Black Friday is upon us, and while most of us will happily grab that great deal for a new TV or a smartphone, retailers are staring at yet another cybersecurity nightmare.
New insight from Trustwave has outlined the challenges facing retailers in the peak shopping period, with many retailers experiencing “significant fluctuations in traffic and sales”, making staying safe and compliance an enormous challenge.
This year, the most common hacking tactics include access for sale, bot attacks, business email compromise, consumer-based attacks, email-borne malware, gift card fraud and scams, phishing, and vulnerability exploitation.
Abusing the holiday season
Turstwave notes that the biggest threats will be coming from 8BASE, Bian Lian, BlackCat (AKA ALPHV), Cl0p, LockBit, Play, RansomedVC, and Royal, which are currently the most popular threat actors out there. It’s worth mentioning that all of the groups mentioned here are ransomware actors, some of which allegedly enjoy tight relationships with their local governments.
“The significant shift towards digital commerce that unfolded during the global pandemic marked a pivotal moment for retailers,” said Trustwave CISO Kory Daniels. “An industry historically focused on compliance and point-of-sale security had to rapidly adapt to surging consumer demands, virtual workforces, and evolving threat actors.”
Hackers are known for using holidays and global events as triggers for hacking campaigns. World Cups, Olympic Games, summer holidays, tax seasons, and even things like Halloween and Black Friday are always abused to try and steal money, or personally identifiable information, from consumers.
Consumers looking for the next great deal should use common sense and buy things only from verified sources. If something is too good to be true, it most likely is, and double-checking the URL in the address bar – especially for easy-to-miss changes – should become a habit for every person going into the New Year.