Black Friday means green for cybercriminals, warns Stealthcare CEO Jeremy Samide
November 2018 by Jeremy Samide, CEO, Stealthcare
There has been a surge of cybercriminals and cybergangs who are bypassing consumers and going directly to their favorite e-commerce merchants to rob them, and they are expected to step up their game during the holiday shopping season.
Profitability from online theft is growing, said Marshal Cohen, chief industry advisor of The NPD Group. “Some traditions remain, but more and more consumers are forgoing the trip to the mall [starting] on Black Friday and doing their shopping online over more days.”
“No matter how diligently consumers strive to protect their credit card and personal information, organized crime is attacking the places where we shop online with no less than 14 malware families aimed at the biggest e-commerce brands,” warns Jeremy Samide CEO of Stealthcare. Stealthcare’s Zero Day Live Threat Intelligence platform has uncovered these cyberattacks and now protects its clients with the tools needed to prevent these greed-motivated cyberattacks. New Malware
This season’s top malware and variants are among the banking trojan malware families Betabot, Panda, Gozi, Zeus, Chthonic, TinyNuke, Gootkit2, IcedID and SpyEye that capture credit card information during checkout and point-of-sale. Betabot leads the pack of threats with the highest level of targeting being aimed at 46 different online retail brands, many of which are considered to be among the most trusted in the world, based on Stealthcare’s Intelligence. According to the November 13, 2018 edition of Bank Info Security, card scrapping code has infected over 100,000 e-commerce sites, which read like a who’s who of online retail, entertainment and travel companies.
“Stealthcare’s proprietary technology adjusts its profile to defend against emerging threats by creating a unique fingerprint of the client organization or its CyberDNA. This allows us to focus our efforts on the threats that matter most to a specific organization and separate the attack signals from the noise,” Samide explains.
Online Holiday Shoppers Can Help
While e-commerce sites are the primary targets since hackers can scrape data from millions of cards, consumers have a job to do when it comes to protecting what’s in their wallet.
Says Samide, “Don’t ignore those tiny seven to ten-dollar charges that appear out of nowhere on your credit card. If you can’t attribute the charge to a purchase, notify your credit card company or bank. Thieves test cards with innocuous purchases before going in for the big score.” Samide adds:
Don’t make purchases using unsecured Wi-Fi hot spots at the coffeeshop. Change passwords frequently and do not use obvious words such as books for Amazon or airplane for Travelocity.
Don’t share your passwords or allow friends to log into your accounts, no matter how insignificant or how much they ask.
Know how your kids use your devices. They tend to roam into the Google Play store and download weird games or visit other sites that can be the source of an attack; that goes for kids of all ages, including their parents! Use two-factor authentication for email and application access. It can be done with little effort and it adds a secondary layer of protection of resources. Provide the least amount of information to third-party requests to reduce your attack surface.
“A common sucker play,” says Samide, “five-minute surveys enticing you with a chance to win a $25 Amazon gift card. In the unlikely event you win, you will have given a third-party information you may think is irrelevant but when correlated with other public information on you, it could mean everything.”