Shoppers across the globe make for easy cybercrime targets as they’re on the hunt for the hottest holiday online shopping deals of the year. But consumers aren’t the only ones at risk – Secureworks’ senior threat researcher Rafe Pilling sees businesses at risk as well.
The main theme across holiday shopping cybercrime is the use of spam, phishing and malware ads. In order to get their targets’ attention, cybercriminals will lure workers into downloading unsecure files, a very similar technique seen throughout COVID-19 into the holiday shopping season.
According to Rafe, the retailers themselves can also become targets, point-of-sale malware and credit card skimming attacks are just two of the tools available to criminals, easily injecting harmful code into ecommerce websites.
“The COVID19 pandemic has resulted in a significant volume of purchases moving online in 2020, everything from online food shops, to everyday essentials, electronics and luxury goods. What we may see, like we saw with COVID-19, is cyber-criminals pivoting to use holiday deals as a theme in spam, phishing, mal-vertising and other criminal cyber activity. It is often the theme, rather than the tempo of volume of criminal activity, that changes,” Pilling said.
“Online ecommerce operators are generally more exposed to a wider range of cyber attacks, however brick and mortar stores can also be targets for Point-of-sale malware or credit card skimming attacks. Injecting code for credit card skimming into ecommerce websites, colloquially know as Mage Cart attacks, has been another vector of criminal activity with some major retailers and travel companies being compromised over the years.
“For many organizations, the de-centralization of the employee base (i.e. employees working from home), the reduction in reliance on centrally managed IT infrastructure through increased use of cloud services and employees using more of their own devices, has increased their resilience to certain types of cyber attack. It’s more difficult to conduct a wide-scale ransomware attack against an organization whose users aren’t directly connected to the network and that uses multiple cloud service providers to deliver business systems. However, these changes come with their own risks that need to be carefully managed. Monitoring becomes more challenging. A greater emphasis is placed on identity and access management, ensuring only the right users can access the right systems. Additionally, as more companies use cloud services, from a relatively small pool of large cloud infrastructure providers, a lot of businesses and consumers notice when that cloud infrastructure has a temporary disruption.
“The situation is far from hopeless though. A few key controls like adopting multi-factor authentication, expedited patching of internet facing devices, securing remote access solutions, effective enterprise monitoring of systems and networks, and threat intelligence informed risk prioritization put businesses in a strong position to resist a range of common cyber threats including criminal ransomware attacks, business email compromise and targeted intrusions (APT).”