Are your network assets about to go on sale this Black Friday?
Even though Black Friday is a “holiday” for retailers (who get a chance to clear old stock before Christmas) and consumers (eager to buy items at a discount), cybercriminals love Black Friday too.
For threat actors, Black Friday is a perfect opportunity to steal money and data and access corporate systems unnoticed.
Here are three reasons Black Friday is one of the worst days for cyber attacks, the kind of threats IT teams can expect to see, and how to combat them.
Most threat actors are motivated by financial gain. Major events like Black Friday, when consumer spending goes up, are a way for them to quickly make a considerable amount of cash.
In 2021, UK shoppers spent £4.85bn during Black Friday sales. This year, PwC predicts that sales will increase by £500m, with the average person spending around £238. With more people shopping online, many purchases are likely to be completed through e-commerce stores—something that cybercriminals will no doubt exploit.
In the US, the Cybersecurity & Infrastructure Security Agency has issued a bulletin warning shoppers to be wary of fake websites, phishing emails, and malicious links. Besides stealing money, threat actors are also interested in consumers’ personal information.
Black Friday scams don’t just affect customers. They also cause real damage to companies. About 86% of consumers think it’s a business’ responsibility to protect their data.
Magecart attacks, in particular, are of real concern to retail businesses. During a Magecart attack, cybercriminals implant malicious code into the client side of a retailer’s website to steal customer data and payment information.
Last year, Magecart attacks affected thousands of UK businesses ahead of Black Friday. At the time, the Chancellor of the Duchy of Lancaster, Steve Barclay, said,
“On Black Friday and Cyber Monday the hackers will be out to steal shoppers’ cash and damage the reputations of businesses by making their websites into cyber traps.”
According to Malwarebytes, Magecart attacks are still active but are now more covert.
Because most Magecart attacks happen due to vulnerabilities in third-party software, retailers should ensure all software is up to date leading up to big events like Black Friday, Cyber Monday, and Christmas.
Wouldn’t it be a shame if a company’s website suddenly went down during one of the busiest days of the year?
This is the motivation behind Distributed Denial of Service (DDoS) attacks. DDoS attacks happen when threat actors flood a website with fake traffic, causing it to crash.
A few years ago, the cybersecurity company Link11 recorded a 70% increase in DDoS attacks during Black Friday and a 109% increase in DDoS attacks on Cyber Monday when compared to any other day in November.
Today, cybercrime groups are also conducting ransom DDoS (RDDoS) attacks. This is when cybercriminals extort businesses using the threat of a DDoS attack. In some instances, cybercriminals might run a small demo of what the attack would look like before sending a ransom note.
The UK is particularly vulnerable to DDoS attacks compared to other European countries, and e-commerce businesses are among the top 10 most targeted sectors globally.
Businesses that expect a lot of traffic on their site during Black Friday and Cyber Monday will likely choose to pay up, especially considering that companies impacted by DDoS lose around £140,000 per attack. However, research shows that paying a cybercrime gang once almost always results in cybercriminals coming back for more.
Historically, malware and ransomware attacks also spike during Black Friday, and DDoS attacks can mask other security breaches. In 2021, malware attacks surged by a whopping 300% during Black Friday. And even though ransomware activity decreased somewhat in Q3 2022, cybersecurity experts predict a spike in Q4 2022, citing commercial events like Black Friday as the reason.
One way organisations can prevent DDoS and other attacks is with an Intrusion Detection System (IDS) that blocks traffic if attack patterns are detected.
As consumers try to make the most out of Black Friday and Cyber Monday sales, they distractedly access their emails from their phones and pay little attention to the sender or the contents of the email promotion. That last-minute deal may look obviously sketchy in hindsight, but if it appears to come from their favourite brand, a consumer will probably click on it.
Employees are just like anyone else: they also want to take advantage of Black Friday discounts.
In an era of remote and hybrid working, this is a potential problem. The line between work and personal life has been blurred, bring your own device (BYOD) policies are common, and many people use personal devices for work (and vice versa).
An employee who accesses their personal emails on a work device and clicks on a Black Friday phishing scam can inadvertently grant threat actors a backdoor into the corporate network.
Complicating matters further is that during busy events like Black Friday, retailers might be too busy to notice an attack in progress.
Similarly, when commercial events fall during other celebrations (like Thanksgiving, as is the case this year in the US), IT teams might be reduced in size, with fewer employees manning systems and critical employees travelling and unable to respond to urgent emails or calls.
IT teams struggle to sift through security alerts even on “normal” days. Relying on human analysts to spot anomalies and prioritise alerts during events like Black Friday and Cyber Monday, when suspicious activities might be even higher, is not a good strategy.
Instead, companies should invest in security automation platforms that can distinguish real threats from false positives without human input and take immediate, automated action in the event of time-critical threats like ransomware.
Black Friday sees an uptick in cyber criminal activities, but the truth is that retailers are vulnerable to security threats all year round.
While there are many steps a company can take to make their business more secure against attacks, an integrated threat detection and response platform should not be underestimated, especially if it has automated capabilities.
SenseOn is a consolidated cyber defence platform that can be relied upon to spot DDoS attacks and other security events in real-time. Our platform unifies data across a company’s digital estate (endpoints, network, cloud), flagging only genuine alerts for analyst attention and stopping time-critical security events without human intervention.
To discover how SenseOn can help secure your business, arrange a demo today.