Attackers may be right to believe in Santa Claus. One only has to look at the statistics on e-shopping sites and observe the last-minute rush for holiday gifts, with little to no regard for the basic rules of (cyber) security.
Hackers will obviously take advantage of the holiday season to slip ransomware, phishing campaigns, fraudulent sites, Trojan horses and other malware of their own under the Christmas tree. Their sack is full, that is for sure.
Bear in mind that the holiday season accounts for 1/4 of all scams committed during the year. Most organizations don’t realize the risk, yet the threat prowls.
Cyber threats at Christmas are a reality
The organization of work in question
The cybercriminal knows that the usual staff is often on leave around the holidays and is replaced by temporary staff. He therefore knows that he will be able to use simpler techniques to carry out his plan. Thus, he will double his efforts to carry out social engineering campaigns to collect a maximum of useful information for his future attacks.
Phishing campaigns, BEC (Business E-mail Compromission) attacks… the whole arsenal will be used to gain access to the organizations’ systems. As security teams are often understaffed during this period, the attacker knows that vigilance will be reduced. However, as cybersecurity experts know, reaction time is crucial in the event of an attack.
What are the risks during the holiday season?
Fake emails, fake bargains, ransomware…
The risks during the holiday season are only increasing. Attackers will not hesitate to use techniques that have already proven their worth, such as ransomware. The attack is often done through e-mails and then target servers to access data. CISA and the FBI have issued an alert, urging companies to be extra careful.
Beware of fake e-mails, fake bargains, online surveys, gift cards that are not gift cards and spearphishing. Another FBI bulletin alerts consumers of famous brands. The principle is that hackers impersonate the official websites of major brands (banks, shipping, sales, etc.). They use identity theft by relying on a trusted brand. By doing so, the attackers know that they will be able to expand their target. This social engineering tactic is very common during the holidays.
Financial and economic risk
The primary risk to businesses is always financial. The FBI estimates that the loss this year will be $53 million. The other significant risk, which TEHTRIS already addressed, is identity theft and data theft.
The resurgence of Grinchbots also deserves attention. What are Grinchbots? They are malicious bots that seek to obtain high-demand, quantity-limited products. Who wouldn’t want to make their youngest child happy by giving them the latest video game? The scalpers will take over the inventory of the item in question and create a kind of scarcity. This method used to be applied for the purchase of concert or sport event tickets. Now it is also used for malicious purposes. Indeed, it aims to get hold of the accounts to commit fraud. Some steal gift card balances, explore competitors’ data, collect personal or financial data. Others take advantage of this to slip in malicious links.
Who is targeted?
Main focus: e-commerce
Along with businesses, thousands of consumers are affected. Every year at this time, the same questions arise: Who will be attacked? How? When? The risk concerns all structures, some more than others.
E-businesses (perfumes, clothes, toys…) are the first victims and remain in the line of sight: their networks, applications, infrastructures are targets. The goal is to gain access to the retailers’ data and networks. The lure of a good deal always works.
As shown above, famous brand companies are prime targets. They can easily become victims of a Magecart attack for example. This attack consists of using a vulnerability in an e-commerce platform (Magento) to inject malicious code into the e-commerce site. By doing so, the attackers manage to steal credit card and identity data. They then sell them on the Dark web, opening the doors to mass financial fraud.
The logistics industry (DHL, UPS…) is also one of the sectors that hackers love. You have probably already received a tracking SMS for your online purchases, inviting you to click on a link. Impatiently waiting for your parcel, you are inevitably tempted. Beware of this type of message, as it is often a scam and the link leads to a dangerous site. Powerless, the actors of this industry see their names used for malicious purposes.
The transport sector
In the same way as the transport of goods, the public transport industry is affected. The national rail networks or the airports are increasing their vigilance during the holiday season. Indeed, the end of the year comes with an increase in travel, and therefore with an increase in risk.
What can be done against these threats soaring at Christmas?
The ability to anticipate is key to reduce the risk of cyberattacks.
Here are our six tips for organizations to better anticipate:
verify that the business continuity planning is ready and known to all teams
ensure to have enough qualified staff, aware of the cyber risks, during this specific period
guarantee an optimal level of detection by using technologies capable of compensating for humans. It is the case with TEHTRIS XDR Platform, which offers the best unified technological response on the European market: https://tehtris.com/en/. Managers of companies, small or large, must ensure to be equipped with technologies capable of identifying and responding quickly to the slightest sign of an attack.
protect, as protection is always a priority, especially during the holiday season. Companies must apply the zero trust method, patch management, continuously watch vulnerabilities and closely monitor their potential enemies to know their behavior and their TTP (technical tactics and procedures).
automate the level of response in case of behavioral deviance or incident. This is what CYBERIA, TEHTRIS’ artificial intelligence, can do, thanks to its hyperautomation capabilities for many parts of the monitoring.
be ready in case of a crisis:
Resiliency comes through preparation. You must be ready to face a cyber crisis. It is imperative to prepare all the questions and have the answers:
- Are automatic procedures in place? This question must be asked before the crisis even begins. TEHTRIS technologies provide detailed information for each alert, CYBERIA facilitates the prioritization of alerts and the visualization of the level of urgency. The company must digitize and automate in advance the procedures to be triggered, define the crisis plan with the right tempo for each action and anticipate the communication.
- What happens as soon as an attack is detected? Is a process implemented?
- Are the different actors of the company precisely defined? How should they act? Each role must be clear, a RACI must be created and a crisis manager must be appointed.
- What are the alert systems that need to be mobilized, what is the timeframe? A crisis “kit” must be available and the teams must be made aware of all. The speed of response is a major factor to manage a crisis and reassure internal teams.
- Is the communication ready? It must cover both internal and external aspects.
For private individuals, the FBI gives some precautions on its website: https://www.ic3.gov/Media/Y2021/PSA211124
Cyber threats are becoming increasingly complex
Cyberattacks at Christmas are a reality. They are increasing in intensity, in number and in complexity. The ingenuity of attackers is a fact, and organizations, more than staying vigilant, must strengthen their resilience in the event of an attack. They must ensure to have enough staff, both qualified and aware of the cyber risks. In addition, they must implement well-defined processes, as well as required, proven technologies, to protect themselves and respond to an attack.
Nothing should be left to chance. Anticipation is the key to effective cybersecurity.
 McAfee-novembre 2020
 November 23rd, 2021-Alert no. I-112321-PSA