Black Friday and Cyber Monday: cyber-criminals wait to cash in

With Black Friday and Cyber Monday upon us once again, both shoppers and retailers are being warned of the dangers facing them during this particularly busy shopping period, as criminals seek to cash in on opportunities offered to them by a combination of customer ignorance and poor cyber-security practices on the part of e-commerce companies.

Many customers are simply unaware of the risks involved in online shopping: some use the same passwords across different sites, meaning that one breach could arm cyber-criminals with the information to access accounts across a range of organisations; others fall victim to phishing attacks - another common way of harvesting credentials and possibly financial data.

At this time of year, retailers will also be particularly aware of the risks of being compromised. They are prime targets because of the amount of highly valuable personal data they store on their networks.

Cyber-criminals are likely to use the opportunity afforded by the increased traffic seen on Black Friday and Cyber Monday to launch malware attacks. It is entirely possible that these fraudsters will have infiltrated the system some months ago and will use the busy period to carry out their attacks.

New research published by Kaspersky showed that no fewer than 14 malware families have been targeting e-commerce brands to steal from unsuspecting consumers ahead of the official holiday shopping season. These include banking trojans such as Betabot, Panda, Gozi, Zeus, Chthonic, TinyNuke, Gootkit2, IcedID and SpyEye, all of which are targeting online shoppers.

DDoS attacks are another risk for retailers: they can force a site offline, leading to the company losing a great deal of money, and possibly resulting in a detrimental impact on business reputation. Hacktivists may carry out DDoS attacks for a variety of reasons, such as to support a particular ideology (animal rights, human rights, anti-capitalism, anti-racism etc). But these attacks may also be launched for a more specific purpose: to use the disruption as cover while surreptitiously installing data-harvesting malware on a network.

Another important aspect to consider concerns fake Black Friday and Cyber Monday apps being distributed online, with fraudsters using well-known brand names to lure unsuspecting users into downloading them, thereby allowing the criminals to steal login credentials, other personal information and possibly payment card details.

Mobile banking is also being heavily targeted, with trojans designed to steal money directly from users’ bank accounts.

These fake apps are frequently found on Google Play store; as they are built to closely resemble the genuine product and feature the same logos, people can easily be tricked into downloading them.

This year, cyber-criminals pose a particularly serious risk on Black Friday and Cyber Monday due to Magecart.

RiskIQ analysts describe Magecart as “an umbrella term given to at least seven cyber-criminal groups”, all of which have used credit card-skimming malware on compromised e-commerce sites with a striking success rate.

As well as this year’s high-profile breaches of Ticketmaster, British Airways and Newegg, the researchers pointed out that Magecart, and the malware used, have hit thousands of sites both directly and via breaches of third-party suppliers.

An average of 89,837 monthly instances of Magecart were identified between August and October 2018, and more than five per cent of the 4,331 apps aimed specifically at Black Friday were found to be malicious. (link)

Along with the obviously well-organised and highly successfully groups operating under the Magecart name, there is no shortage of individual vendors or groups advertising their services on Darknet forums or in private social media groups.

Their posts typically include requests for “high balance dumps for a waiting army of shoppers” to take advantage of.

One vendor, claiming to be new, said he wanted to “build trust” with his customers so was offering cloned credit cards at half price ($75 instead of $150). Purchasers are even given the opportunity to test the cards before paying for them and receiving an ATM pin number.

Some sellers are writing marketing ads like the following: “DM me for amazing and affordable prices for your special bins. It’s another BLACK FRIDAY YOU KNOW THAT YOURSELF.”

Other vendors claim to have long-term customers and to be able to offer new CVV numbers every day.

Shoppers hoping to snap up a few bargains on Black Friday and Cyber Monday are advised to be aware of the basic security practices which they should always follow, such as not using the same passwords across sites, taking care not to click on links in emails from untrusted senders, looking out for spoofed websites where the address may change only slightly and easily go unnoticed, and only downloading apps from official app stores.

For businesses, successfully dealing with Black Friday and Cyber Monday threats involves ensuring the best possible security measures are fully up-to-date and implemented. It is essential to apply software patches as soon as they are released.

And remember: the threat to both shoppers and retailers alike does not end with Black Friday and Cyber Monday: Christmas and the January sales are coming.