Why Cyber Monday is just the beginning of the festive hacking season

Black Friday and Cyber Monday are big targets for cyber attackers - but they'll also ramp up their efforts throughout December.
Written by Danny Palmer, Senior Writer

Consumers aren't the only ones looking to take advantage of Black Friday and Cyber Monday as online sales boom in the run up to Christmas -- cyber criminals are increasingly exploiting the holiday period in order to conduct malicious campaigns designed to conduct spear-phishing and deliver malware.

Security researchers at Carbon Black warn that both individuals and organisations should expect to see a rise in attempted cyber attacks during the holiday season, with the number of incidents having spiked in recent years.

According to Carbon Black, there was a 57.5 percent increase in attempted cyber attacks during the 2017 holiday shopping season.

That figure represents a huge spike, even when compared with just the previous year, where the number of attempted cyber attacks was 21.5 percent above normal levels. And there's no reason to doubt that cyber criminals won't continue efforts to exploit the holidays for their own gain this year.

"Based on existing precedent, we expect the same trend to continue, if not increase, during the 2018 holiday shopping season," said Tom Kellermann, chief cyber security officer at Carbon Black.

"During the holiday season, there is often a ton of noise in the online world and attackers do everything they can to take advantage of that. This applies not only to consumers who shop online, but also to businesses as well, many of which are understaffed and, in the case of retailers, approaching the busiest time of the year."

Much focus is put on cyber criminal activity around the days which take in Black Friday and Cyber Monday, but Carbon Black warn that the figures for 2017 show that the largest jump in attempted cyber attacks came between Christmas and New Year -- traditionally a period where retailers hold big sales.

SEE: What is phishing? Everything you need to know to protect yourself from scam emails and more

Attackers will always attempt to go for the low-hanging fruit by targeting individual consumers for a quick payday by clearing out their bank accounts or by selling fake or non-existent goods, but more organised hacking groups will also use the holiday period in an attempt to win bigger scores.

Researchers suggest that attackers will look to take advantage of two things that work in their favour.

First, the Christmas break means that most companies will have security teams understaffed over the holiday period, potentially giving attackers a better chance of breaching networks -- and crucially, less chance of being spotted if they do make their way in or deliver malware.

Second, it's likely that employees are more likely to travel and work remotely during the holiday season, so they can be more easily targeted with phishing emails -- especially ones that are related to travel bookings or gift orders.

In order to help prevent this, Carbon Black suggests three ways to help users determine if an email is potentially malicious.

1. Evaluate the email's basic hygiene - Look out for poor grammar, misspelled words and unorthodox URLs. These basic things often point towards a message being malicious -- especially if the email claims to come from an organisation or someone you trust.

2. Check the email's motivation -Requests for personal or financial information should be viewed with extreme caution, especially emails claiming to be from businesses. Attackers often attempt to mimic a company CEO and use spoof emails to make requests for financial transfers. Users can avoid falling victim to this CEO fraud by phoning or speaking to who is listed as the requestor to confirm if it is a real request.

3. Attachments link landmines - Users should be wary of downloading unexpected or unsolicited attachments as it could be a means of delivering malware. If in doubt about the attachment, check with the sender.


Editorial standards