Everybody prepares for Christmas and New Year’s Day in their own way. People look for presents, stores offer various sale campaigns. We decided to analyze the threat landscape during the holiday period by collecting the statistics of the previous few years. The results confirmed our fears: the attackers are particularly active during this period.
There was little doubt about it, though. Bustling prior to celebrations, oncoming vacations, the holiday season – all of these take their toll on people’s attention and as a result, they’re more prone to cybercriminal behavior, especially on Black Friday, the starting day of the season of sales and on Cyber Monday, the busiest day of online trading.
Almost all phishing campaigns try to lure their victims with promises of Christmas sales and promotions. Yes, this kind of threat is far more dangerous for users than for companies. But if you think about it, each dollar stolen by attackers is your lost profit as well. So if you suspect that your customers may be receiving phishing emails purporting to come from your company, consider warning your customers before the start of the sales. Moreover, if you trade online auditing your website for vulnerabilities and online skimmers will undoubtedly help.
Fraudsters are also active during the holiday season, they parasitize ATMs and POS terminals. Accordingly, banks and companies trading online should make sure that their devices are protected from cyberthreats with specialized security solution, tailored specifically for this type of devices. Do not forget about the physical security of these devices either, since there is oblique evidence that the demand for skimmers and blank bank cards templates is growing on the black market. We also recommend banks to employ multilevel antifraud solutions, because criminals are definitely going to use the data obtained by phishing or skimming. And make sure that your antifraud teams are ready and prepared for this high season.
Another holiday threat is DDoS. If at the very peak of sales an online shop suddenly goes down due to a powerful attack, its owners could lose a large amount of profit, and sadly organizing such an attack is getting easier to do by the day. Therefore, on Cyber Monday many companies will receive a message offering to stop the DDoS attack in return for a modest (or not) sum of money. We would recommend taking measures of protection against junk traffic as soon as possible.
Lastly: Make sure that all your employees are aware of the fact that everyone has to take special care in the pre-holiday period. You’re better to get them ready in advance for encountering online-threats with the help of cybersecurity awareness program.
You can get acquainted with our report on Black Friday threats here.
To remind you about measures it is wise to take on the holidays, we have prepared checklists for SMBs and Enterprise businesses: