Cybersecurity: the Christmas challenge

After Black Friday, Cyber Monday, Christmas shopping is just around the corner, so here’s a little safety reminder to internet shoppers and businesses to stay more serene during this festive season.

Bear in mind that the holiday season accounts for 1/4[1] of all scams committed during the year. Most organizations don’t realize the risk, yet the threat prowls

Threat reports suggest that 75 percent of cyberattacks occur at night, on weekends or during the holiday season.

Most organizations don’t measure the risk well, yet the threat lurks.

Cyber threats at Christmas are a reality

The organisation of work in question

The cybercriminal knows that the usual staff is often on leave around the holidays and is replaced by temporary staff or small teams. He therefore knows that he will be able to use simpler techniques to carry out his plan. He will thus double his efforts to carry out social engineering campaigns to collect a maximum of useful information for his future attacks.

Phishing campaigns, BEC (Business E-mail Compromission) attacks… the whole arsenal will be used to gain access to the organizations’ systems. As security teams are often understaffed during this period, the attacker knows that vigilance will be reduced. As cybersecurity experts know however, reaction time is crucial in the event of an attack.

What are the risks during the holiday SEASON?

The risks during the holiday season are only increasing. Attackers will not hesitate to use techniques that have already proven their worth, such as ransomware. The attack is often done through e-mails and then target servers to access data.

Beware of fake e-mails, fake bargains, online surveys, gift cards that are not gift cards and spearphishing. Another FBI[2] bulletin alerts consumers of famous brands. The principle is that hackers impersonate the official websites of major brands (banks, shipping, sales, etc.). They use identity theft by relying on a trusted brand. By doing so, the attackers know that they will be able to expand their target. This social engineering tactic is very common during the holidays.

The primary risk to businesses is always financial. The FBI estimates that the loss this year will be $53 million[3]. The other significant risk, which TEHTRIS already addressed, is identity theft and data theft.

The resurgence of Grinchbots alsodeserves attention. What are Grinchbots? They are malicious bots that seek to obtain high-demand, quantity-limited products. Who wouldn’t want to make their youngest child happy by giving them the latest video game? The scalpers will take over the inventory of the item in question and create a kind of scarcity. This method used to be applied for the purchase of concert or sport event tickets. Now it is also used for malicious purposes. Indeed, it aims to get hold of the accounts to commit fraud. Some steal gift card balances, explore competitors’ data, collect personal or financial data. Others take advantage of this to slip in malicious links.

Who is targeted ?

The most vulnerable sites again this year will be those related to consumer electronics, game consoles and mobile technologies.

So, beware of online fraud, embezzlement, phishing scams, malicious websites and malware.

E-businesses (of perfumes, clothes, toys…) are the first victims and remain in the line of sight: their networks, applications, infrastructures are targets. The goal is to gain access to the retailers’ data and networks. The lure of a good deal always works.

As shown above, famous brand companies are prime targets. They can easily become victims of a Magecart attack for example. This attack consists of using a vulnerability in an e-commerce platform (Magento) to inject malicious code into the e-commerce site. By doing so, the attackers manage to steal credit card and identity data. They then sell them on the Dark web, opening the doors to mass financial fraud.

The logistics industry (DHL, UPS…) is also one of the sectors that hackers love. You have probably already received a tracking SMS for your online purchases, inviting you to click on a link. Impatiently waiting for your parcel, you are inevitably tempted. Beware of this type of message, as it is often a scam and the link leads to a dangerous site. Powerless, the actors of this industry see their names used for malicious purposes.

In the same way as the transport of goods, the public transport industry is affected. The national rail networks or the airports are increasing their vigilance during the holiday season. Indeed, the end of the year comes with an increase in travel, and therefore with an increase in risk.

What can be done against these threats soaring at Christmas?

The ability to anticipate is key to reduce the risk of cyberattacks.

Here are our six tips for organizations to better anticipate:

  • verify that the business continuity planning is ready and known to all teams
  • ensure to have enough qualified staff, aware of the cyber risks, during this specific period
  • guarantee an optimal level of detection by using technologies capable of compensating for humans.

TEHTRIS XDR Platform monitors, analyzes, detects, and neutralizes threats worldwide for major players in real estate, industry, transportation, engineering, services and government.

With the Cybersecurity Made in Europe label, TEHTRIS is also the only vendor in the European Union recognized by Gartner® as a representative XDR vendor in the Market Guide for eXtended Detection and Response 2021. TEHTRIS is also a representative vendor in the Market Guide for Mobile Threat Detection 2021.

By constantly monitoring cybercrime and listening to its customers, our goal is to reduce the risks as much as possible, to face the unpredictable.

For example, a smartphone protected with TEHTRIS MTD will detect and block the navigation to a fraudulent site, such as those registered in false SMS of package delivery.

  • protect, as protection is always a priority, especially during the holiday season. Companies must apply the zero trust method, patch management, continuously watch vulnerabilities and closely monitor their potential enemies to know their behavior and their TTP (technical tactics and procedures).
  • automate the level of response in case of behavioral deviance or incident. This is what CYBERIA, TEHTRIS’ artificial intelligence, can do, thanks to its hyperautomation capabilities for many parts of the monitoring.
  • be ready in case of a crisis:
    Resiliency comes through preparation. You must be ready to face a cyber crisis. It is imperative to prepare all the questions and have the answers:
    • Are automatic procedures in place? This question must be asked before the crisis even begins. TEHTRIS technologies provide detailed information for each alert, CYBERIA facilitates the prioritization of alerts and the visualization of the level of urgency. The company must digitize and automate in advance the procedures to be triggered, define the crisis plan with the right tempo for each action and anticipate the communication.
    • What happens as soon as an attack is detected? Is a process implemented?
    • Are the different actors of the company precisely defined? How should they act? Each role must be clear, a RACI must be created, and a crisis manager must be appointed.
    • What are the alert systems that need to be mobilized, what is the timeframe? A crisis “kit” must be available, and the teams must be made aware of all. The speed of response is a major factor to manage a crisis and reassure internal teams.
    • Is the communication ready? It must cover both internal and external aspects.

For private individuals, the FBI gives some precautions on its website:

Remember to activate multi-factor authentication, and to make software updates that can protect your computer (and by extension your entire network).

When shopping online, stay vigilant, the risk of hacking or attack is high, as is the risk of credit card compromise. Buy safely with a digital wallet, make sure the sites you are surfing are reliable.

Cyber threats are becoming increasingly complex

Cyberattacks at Christmas are a reality. They are increasing in intensity, in number and in complexity. The ingenuity of attackers is a fact, and organizations, more than staying vigilant, must strengthen their resilience in the event of an attack. They must ensure to have enough staff, both qualified and aware of the cyber risks. In addition, they must implement well-defined processes, as well as required, proven technologies, to protect themselves and respond to an attack.

Nothing should be left to chance. Anticipation is the key to effective cybersecurity.

[1] McAfee-November 2020

[2] November 23rd, 2021-Alert no. I-112321-PSA