Don’t Become a Cyber Threat Trap This Black Friday
Black Friday is arguably one of the biggest shopping bonanzas of the year, with searches for ‘best Black Friday deals’ soaring by 400% in the last month. Starting on Friday the 25th November, consumers will be bombarded by online retailers with “too good to be true” discounts until the following Monday, known as Cyber Monday.
However, thanks to the massive rise in online shopping, it’s not only consumers who are excited to exploit Black Friday and Cyber Monday. As online retailers get ready to drop their discounts and shoppers prepare to open their wallets, cyber criminals are perfecting their malware and refining their phishing scams to steal shoppers’ cash and damage the reputations of businesses by turning their websites into cyber traps.
Between November 2021 and January 2022 shoppers across England, Wales and Northern Ireland were scammed out of £15.3 million, according to new figures from the National Fraud Intelligence Bureau. Although consumers are a tempting target, online retailers are even more enticing and lucrative.
Taking a busy website hostage during the holiday season can be a quick way to extort large sums of money. If an online retailer is looking forward to higher revenue on Black Friday or Cyber Monday, a DDoS attack can quickly wipe out eagerly anticipated sales. So, what can online retailers do to protect their e-commerce infrastructure from becoming a cyber threat trap? Here’s what our experts recommend.
Implement temporary geoblocking
Implementing a temporary geoblocking measure can help stop cyber attackers from high-risk countries by blocking IP addresses from certain locations, thereby limiting access to the online retailer’s website.
However, cybersecurity teams must be strategic in how they deploy this method and how they determine which countries are a serious risk to their website. Typically, online retailers will have a detailed profile of their customers, including information such as; country of origin, purchase habits, website journey and many more.
Using this historic customer data, security teams can determine which countries to block and which to green light during a period of expected increased activity. If a country is categorised as a high-risk location, for example North Korea, the retailer has a non-existent customer base there and won’t ship there, then it would be prudent to implement geoblocking during that time period.
Implement rate limiting IP requests
Rate limiting is a method to limit network traffic by capping how often someone can repeat an action within a certain timeframe, for example, trying to log in to an account. This method will temporarily block non-standard user journeys. For example, a single household is unlikely to load hundreds of pages a second.
A rate limiting solution is useful for stopping malicious activities such as brute force attacks, DoS and DDoS attacks and web scraping.
So, how does it work? A rate limiting solution measures the amount of time elapsed between each request from each IP address, while also measuring the number of requests within a specific timeframe. If the volume of requests within a timeframe exceeds expectations, then the rate limiting solution will not fulfil the IP address’s request for a certain period of time. The blocking period needs to be tactically assessed to discourage attackers, but also not to impact genuine users
Auto-scaling solutions monitor your applications and automatically adjusts a website’s capacity in order to maintain steady and predictable performance in the face of extreme demand. The service will scale back down once the attacker stops spamming their target with bogus traffic.
It’s important to note that it can become expensive to the organisation, as they will need to pay the cloud infrastructure provider for extra resources for handling the additional traffic. Organisations should also seek to implement a queueing system when they reach the “hard limit” of their resourcing capabilities, ensuring that their website isn’t overwhelmed whilst still allowing customers to shop.
Verify access controls
Cyber threat actors will often go after gaps in their target’s third-party supply chain to gain access to their goal. Online retailers often have extensive supply chains, which puts them at greater risk of being exploited through a weakness in another organisation’s network.
Reviewing, revalidating and testing access to your digital environment can help seal any possible cracks in your cybersecurity and block-up possible access points. If third-party organisations have access to your digital environment or IT networks, ensure that you have a comprehensive understanding of what level of privilege is extended into your system, and to whom.
Internally, business leaders should make sure that passwords for their systems are strong and unique and any that are not up to standard are immediately updated. Security teams should review all user accounts and remove any old or unused accounts. It’s important that they also ensure that multi-factor authentication is enabled and configured correctly.
Privileged accounts or those with other rights or access to sensitive data should be carefully monitored and managed to ensure they are not being misused. It’s also important that security teams regularly test these access controls and that they are peer reviewed to ensure they are robust. Leveraging Privileged Access Management (PAM) solutions, with privileged account passwords held in a password vault and automatically rotated after use, will remove another avenue for an adversary to access credentials and, if they do, there’s a time limit on their effectiveness.
Brief the wider organisation
Ahead of a period of increased threat, such as Black Friday and Cyber Monday, employee education is vital. Employees need to understand the situation and be aware of the heightened threat. We recommend resharing cybersecurity best practises and why reporting suspected security events is important to encourage employee buy-in. Employees should be set up for success with the tools and knowledge to report suspicious activities, and training on how to recognise the indicators of malicious cyber activities.
To find out more about Adarma and how we can help strengthen your cybersecurity posture, please contact us.
Stay up to date with the latest threat insights from Adarma by following us on Twitter and LinkedIn.