Beware of cyberattacks as Eid approaches
While the holy month of Ramadan — followed by Eid Al Fitr celebrations — is a wonderful time to be surrounded by those you love, the increased shopping activity always brings with it a surge in cyberattacks.
According to data from GroupIB, a major cybersecurity company, in 2023, the GCC experienced a substantial 65 per cent increase in ransomware victims published on dedicated leak sites (DLSS), rising from 32 in 2022 to 53 last year. The GCC experienced a notable 36 per cent increase in compromised cards, rising from 98,339 in 2022 to 133,320 in 2023, data showed.
Cyber criminals anticipate the surge in consumer spending every year and seize the opportunity to dupe unassuming victims - both shoppers and those within the retail industry - through the use of phishing tactics, the promise of one-off time-bound discounts, and using well-known brands as cover.
As retail remains a critical sector of the economy of the region, attacks on the trade sector during the Eid Al Fitr shopping season result in serious consequences, including leakage of confidential information, disruption of business operations, financial losses and reputational damage, according to Irina Zinovkina, head of the information security research group at Positive Technologies.
“This highlights the need for retailers and e-commerce to strengthen information security measures and ensure effective cybersecurity. Adopting modern technologies and continually improving security strategies is essential for companies to protect their business,” Zinovkina told Khaleej Times.
And it isn’t just shoppers who need to be alert; an intense shopping period creates a honey pot of payment and personally identifiable data within retail businesses, and threat actors swarm around it.
Netskope’s recent Threat Labs Report into the retail sector found that on average, professionals in the retail sector engage with around twenty cloud apps every month, with the top one per cent of retail employees using a staggering 85 cloud apps monthly. In retail, Whatsapp use is three times more popular than other sectors, ranking only behind Onedrive in terms of both uploads and downloads. This poses a serious risk not only because Whatsapp is a common delivery channel for malicious content such as malware or phishing pages, but also because these numbers suggest that the retail sector is using a personal instant messaging app as an enterprise collaboration tool.
Throughout this busy retail period, it’s more important than ever to stay informed about the latest threats and protect ourselves against them wherever possible.
The best advice is to always maintain vigilance, experts say. “Enterprise security teams should ensure they are inspecting all downloads from the web and trusted cloud apps, to prevent malware infiltrating networks. And retail businesses should stop relying on annual security training which is generally forgotten at moments of busy activity and urgent opportunities, and instead make use of technology that can enable justin-time user coaching, helping the workforce navigate appropriate behaviours in the moment that threats occur,” Steve Foster, Head of solutions engineering, MEA at Netskope, told Khaleej Times.
Both shoppers and retail employees should reinforce their cyber education, remembering the importance of scrutinising emails and messages, and thinking before clicking attractive, yet deadly, links. “We should take extra care when we go online and pay attention to where we share our personal details. Year after year, we are witnessing a surge in digital crime activities during these months. Staying vigilant is the best approach towards a digitally safe holiday,” Foster added.
Firm stance needed
“To effectively combat the ransomware industry, it’s essential that companies and organisations adopt a firm stance of not paying the ransom, as this disrupts their entire economic model. At the same time, proactive investments in preventive measures and robust cybersecurity strategies are vital. We also recommend that Mea-based governments and organisations work together with leading cybersecurity vendors to strengthen overall benchmarks, as public-private sector collaboration, as well as joining efforts with law enforcement agencies that operate in the region are crucial in this fight. Creating a culture of cybersecurity is a vital step towards raising overall standards among populations, meaning that continued awareness efforts are also hugely important,” Ivan Pisarev, head of threat intelligence (MEA) at Group-ib, said.