Blog

Thought Leadership

Hacking season: Why Cyber Monday presents a cyber security nightmare

Hacking season: Why Cyber Monday presents a cyber security nightmareDefault blog imageDefault blog image
11
Nov 2021
11
Nov 2021

As Black Friday and Cyber Monday approach, retailers are gearing up for what is predicted to be a holiday season worth around $214 billion in e-commerce sales. They are not alone in making special preparations: in the cyber-criminal underworld, hackers are looking to use the influx of limited-time offers to incite a sense of urgency and lure victims with phishing emails disguised as Black Friday deals.

And as the holiday season draws nearer, another familiar attack vector threatens to dampen the festive cheer. With security teams enjoying well-earned breaks, upcoming public holidays present the perfect opportunity for ransomware attackers to strike. We covered this topic in detail earlier this year, and over the Fourth of July bank holiday weekend, the ‘largest ever ransomware attack’ wreaked havoc across the world, affecting up to 1,500 organizations.

With sophisticated festive phishing and the recent well-documented surge in ransomware, the stage is set for this holiday season to be one filled with cyber disruption. Security teams need all the help they can get to face this year’s ‘hacking season’ with best-in-class technology that keeps a watchful eye over the digital enterprise 365 days a year.

Attacks know no boundaries

Most of us tend to use personal email addresses for our holiday shopping, but in an era of remote and hybrid working, this can easily have knock-on effects, granting attackers a backdoor into the corporate sphere. The pandemic has seen a greater number of organizations focused on enabling remote and flexible working in whatever ways possible to ‘get the job done.’

BYOD (‘Bring Your Own Device’) has seen a surge in popularity to enable flexible working, increase efficiency, reduce costs, and give employees the opportunity to use IT they feel comfortable with.

From a digital perspective, this has led to increasing convergence of our personal and professional lives. Phishing emails that target personal email accounts – often using more relaxed email security measures – therefore put organizations at risk. Malicious executable files may grant an attacker access to the device, and from here they can pivot into corporate activity, and infiltrate an organization through a single, careless employee.

It’s not just BYOD users who are at risk. Despite the warnings, password reuse continues to be widespread, meaning a successful credential-grab on a personal account can potentially give attackers the keys to a wide range of corporate accounts, whether it’s Microsoft 365 or any number of other internal systems.

A longer holiday calendar expands the attack ‘calendar’ surface

This year, disruptions in the global supply chain are already causing problems for shipping and delays. In response, retailers like Best Buy are offering special deals well ahead of Black Friday with the price promise that they’ll refund the difference should the price drop further on the day itself.

This extends the time period in which these offers are promoted, and thereby the attack ‘calendar’ surface, gifting attackers an extra few weeks through which to launch seasonal scams.

And we know from experience that attackers can get creative, not only with emails disguised as Black Friday offers and promotions, but also spoofing attacks posing as delivery firms, or other third-party logistics suppliers. They will try anything which might induce a click on a link or attachment.

They see you when you’re sleeping: Hackers won’t take holiday

During public holidays, IT and security teams drastically reduce in size. Attackers know this, and it no longer comes as a surprise when some of the largest cyber-attacks of the year are detonated during this time. Adopting reliable autonomous security, and in particular autonomous response, has never been more important in ensuring organizations stay protected.

With opportunistic hackers looking to spoil the holiday season for some quick returns, we cannot rely on human teams alone. Human beings are fallible: they get tired, they need breaks, and they get complacent. One simple misconfiguration can leave an unprotected device exposed to the Internet, opening up the wider digital ecosystem to attack.

Breaches are inevitable, and organizations are no longer throwing all their resources into stopping an attacker from getting inside. The focus is increasingly shifting to being able to spot their behavior once they do get in, and taking autonomous action at machine speed to minimize cyber disruption.

Self-Learning AI does exactly this, learning every user and device in the organization from the ground up, without relying on static rules or signatures, and with no pre-conceptions of what constitutes a ‘threat’. And unlike humans, the technology works around the clock, without needing breaks or unwinding as the year draws to an end.

Darktrace’s AI learns ‘self’ across the entire digital estate, from the email layer, to the cloud, network, and endpoints. And crucially, Autonomous Response takes action on behalf of security teams, and can respond to ransomware in under 10 seconds, minimizing disruption, and saving teams from facing the new year with a lengthy and costly incident clean-up.

More in this series:

No items found.

Like this and want more?

Receive the latest blog in your inbox
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
INSIDE THE SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
AUTHOR
ABOUT ThE AUTHOR
Mariana Pereira
Director of Email Security Products

Mariana is the Director of Email Security Products at Darktrace, with a primary focus on the capabilities of AI cyber defenses against email-borne attacks. Mariana works closely with the development, analyst, and marketing teams to advise technical and non-technical audiences on how best to augment cyber resilience within the email domain, and how to implement AI technology as a means of defense. She speaks regularly at international events, with a specialism in presenting on sophisticated, AI-powered email attacks. She holds an MBA from the University of Chicago, and speaks several languages including French, Italian, and Portuguese.

COre coverage
This Article
Hacking season: Why Cyber Monday presents a cyber security nightmare
Share
Twitter logoLinkedIn logo

Good news for your business.
Bad news for the bad guys.

Start your free trial

Start your free trial

Flexible delivery
You can either install it virtually or with hardware.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get a demo

Flexible delivery
You can either install it virtually or with hardware.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.