The holiday season is here, and if there’s anything the data is pointing to it is this: thanks to the COVID-19 pandemic and accompanying restrictions, e-commerce will be such a big deal during the 2020 holiday season compared to previous years.
Already, cybercrime is up 600 percent thanks to the coronavirus pandemic and indications show that things will only get worse.
Prior to the coronavirus pandemic, an estimated 2.05 billion people shopped online.
This number is poised to go up, however: data from American Express’s 2020 Amex Trendex Report indicates that at least 60 percent of holiday shoppers will be spending their holiday season at home this year because of COVID-19.
Increased focus on e-commerce this holiday season means there’ll be increased attempts from cybercriminals.
In particular, you want to pay attention to the following cybersecurity trends:
- A Rise in Ransomware Attacks Targeted at Retailers and E-commerce Businesses
While, of course, we have read reports of governments having to fork out hundreds of thousands in ransom to compensate malicious hackers to prevent loss of files to these hackers, very few realize that this category of attack is starting to evolve to target retailers and ecommerce businesses on a large scale.
In a 2018 study, researchers from SonicWall found that ransomware attacks increased a whopping 432 percent over the holiday period compared to the previous year.
In another study, researchers found that one in three of all cyber incidents affecting retailers include malware such as ransomware and point-of-sale compromise.
Why the increasing focus on retailers and e-commerce businesses? There are two key reasons:
- Cyber attacks are becoming increasingly financially-motivated by money, and the holiday season presents a nice opportunity. Many retailers earn up to a quarter of their annual revenue during the short holiday season and as such cannot afford to see business activities halt. Ransomware attacks during this period are a lot more serious — and the cybercriminals know this.
- People are very busy and active trying to get a lot of deals during the holiday season; this means there will be an increase in clicks from consumers, use of pop ups and other promotional means by businesses that hackers can capitalize on to infect users’ computers.
- Expect a Sharp Rise in Ransom Distributed Denial-of-Service Attacks
Distributed Denial-of-Service (DDoS) attacks are not new, but Ransom Distributed Denial-of-Service (RDDoS) attacks are now a thing: and you can expect to see more of this during the 2020 holiday season.
In fact, the FBI has issued a notice about an uptick in RDDoS attacks in recent months — but you can further expect these attacks to increase during the holiday season.
Ransom Distributed Denial-of-Service (RDDoS) attacks should not be confused with ransomware attacks or normal DDoS attacks.
RDDoS attacks occur when malicious hackers threaten to flood a web server with more traffic than the server can handle, eventually crashing the server, if demanded ransom is not paid.
Since no retailer is willing to bear the thought of having their server down for days, hours, or even minutes during the busy and pivotal holiday season, bad actors will capitalize on this by threatening to launch these attacks unless a ransom is paid.
RDDoS attacks will be amplified thanks to the COVID-19 pandemic: since a lot of holiday shopping will be done online compared to in previous years, malicious hackers will try to cause a lot more disruptions this holiday season in hopes of having a big payday.
- Holiday Phishing Scams
Online phishing attacks generally increase by as much as 336 percent during Black Friday — and it seems things would only get worse this year.
People tend to throw caution to the wind when clicking links during the holiday season.
I mean, pretty much every major retailer is offering discounts, coupons, and deals, so the natural reaction when you get an email purportedly from your favorite retailer about a deal is to click.
According to information from the FBI, you can expect a rise in phishing emails and advertisements purportedly offering discounts, coupons, and deals during the holiday season.
- More Instances of Formjacking
Formjacking occurs when malicious hackers hijack a web form (usually a checkout form) with the hopes of intercepting and stealing sensitive personal information belonging to people checking out on an e-commerce site.
While formjacking isn’t new, there will be more instances of it — particularly high-profile instances — this holiday season as the stakes are high.
During the holiday season last year, for example, Macy’s reported being a victim of formjacking. Apparently, malicious code was added to web pages on their website, leading to attackers gaining access to sensitive customer data that include their credit card details and personal information.
- Supply Chain Attacks
Supply chain attacks are rapidly becoming one of the key cyber security threats to pay attention to during the 2020 holiday season.
While most e-commerce companies have taken adequate measures, and continue to take measures, to secure themselves for the holiday season, very few have thoroughly audited their partners and supply chain.
Data shows that up to 80 percent of cyber attacks now start from the supply chain. This supply chain attack, in which attackers gain access to a (often) bigger, more secure organization by targeting its partners and service providers who share a connection with it is becoming more common — and will come into play a lot more as far as holiday season commerce is concerned this year.
Available research shows that the average e-commerce site uses 40 – 60 third-party solutions; all these solutions are weak links that an attacker can exploit.
- Account Takeovers
Account takeover occurs when a malicious hacker uses a bot to illegally access and take over a victim’s e-commerce account with the hopes of using this account to fraudulently carry out transactions that are then debited to the victim’s card.
While account takeovers aren’t new, available data shows that account takeover attacks have tripled compared to previous years — further driven by the COVID-19 pandemic. This form of attack will further increase during the 2020 holiday season.
- Impersonation Scams
You can also expect a rise in impersonation scams during the 2020 holiday season; these scams usually skyrocket around Black Friday and Cyber Monday and involve hackers using domain name impersonation, malicious browser extensions, and social media giveaway scams purported to be from a legitimate e-commerce company in an attempt to steal sensitive user data and information.
Kristina Tuvikene is a freelance writer that specializes in working for about cybersecurity and cloud hosting brands.