Posted in Cyber Threat Intelligence by Tanya Widen on November 21, 2016
- We studied attacks reported during the 2015 holiday period and identified new tools, techniques, and procedures (TTPs) that have emerged recently to help anticipate what to expect this year.
- Targeted threats against shoppers and retailers increase as the volume of shoppers surges during the holiday period.
- Key attack methods used over the Black Friday holiday period include phishing/smishing/spam, malvertising, pre-installed malware, point-of-sale (POS) malware, service disruption attacks, and account takeovers.
- Recent advances in threat actor TTPs have included updated POS malware such as FastPOS and increased service disruption potential following the Mirai botnet 1.2TB distributed denial of service (DDoS) attack.
- Both consumers and retailers can take actions to minmize successful attacks.
- In addition to strengthening security within the network, retailers can gain awareness into external risks using threat intelligence; for example, a recent Recorded Future analysis shows how analysts can be alerted to fake company websites used in phishing and other attacks.
- Consumers need to be vigilant with both online and offline transactions and check with your bank on setting up alerts on suspicious transactions, ensure your computer has the latest security updates and anti-malware, and don’t be afraid to ask retailers on the protection measures they have implemented.
Be very suspicious of emails offering deals to good to be true, check the links, are you sure they go to the place you shop or bank? Be sure and type them in yourself and not just click on it Look closely and you might be fooled just clicking on something bad. For example example[.]com can become exanple[.]com. Do you see what happened, the M was changed to N and would take you to a hostile site to steal your credentials, credit card, or deliver malware. Typing it yourself helps avoid this optical illusion by making sure it is correct.
Don’t fall for any odd prompts in your browser to load or change things.
When in doubt call the vendor to confirm what you see is what they are doing. A little more effort may just save your identity, bank account, or even the data and pictures on your computer or phone.
Happy Thanks Giving and a safe Black Friday and Cyber Monday.