Windows Shopping threats to look out for this holiday season
Thanksgiving, Black Friday, Cyber Monday, Christmas. There’s a lot of shopping to be done between now and the end of 2016. As throngs of discerning shoppers flock to the high street and online shopping carts are filled to the brim, cybercriminals are busy preparing their wares to take advantage of the high sales period. With this in mind, we decided to outline some of the biggest threats facing both retailers and consumers in the upcoming holiday season:
With the Mirai botnet demonstrating its ability to launch high-volume denial of service (DDoS) attacks, some might deem the busy sales period as an opportune moment to showcase their capability or cause widespread disruption by targeting retailers. Allied to this is the threat of DDoS extortion, as attackers may use the threat of disabling retail operations during the busiest period of the year as a means of earning a quick profit. Just this week the web hosting and building service Squarespace was affected by two DDoS attacks that affected a number of e-commerce sites. A user on the AlphaBay Dark Web marketplace claimed responsibility for the attacks and alleged they had tried to extort Squarespace for up to $2,000 USD, though this was not confirmed.
Compromise of e-commerce sites
This issue has emerged as a problem in 2016 with thousands of ecommerce sites being infected with keyloggers designed to steal credit card data entered into online checkout forms. Many of the compromised websites ran the Magento shopping cart system, though other platforms such as Powerfront CMS and OpenCart, as well as payment processing systems such as Braintree and VeriSign were also purportedly targeted.
Cybercriminals are likely to exploit the large number of transactions conducted during the next month by targeting point of sale devices (POS) such as card readers and payment terminals. When a new campaign for the POS malware known as FastPoS was discovered in September 2016, it became clear that the malware was still under active development. A similar pattern was detected in 2015, whereby new campaigns and upgrades appeared to occur in the months leading up to Christmas. It’s highly likely that the same will occur in 2016.
In similar vein to POS malware, cybercriminals will likely seek to take advantage of the increased number of withdrawals made at ATMs this season. These card reading devices aren’t always easy to spot. In September, US authorities warned of a new technique known as ‘periscope skimming’ which involves the use of a specialized skimming device connected directly to the ATM’s internal circuit board.1 This technique was likely developed in response to anti-skimming measures, and criminals are almost certain to be developing new ways to avoid detection.
Attackers will try and trick users through fake websites that at face value look incredibly similar to those belonging to legitimate retailers. These sites, however, often steal victims’ credentials when they try to make a purchase, or will be used as a landing page to download a particular strain of malware. We expect phishing email campaigns encouraging users to visit these sites to be particularly prevalent at this time of year.
Chris Brown, VP EMEA and APAC, Digital Shadows