There’s no shortage of cyber threats facing retailers and shoppers this holiday season, as the volume and sophistication of cyberattacks surge with more consumers shopping online than ever before. Experts predicted that Cyber Monday 2020 was the biggest online shopping day in U.S. history with sales reaching an estimated $12.7 billion.
These types of cyberattacks targeting the retail industry this holiday season have a very low barrier to entry. They are low-cost for attackers and include all of the necessary details, which cybercriminals can then sell on cybercrime forums. Recent VMware Carbon Black research into dark web forums found swiped credit card information being sold at the low cost of $10-20 per card. Similarly, PayPal accounts are selling for $2-10 each, depending on how much money is in the account. A loaded account comes at a higher price tag.
Making matters worse, today’s sophisticated attack groups are consistently extending their capabilities and tactics to infiltrate e-commerce applications and avoid detection, meaning these activities are occurring without retailers or consumers ever catching wind. A recent example of this is Magecart threat actors impersonating legitimate payment applications by way of homoglyph attacks, ultimately fooling victims into visiting malicious websites.
With these threats significantly increasing during the holiday season, we must all remain vigilant and employ best practices to stay secure when shopping online. Retailers should take the following steps:
We will continue to see bad actors target both eager shoppers and retailers this holiday season. With evolving tactics like e-skimming and POS attacks, cybercriminals have their sights set on not only the holiday season but continuing to cash in on online shopping. To stay one step ahead of attackers, retailers and consumers must take the necessary precautions to protect against threats, this will help ensure a happy holiday shopping season for all.