Black Friday and Cyber Monday are here. Considering the August-like temperatures we’ve had in the Mid-Atlantic region recently, it’s hard to believe we’re moving into the holiday shopping season, so I can’t blame you if the season has snuck up on you, too. Of course, cybersecurity best practices should always be in operation, but are your systems ready for the onslaught of additional customers?
If my email messages are any indication, cybersecurity will be an after-thought for consumers. For instance, one email warned that as more customers use their mobile devices to online shop, we should expect to see cybercriminals use targeted attacks aimed at shoppers looking for deals. They are going to click on links in emails that promise amazing bargains when they are actually downloading malware or ransomware. They are going to use public Wi-Fi for transactions, even when they know it isn’t safe, because it is convenient. As Enigma spokesperson Ryan Gerding said to me in an email comment:
The holiday shopping season is one of the busiest times of year for the cyber crooks who spread malware. They know lots of people will be online looking for deals and tracking their purchases, and that makes those people vulnerable.
Your customers aren’t the only ones at risk as we move into this busy season. Recorded Future looked at holidays past and shared its threat findings. They include:
Key attack methods used over the Black Friday holiday period include phishing/smishing/spam, malvertising, pre-installed malware, point-of-sale (POS) malware, service disruption attacks, and account takeovers. . . . Recent advances in threat actor tools, techniques, and procedures (TTP) have included updated POS malware such as FastPOS and increased service disruption potential following the Mirai botnet 1.2TB distributed denial of service (DDoS) attack.
I’m glad they mentioned DDoS attacks because I will not be surprised to see this tactic used frequently during Black Friday, Cyber Monday and beyond. Not only are DDoS attacks surging in 2016, but as I wrote back in September, cybercriminals are combining DDoS with ransomware.
This blog is going to go live on the eve of Thanksgiving, Black Friday and Cyber Monday. Come next week, I hope you are all thankful for your strong security systems that are stopping threats, your up-to-compliance and up-to-date POS systems that aren’t leaking consumer data, and your security savvy customers, who are not only protecting themselves but also their fellow consumers by not falling for spam or becoming victims of smart cybercriminals.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba