Cyberthreats that operators' customers will be facing during the holidays

As the cybercriminals become increasingly sophisticated in their methods of attack, retailers and the telecoms operators who provide their online infrastructure must prepare themselves to protect themselves and their customers.

In last year’s cybercrime spree, some Dark Web developers were even advertising off-the-shelf malware in the run-up to the seasonal shopping bonanza. CyberInt found a stockpile of tools on the Dark Web used to target customers. These included fake smartphone apps masquerading as the official Victoria's Secret app and a list of vulnerabilities on its website. One Dark Web ad claimed Victoria’s Secret’s official website was vulnerable and showcased malware that could be inserted undetected. Three versions of fake apps with Victoria’s Secret branding were also available, complete with Trojan-style software. The fake app was designed to grant total access—including pictures, documents, browsing habits and banking details—to fraudsters.

But since the 2017 shopping season, the planned threats for this year’s online retailers have become far more sophisticated. If retailers do not protect their customers against all the new and old threats now being deployed, the fallout will not only adversely impact individual retailers and their customers, it may also have a negative effect on the entire online retail industry. If sufficient numbers of customers who have done their seasonal shopping online discover their personal and financial details have been used to make them cybercrime victims as a result of shopping online, many may make a New Year’s Resolution to avoid Internet shopping entirely in 2019.

In the run-up to Black Friday (November 23) and Cyber Monday (November 26), retailers and criminals are now engaged in a cyber-race where time is of the essence. The stakes are this year’s consumers’ Christmas cash.

Cybercriminals are already trading stolen lists of customer credentials, frequently without the owner knowing the credentials have been compromised. When cybercriminals do acquire stolen credentials, they generally try to maximize their usefulness by a process known as “credential stuffing,” where a single user password is used to log into multiple sites. Credential stuffing is a serious threat to both consumers and businesses, which both stand to lose money, either directly or indirectly. It is therefore recommended that consumers create different and sufficiently strong passwords for each site.

For the site or service provider, the best solution comprises targeted threat intelligence, real-time technology, automation, cyber expertise, and holistic digital risk protection.

Threat intelligence is also crucial to operators and retailers’ online defenses. This means monitoring traffic on areas such as the Dark Web that are generally outside organizations’ traditional security boundaries to be aware of stolen customer credentials that are on sale or new attacks that are being orchestrated in time for the shopping season.

The use of state-of-the-art threat intelligence is crucial at all levels in order to enable operators’ and their customers’ full defenses against the latest generation of cyber threats.

Online retailers should also protect against image scrapping from their websites to create “look-a-like” sites to steal traffic from genuine retail sites. Online retailers and operators should prepare and perform incident response playbooks for gift card, vouchers and discount code abuse during and before peak sales periods.

To combat the increasingly sophisticated techniques used by the cybercriminals, operators must lose no time in using effective threat intelligence to ascertain the nature of incoming cyber threats while helping their clients secure their websites against hackers of all kinds between now and Black Friday.

Given the increasing ingenuity of the cybercriminals and the growing challenge now facing retailers and consumers, telecom operators must now work closely with the cybersecurity industry to ensure they are doing their best to protect all users.