Black Friday has been a coveted and anticipated event in retail for years – boasting low prices for most products and wildly sought sales across stores both online and in real life. The event comes at the end of the year on the 25th of November - a month before Christmas and is used as a way for stores to attract the rush of festive season shoppers. Black Friday sales are complemented by the equally sought Cyber Monday deals that lean more towards virtual sale items online – ensuring that the rat race to the bottom of a cart carries on for whole weeks with some companies.
This year will be no different as most people are now fully out of the pandemic hesitation and are ready to rush the shopping centers and online stores alike to seek out the lowest prices. While people are focusing on keeping their trolleys full, cybercriminals are also anticipating this retail extravaganza with bated breath.
Black Friday and Cyber Monday present hackers with an easy mark as they also rush to exploit human gullibility and carry out a barrage of ransomware and other cyber-attacks.
Black Friday and Cyber Monday as a Cyber Threat
With the spike of purchases taking place on Black Friday and Cyber Monday, many people will likely fall prey to illegitimate emails of promotions and online scams while in search of legitimate retail sales. Ransomware attacks are focused on exfiltrating data from networks and holding the encrypted information hostage until a company or person pays a ransom to have the data decrypted and given back. With the invitation of numerous promotional initiatives during Black Friday and Cyber Monday, it's not difficult to see how these retail events can pose as significant ransomware attack vectors.
The upcoming festive season drives people to endure long lines and crowded stores for the sake of Black Friday sales and the e-commerce industry has taken some of that pressure off people. Cyber Monday was initially the day set aside for virtual sales but retailers have also moved most Black Friday deals onto online platforms as well – widening the scope of online shopping.
Online stores have become a convenient and trusted way to make purchases across the globe – with retailers such as Amazon.com leading the global e-commerce market, with a revenue of US$131,019 million in 2021, and Jd.com coming in second at the forefront of the Chinese market, with net sales of US$117,922 million.
Unfortunately, this useful portal is also ideal for hackers to exploit the lax attitude people have toward sharing their financial and personal credentials to reach lower prices. Opportunistic hackers will take advantage of the desperation in this window through promotional phishing emails and online scams that exfiltrate consumers’ data.
Black Friday similarly presents cryptocurrency users with exclusive incentives in which products bought using digital currency will incur a price reduction. The coined “Bitcoin Black Friday” encourages merchants to use their bitcoin to make purchases and even invest in more crypto.
Crypto is also the preferred currency for ransomware attackers due to its virtual standing and potential for anonymity. Hackers may use this to lure in users and the existing cybersecurity flaws within the industry make it easier to exploit.
The metaverse is a virtual reality that can be used to interact with other humans and bots to play games, conduct business, socialize, and shop. A relatively new technology that allows users to navigate a virtual environment through their avatars using immersive gadgets. The metaverse shopping experience allows users to shop and even interact with salespeople from the comfort of their homes.
As with all innovative technologies, the metaverse is not immune to cyber-attacks and inadequate cybersecurity measures on personal networks could lead to data breaches and ransomware attacks.
Companies Reducing Staff for Festive Seasons
As the year ends, most companies ease up on their cybersecurity measures and operate on a skeleton staff setup. Employees start to take their festive season vacation time and generally, the atmosphere is less rigid. Hackers, however, don’t always commit to the seasonal spirit and will use this window as a key vulnerability to exploit. Especially, Thanksgiving, Black Friday, Cyber Monday and Christmas Holidays are lined up, it takes a hug risk for companies ignoring cyber threats.
With a reduced staff and a majority of IT security teams unavailable, cyber-attacks run rampant during this time of the year. Companies should invest in automated cybersecurity solutions to avoid these sneak attacks and mitigate any threats encountered without needing a strong staff present.
Sangfor’s Cyber Command platform provides an extensive and automated network detection and response solution with the use of AI technology and machine learning to help networks isolate, analyze, and eliminate potential threats before they can infiltrate your system.
Sangfor's Endpoint Secure - Endpoint Security delivers end-to-end protection to secure endpoints before, during, and after attacks. It provides integrated protection against malware infections and APT breaches across your entire organization's network – all with ease of management, operation, and maintenance. The platform also received the AV-TEST “Top Product” award for achieving 100% ransomware protection against zero-day malware.
Ransomware Attacks on Black Friday and Cyber Monday
Ransomware attacks are focused on exfiltrating data from networks and holding the encrypted information hostage until a company or person pays a ransom to have the data decrypted and given back. With the invitation of numerous promotional initiatives during Black Friday and Cyber Monday, it's not difficult to see how these retail events can pose as significant ransomware attack vectors.
Consumers and corporations alike need to understand the ways ransomware attacks can occur and how to mitigate the damage they cause. Some of the most commonly used attack methods include:
A phishing scam captures its victims by appearing as legitimate communication received from trustworthy organizations and sources. The correspondence usually contains a simple corrupted email link which can open the floodgates for any number of malware. A phishing email may be sent out to multiple people at once in the hopes that even just one person falls for the trap.
In contrast, spear phishing is more targeted in its approach and baits specific vulnerable individuals. It is more effective and harder to detect. These methods are used during peak promotional periods when legitimate retailers may be sending out emails about their Black Friday deals, phishing scams will likely also crowd up your inbox. Be vigilant about which links you click on and where you provide your details.
Malicious software programs infect your device through viruses, trojan horses, and worms, which can all easily hack into your system – allowing criminals to steal your personal information, destroy data or hold your files for ransom.
Corrupted Web Pages
Ransomware code can also be hidden in web scripts of compromised websites. This is a perfect attack vector when consumers engage with online stores in a hurry and don’t ascertain the credibility of the store before entering their personal and financial details. When an individual visits the corrupted site, the malicious code is automatically downloaded, and once executed can infect the user’s entire infrastructure – moving laterally across the network to encrypt data.
Pop-up advertisements can be very annoying but we usually skim over them anyway, Black Friday deals tend to catch the eye quicker this time of the year and can trick people into clicking on them by posing as trusted brands with seemingly legitimate sales. After clicking on the pop-up, users are directed to a new window with malicious links or automatically download the ransomware onto their device.
Black Friday ransomware attack threats force companies and individuals to take a close look at cyber practices and how to improve their digital hygiene habits to ensure they don’t fall prey to a hacker. Companies must note that their network may come under fire from their employee’s cyber practices as well. This is especially due to most working environments being remote – a neglectful worker might click on a link on their personal device at home while shopping and present any number of malware a foot into your organization’s network.
Even as we’re reaching the end of November, the lessons from Cybersecurity Awareness Month should be kept in mind as we chase down those seasonal savings. As the US campaign enforced, it is the duty of companies and ordinary people alike to engage with and establish lasting cybersecurity practices.