We are facing an unusual Christmas. The planned measures against the corona pandemic provide for stricter rules for stationary retail for December. At the same time, e-commerce is booming and consumers are busy clicking their way through the Internet in search of gifts. According to a recent survey by YouGov, 36 percent of Germans want theirs Christmas shopping This year, because of the corona virus, prefer to work online than in busy shopping streets and shops. This gives the already rapidly growing online business an additional boost. However, cybercrime is an increasing threat.
The growth sector e-commerce attracts cyber crime
According to a study by the BEVH, the e-commerce industry already recorded double-digit growth rates (13.3 percent) in the third quarter of this year. Total sales of goods amounted to 19.3 million euros including sales tax, compared to 17 million euros in the previous year. The reason for the sustained above-average growth is the corona crisis. For IT security, this means: be careful, because the winter season is also a lucrative business for cyber criminals.
The analysts of the threat intelligence provider Digital shadows examined the most common cybercriminal tactics, strategies and security alerts in the online retail space over the past few months. The three most dangerous threats are therefore at 49 percent Data hacks and data leaks, with 45 percent Damage to the brand’s reputation and with six percent Attacks on the infrastructure from retailers.
1. Cyber crime: Sensitive data exposed on the Internet
The analysts found over ten thousand cases of data leaks in the study period from August to November 2020. The exposed information ranges from logins and access keys to so-called code commits, which developers publish and share as part of version management on online platforms such as Github. All the necessary security settings are not always taken into account. The technical data leaks can therefore very quickly become a fire hazard. For example, a number of unprotected access keys for Amazon Web Services were found among the exposed data. If these fall into the hands of cyber criminals, the attackers can easily access critical or sensitive databases, steal customers and financial data or spy on the company.
Technical data leaks on so-called code hosters or code repositories are far less likely to make waves in public than some leaked customer or employee information. Nevertheless, it is important to pay attention: if used properly, you can learn a lot about the back-end solutions and infrastructure of company websites and online shops. If there are any security gaps, there is not much in the way of an attack via malware or DDoS attacks (Distributed Denial of Service).
2. Fake domains endanger the security of the brand
If the brand’s image is deliberately damaged by cybercrime, this can result in high costs and have long-term consequences for competitiveness. It is estimated that a disrupted relationship with customers costs companies worldwide up to 2.5 trillion US dollars a year. There are many reasons for a loss of reputation. From a cybersecurity perspective, data protection violations and the dissemination of false or dangerous content via spoof domains or fake social media accounts should be mentioned.
Spoof or fake domains are brand abuse. In its simplest form, the spoof domain just uses a similar URL. Some sites imitate the online presence of a company so well that visitors have to look very carefully for discrepancies. The method naturally also works on Facebook, Instagram, TikTok, Twitter & Co. Here, it can not only affect the company account. Alleged CEOs and employees also hang around under false or “borrowed” names in social networks.
The goal is the same with both variants: visitors should be guided to phishing sites via competitions, service offers or discount campaigns and reveal their personal data there. In other cases, deceptively real customer service emails are sent to smuggle in malware or intercept financial data.
45 percent of the alerts examined by Digital Shadows fell under this category. Some phishing campaigns even targeted specific customer segments or individual brands. But online trading is not only a popular target for phishing during the Christmas season. Of the over 100 offers for ready-made phishing templates that are for sale on the Darknet, 29 percent are aimed at retailers. The average price for the templates is just under 19 euros. Social media templates can be had for a euro or two.
3. Over 1,300 infrastructure risks
Infrastructure attacks are another threat to retailers. Digital Shadows reported a total of 1,300 suspicious activities and incidents, including vulnerable ports, faulty certificates and software vulnerabilities. An example from a retailer in April this year shows how such an attack on the infrastructure can take place. Cybercrime uses a Magecart skimming code to spy out customers’ financial data.
In the example, the skimming code was on the payment pages of the website and used a legitimate file that was hosted on the shop server. The code was thus linked directly to the “complete purchase” button and was able to save all the information entered during the checkout as a screenshot. The images were then encrypted and forwarded to a website controlled by the attacker.
Black Friday is a feast day for cybercrime
Retailers should be aware of these threats and protect their key assets accordingly. The first question is: Which brands, systems or people in the company need special protection? Monitoring tools use such lists to continuously scan the open, deep and darknet (and not just social media) and look for suspicious cases. Real-time alerts allow IT security to take appropriate measures – for example, takedown procedures in the event of a brand name breach or the closing of security gaps.
The Christmas business doesn’t just offer cybercriminals a wide range of opportunities to launch attacks. Many players are taking advantage of the hour to go on a shopping spree themselves and stock up on the latest malware variants. Others come up against offers and offer login data and access codes at a bargain price. Black Friday is therefore also marked in red in the calendar on the Darknet and on criminal forums. Naturally, the interest in Black Friday campaigns reaches its peak on the day itself – on November 27, 2020. A look at the chat messages, forum posts and relevant pages in the Darknet provides numerous mentions about the special deals and offers, as in the previous year. (sg)
About the author: Stefan Bange is Country Manager DACH at Digital Shadows.
Also read: Security Awareness: 5 Myths About Simulated Phishing Campaigns