The 2020 holiday season looks a little different this year, given the global pandemic that has accelerated digital transformation almost overnight for many retailers. More than ever, consumers are flocking to online shopping for vacation shopping. In fact, consumers spent $ 9 billion on U.S. retail websites on Black Friday – a 22% increase from the previous record of $ 7.4 billion on Black Friday 2019.
For cyber criminals, the sudden move to e-commerce is a gold rush for both buyers and retailers. According to the FBI, cybercrime has increased by 400% this year. Increasingly savvy cybercriminals are employing tactics such as “e-skimming attacks,” which involve injecting malicious code into the payment processing pages of websites to remove credit cards and account credentials from customers. Magecart is one of the most famous groups Behind this activity are the consistent expansion of their skills and tactics to infiltrate e-commerce applications, evade detection, and sell sensitive card data.
What does it all mean for consumers? This could mean that credit card details are currently up for sale on dark web forums without buyers ever noticing. In fact, VMware Carbon Black’s recent investigation on dark web forums found that credit card information was available for sale on the dark web for as little as $ 10 per high balance card. Similarly, PayPal accounts sell for $ 2 to $ 10 each, with prices varying based on account availability.
The reality is that vacation hacking poses a serious significant risk for consumers and a Herculean challenge for retailers. The good news is that there are ways to stay ahead of attackers through cyber self-defense. Here are some tips that both consumers and retailers can use to ensure this year’s online shopping experience is as seamless and secure as possible:
How buyers can protect against cybercrime
Shop with a VPN: The use of virtual private networks (VPNs) has grown in popularity over the years for the simple reason that they are effective. VPNs help to hide network traffic so that attackers can more easily see what you are doing online. Activating a VPN before your next online shopping spree can go a long way in preventing attackers from accessing your information.
Keep the software up to date: One of the most common attack vectors hackers can use is targeting older versions of software with known vulnerabilities that they can exploit. By updating all software and applications on your devices before you go shopping, you can protect your device from being exploited.
Use a nextGen antivirus: Using a modern antivirus solution is fundamental to staying safe in an age of unparalleled hacking sophistication. Contrary to popular belief, this also applies to Apple devices.
Shop at home on a secure network: Public WiFi is always something to beware of, but the risk increases significantly with online transactions and credit card information. Any Christmas shopping on a network that is not your own should be avoided as public WiFi networks are often watering holes for malicious actors who want to monitor traffic and steal valuable data.
Use multifactor authentication: Just as you have both a house key and an alarm code to protect the integrity of your house, you can protect yourself from cybercrime with a password and an authentication device.
Click carefully: From phishing emails and texts promoting fake sales directing you to fake websites designed to steal your credit card, to exposing your details to unsecured retail websites, every click counts. Think before you click is always important, but when attackers are pulling out all the stops to deceive you, as they usually do during the holiday shopping season, taking the time to evaluate links and websites before you go is imperative give them data. Remember R2’s rule: read the headers, for which the response and return paths must be identical.
For retailers: visibility is key
One of the biggest security challenges for retailers is the breadth of the attack surface. The move to online retail practices has expanded the methods that cybercriminals can use to breach systems, and securing customer data requires the latest in technology and practices. Retailers need to ensure the integrity of end-user and point-of-sale (POS) systems while monitoring network activity for both preventative and forensic measures in the event of an attack. Here’s how:
Integrate network intrusion detection systems with endpoint detection systems: Retailers should be assured that endpoint detection systems communicate with intrusion detection systems. This action ensures that defenders have the full picture if or when attacks occur.
Establish visibility and data streams: Getting real-time data from endpoints and other systems interacting with a company’s network, e.g. B. Retail websites is an essential function. This data can then be used to prevent network intrusions or the delivery of harmful malware such as Magecart skimmers. If this option is not enabled, criminals can use these attack vectors to steal valuable payment information such as credit card numbers, names, and physical addresses and email addresses.
Keep the software up to date: Hardening is a must. Retailers should ensure that all applications are kept up-to-date through patch management and vulnerability prioritization. You should also conduct regular code integrity checks and implement firewalls as additional defense.
Microsegment: Using microsegmentation means separating networks and tools from one another in terms of connectivity. Using this technique protects retailers from cybercrime by reducing the ability of hackers to move within and between systems once a particular component has been breached.
There is no doubt that vacation shopping will be a bit different for all of us than in previous years. The risk of cyber attacks is higher than ever as cyber criminals use new and sophisticated attacks. These malicious actors remain serial opportunists, and the swift move to online shopping has proven a boon to their criminal operations. The cyber crime wave of 2020 is metastatic. The increased vigilance of shoppers as well as proactive security measures by retailers can have a safe holiday season ahead of them. Cybersecurity is a 2020 executive function.
By Tom Kellermann, Head of Cybersecurity Strategy, VMware Carbon Black and a member of CNBC’s Technology Executive Council