Did you avoid the Black Friday madness? Hackers didn’t.

Kevin Mitnick, the world’s most famous hacker, once broke into the computer of Tsutomu Shimomura on Christmas Day — Tsutomu was a computer researcher at the San Diego Supercomputer Center and was on a crusade to help capture the elusive Mr. Mitnick.

While Kevin’s stories are legendary, this incident highlights that hackers, regardless of their intentions, don’t rest just because it is holiday season. In fact, the holidays provide opportunities often not afforded at other points in the year.

DevOps Connect:DevSecOps @ RSAC 2022

Chaos brings opportunity

Credit card companies have become very good at detecting and preventing fraud with computers processing algorithms to detect irregular spending patterns. If you haven’t placed an order online for a few weeks and all of a sudden go on an electronic shopping spree — chances are, your bank will block your card until you approve your transactions.

But there are certain times in the year when these algorithms have to deal with unusual activity.  Cyber Monday, for example, offers cheap online deals and holiday promotions that result in consumers purchasing at a higher rate. This uptick in spending opens up a window for criminals to take advantage and potentially avoid the usual measures that normally hinder their activities.

  • Cyber Monday doubled in YoY Gross Merchandise Volume (GMV) value and had the highest Average Order Value (AOV) at $122.
  • Mobile orders represented 49 percent of total online purchases.
  • 1 in 5 consumers would risk identify theft for a Cyber Monday deal.

And it’s not just credit card theft that sees an increase during the holiday shopping season — other types of online attacks that enable attackers to steal sensitive personal data go up as well. Criminals rely on the fact that organizations are more focused on keeping their websites responsive than on whether they are secure.

After examining our data during Black Friday and Cyber Monday, the Instart Threat Response and Intelligence Team saw just over a 40 percent increase in attack rates compared to the previous Friday, with the most common types of web attacks being SQL injection (SQLi) and cross site scripting (XSS). One thing this highlights is that while SQLi and XSS attacks are well known, there are obviously still significant numbers of vulnerabilities in the wild to make it worthwhile for attackers to pursue them. 

On-demand webinar7 common web application security attacks and what you can do to prevent themWatch now

US-based attacks are now number one

A common view in security when talking about hackers is that most of them originate from China or Russia — and while those countries are often sources of prolific attacks, they are just a piece of the landscape.

Data captured over the last six months highlights that the United States is the number one source for attacks, with China and Russia often in the second or third positions. The likely reason for this comes down to the massive amounts of computing available, and that many cloud data centers such as Amazon AWS and Microsoft Azure are located in the US. Attackers often exploit servers or end-user computers to perform their illicit activities, so while the sources of attacks originate from within the US, the attackers themselves, still may not.

This trend remained the same during the beginning of the holiday season — attacks originating from within the United States were 2,800 percent higher than China during Cyber Monday. In addition, Australia landed itself in the number five spot, a position it had never been in over the entire year.

Bots used for preparation

The only traffic that seemed to chart down over the active days was malicious bot traffic —specifically those performing credential stuffing and credit card fraud. Our data showed a rise in bot activity the week prior to Black Friday and Cyber Monday which then slowed over the respective shopping days.

This makes sense as attackers are likely to use their bots before the busy period in order to collect information or test credentials in order to ensure their future attacks are successful. A credential stuffing bot can be used to break into online shopping accounts before the holidays, so attackers know exactly which accounts are vulnerable to be leveraged during the start of the holiday sales. Similarly, a bot used to test gift card numbers enable criminals to create a list of numbers prior to the shopping days, so they can take advantage of the chaos while they obtain their illegal purchases.

Defend your company against bad bot attacks and gift card fraudRelated Solution brief

Instart can help

Every holiday season we see an increase in attacks but regardless of the time of year, criminals are always active. Instart handled 1.46B in October and 1.36B attacks in November with a heavy concentration over the popular shopping days — and attack rates are only growing.

But preventing SQL injection and cross site scripting attacks are just part of a wider security strategy. Attackers will often target an organization on multiple fronts, using a number of different vectors and comprehensive security, where each component can utilize cross-solution intelligence and automation, is essential.

Instart’s capabilities include a robust, scalable, cloud-delivered WAF, bot mitigation that brings together traffic behavior analysis and browser-based fact discovery, and a security CDN capable of absorbing the largest denial-of-service attacks. In addition, unique and modern technology to defend against web-skimming attacks like Magecart position the organization as one of the most comprehensive web security platforms available.

All of these components are underpinned by unrivaled threat intelligence, automated rules and a comprehensive rules engine. Instart is the leader in web security designed specifically to mitigate the sophisticated methodologies used by today’s hackers and protect your business from the effects of a breach.

Instart helps fully protect your brand against the latest malicious threatsRequest a demo

*** This is a Security Bloggers Network syndicated blog from Instart blog RSS authored by Jon Wallace. Read the original post at: