adarma_logo_twgt-black[11615449]
adarma_logo_twgt-black[11615449]
Assessments
All Cybersecurity Assessments

Improve security maturity and capability while reducing risk
Cyber Maturity Assessment

Define, measure and improve your security posture
SOC Maturity Assessment

Understand and improve the capability and maturity of your SOC
SIEM Assessment

Your roadmap to increase the performance and value of your SIEM
Crisis Simulation Assessment

Stress-test your organisation’s cyber response capability

Latest Insights

Cyber Insiders is a cybersecurity podcast by Adarma.
Podcast
Nov 2

Cyber Insiders Podcast: Liz Banbury on Safeguarding Critical National Infrastructure
Threat Intelligence Exposure Management
Detection & Response
Managed SOC

Delivering today’s capability, while staying adaptable for tomorrow’s threat
Microsoft MDR Solution

Maximise the potential of your Microsoft E5 License
SOC Engineering

We help design, build, and integrate the security operations capability you need
Incident Response

Intelligence-led preparation, practice and real-world cyber incident response
Socket Platform
About Us
We Are Adarma

Your partner for effective cyber threat management
ESG

Protecting the promise of cyber resilience
Partners

Working in partnership to make the world a safer place
Careers

Become a Cyber Defender
Contact Us

Get in touch today
Insights
Cyber Hub
Cyber Insiders
News & Blog
SIEM Transformation
Future-Ready SOC Report
SecOps Excellence
Events
Share:
November 21, 2022

Don’t Become a Cyber Threat Trap This Black Friday

Black Friday is arguably one of the biggest shopping bonanzas of the year, with searches for ‘best Black Friday deals’ soaring by 400% in the last month. Starting on Friday the 25th November, consumers will be bombarded by online retailers with “too good to be true” discounts until the following Monday, known as Cyber Monday.

However, thanks to the massive rise in online shopping, it’s not only consumers who are excited to exploit Black Friday and Cyber Monday. As online retailers get ready to drop their discounts and shoppers prepare to open their wallets, cyber criminals are perfecting their malware and refining their phishing scams to steal shoppers’ cash and damage the reputations of businesses by turning their websites into cyber traps.

Between November 2021 and January 2022 shoppers across England, Wales and Northern Ireland were scammed out of £15.3 million, according to new figures from the National Fraud Intelligence Bureau. Although consumers are a tempting target, online retailers are even more enticing and lucrative.

Taking a busy website hostage during the holiday season can be a quick way to extort large sums of money. If an online retailer is looking forward to higher revenue on Black Friday or Cyber Monday, a DDoS attack can quickly wipe out eagerly anticipated sales. So, what can online retailers do to protect their e-commerce infrastructure from becoming a cyber threat trap? Here’s what our experts recommend.

Implement temporary geoblocking

Implementing a temporary geoblocking measure can help stop cyber attackers from high-risk countries by blocking IP addresses from certain locations, thereby limiting access to the online retailer’s website.

However, cybersecurity teams must be strategic in how they deploy this method and how they determine which countries are a serious risk to their website. Typically, online retailers will have a detailed profile of their customers, including information such as; country of origin, purchase habits, website journey and many more.

Using this historic customer data, security teams can determine which countries to block and which to green light during a period of expected increased activity. If a country is categorised as a high-risk location, for example North Korea, the retailer has a non-existent customer base there and won’t ship there, then it would be prudent to implement geoblocking during that time period.

Implement rate limiting IP requests

Rate limiting is a method to limit network traffic by capping how often someone can repeat an action within a certain timeframe, for example, trying to log in to an account. This method will temporarily block non-standard user journeys. For example, a single household is unlikely to load hundreds of pages a second.

A rate limiting solution is useful for stopping malicious activities such as brute force attacks, DoS and DDoS attacks and web scraping.

So, how does it work? A rate limiting solution measures the amount of time elapsed between each request from each IP address, while also measuring the number of requests within a specific timeframe. If the volume of requests within a timeframe exceeds expectations, then the rate limiting solution will not fulfil the IP address’s request for a certain period of time. The blocking period needs to be tactically assessed to discourage attackers, but also not to impact genuine users

Implement auto-scaling

Auto-scaling solutions monitor your applications and automatically adjusts a website’s capacity in order to maintain steady and predictable performance in the face of extreme demand. The service will scale back down once the attacker stops spamming their target with bogus traffic.

It’s important to note that it can become expensive to the organisation, as they will need to pay the cloud infrastructure provider for extra resources for handling the additional traffic. Organisations should also seek to implement a queueing system when they reach the “hard limit” of their resourcing capabilities, ensuring that their website isn’t overwhelmed whilst still allowing customers to shop.

Verify access controls

Cyber threat actors will often go after gaps in their target’s third-party supply chain to gain access to their goal. Online retailers often have extensive supply chains, which puts them at greater risk of being exploited through a weakness in another organisation’s network.

Reviewing, revalidating and testing access to your digital environment can help seal any possible cracks in your cybersecurity and block-up possible access points. If third-party organisations have access to your digital environment or IT networks, ensure that you have a comprehensive understanding of what level of privilege is extended into your system, and to whom.

Internally, business leaders should make sure that passwords for their systems are strong and unique and any that are not up to standard are immediately updated. Security teams should review all user accounts and remove any old or unused accounts. It’s important that they also ensure that multi-factor authentication is enabled and configured correctly.

Privileged accounts or those with other rights or access to sensitive data should be carefully monitored and managed to ensure they are not being misused. It’s also important that security teams regularly test these access controls and that they are peer reviewed to ensure they are robust. Leveraging Privileged Access Management (PAM) solutions, with privileged account passwords held in a password vault and automatically rotated after use, will remove another avenue for an adversary to access credentials and, if they do, there’s a time limit on their effectiveness.

Brief the wider organisation

Ahead of a period of increased threat, such as Black Friday and Cyber Monday, employee education is vital. Employees need to understand the situation and be aware of the heightened threat. We recommend resharing cybersecurity best practises and why reporting suspected security events is important to encourage employee buy-in. Employees should be set up for success with the tools and knowledge to report suspicious activities, and training on how to recognise the indicators of malicious cyber activities.

To find out more about Adarma and how we can help strengthen your cybersecurity posture, please contact us.

Stay up to date with the latest threat insights from Adarma by following us on Twitter and LinkedIn.

 

Contact Us