in advance and that many times, criminals follow to the date and the very specific product detail offers that shoppers may publish in order to orchestrate their attack campaigns.
Rod Soto, Director of Research at security technology and services company JASK says, “Malicious actors know that in order to sell anything a store needs to be online during critical periods, this includes the capability to advertise and operate dynamically as the volume of sales may increase or shift to specific products. This is how extorsion campaigns operate in high shopping season, as many malicious actors have the capability of affecting or even preventing stores to operate online.”
Soto continued, “As many established online shops and financial institutions have security measures to detect fraud and stay operative, malicious actors will focus on the weakest link of the security chain the consumer,” and pointed out that the “top threats to Black Friday shoppers are mainly centered in the human vulnerability of being tricked into revealing confidential information or even performing a series of acts that bypass security controls resulting in compromise.”
Soto listed several known attack vectors:
Soto also warned that consumers may be compromised when using free WiFi at airports, hotels, and coffee shops. “Some deals cannot be missed, and criminals know it too. Hacking WiFi and intercepting traffic does not require sophisticated skills. Also, many times people will pull their credit cards and place them in plain view or even read them loudly over the phone. These opportunities may occur more often during seasonal shopping and criminals will be there as well.”
Despite the above threats, Soto said there are things that consumers can and should do in order to protect themselves including:
Soto says the above items should give consumers a good level of security, but that they should also remember to be cautious and use common sense as malicious actors are very clever and may even be able to successfully compromise even the most trusted online stores.
“Apply these principles not only to yourself but your family as they are part of your close circle and likely part of your attack surface," Soto summarized.
Machine Learning is an area of AI with a goal to develop computational techniques on learning as well as the construction of systems capable of acquir…
Future-ready companies - those that are leveraging AI, blockchain, IoT, data analytics and monetization - these are the businesses you really want to …
Wednesday at ITEXPO closed with an SMB focus. Erik Day VP & General Manager, North America Small Business, Dell Technologies explored some of the chal…
IDEA Showcase is ITEXPO's way of honoring robust startups seeking to take the next steps in business growth. ITEXPO 2019 marks the fifth iteration of …
Don't let vendors sell you the "Swiss knife" solution, or the magic bullet that will solve all your security concerns. The complete security solution …