Visitors Now:
Total Visits:
Total Stories:
Profile image
Story Views

Now:
Last Hour:
Last 24 Hours:
Total:

Cyber Grinches Could Disrupt Holidays’ Biggest Shopping Weekend

Wednesday, November 23, 2016 20:08
% of readers think this story is Fact. Add your two cents.

(Before It's News)

Recent high-profile distributed denial of service attacks on the Internet’s infrastructure and an investigative journalist’s website have spiked concerns over possible disruptions of traffic during the biggest online shopping weekend of the year.

Cyber Grinches Could Disrupt Holidays’ Biggest Shopping Weekend
Online spending last year exceeded US$5.8 billion on Black Friday and Cyber Monday, according to Adobe, and that figure is expected to be even higher this year.

“If you want to mess with the economy, that’s the most disruptive time to do that,” said John Wu, CEO of Gryphon.

“A lot of retail sales have shifted from brick and mortar to online these days,” he told TechNewsWorld. “Cyber Monday is a huge day for a lot retailers.”

Easy Target for Bot Herders

If hackers want to disrupt shopping during the Black Friday-Cyber Monday weekend, they’ll likely use a botnet composed of devices connected to the Internet of Things to do it. Such botnets recently attacked DNS server provider Dyn, disrupting Internet service in the United States.

Attackers also used them to launch one of the largest DDoS attacks ever on the website of security blogger Brian Krebs.

“The reason IoT devices are being used now is because they’re so easily attacked,” Wu said. “They also have enough processing power on them to carry out these kinds of attacks.”

What’s more, devices like routers and DVRs are always on, so they’re always available for enlistment in an assault on a website.

“You can have a huge effect because you can control lots of the devices — in some cases hundreds of thousands — and flood a server,” Wu said, “and it’s very difficult to prevent these attacks, because they’re coming from IP addresses around the world. You can’t scale your bandwidth fast enough to prevent it.”

During Black Friday-Cyber Monday weekend, the situation will be exacerbated by a legitimate surge in traffic.

“Some sites went down last year because they couldn’t handle the spike in traffic to them,” Wu explained. “You could compound that effect with a denial of service attack.”

10 Million Logins an Hour

Botnets can do more than disrupt shopping traffic during Black Friday-Cyber Monday weekend. They can crack into user accounts at e-commerce sites, using the millions of username and password pairs available on the Internet from hundreds of recent data breaches.

“Because human beings resuse their passwords, that attacker is going to be successful when he uses a password stolen from another website,” said Omri Iluz, CEO of PerimeterX.

“On average, a person uses six passwords for all their online activity,” he noted.

“These attacks are very successful,” Iluz told TechNewsWorld. “With 10,000 bots, thousands of accounts can be compromised in a matter of hours.”

Automation is crucial to those kinds of attacks, however, he said. “It’s only meaningful if they can run 10 million or more login attempts in an hour to get the success rate they need.”

Gift Card Scams on Steroids

Digital desperadoes also have brought the power of bots to another holiday scam: compromising gift cards. After figuring out how gift card numbers are generated for a retailer, an attacker can write a script for the botnet to execute to determine if there’s a balance on the card.

A hacker could check tens or hundreds of millions of combinations in that way and then register and sell cards discovered to have a balance.

Unsafe mobile apps also might victimize Black Friday-Cyber Monday shoppers.

Researchers found 5,198 Black Friday apps in global app stores for a recent RiskIQ study. Of those, one in 10 already had been tagged as malicious and unsafe to use.

Be Paranoid

Online bandits also are exploiting the reputation of some of the largest e-commerce sites on the Web to prey on consumers.

The top five brands leading in e-commerce have had a combined total of more than 1,950 blacklisted URLs that contain their branded terms as well as “Black Friday” and are linked to spam, malware or phishing, the RiskIQ report notes.

The same is true of apps from those brands. More than 1 million blacklisted apps reference one of the leading e-commerce brands in either their title or description, according to the study.

While consumers can’t do anything about a DDoS attack on one of their favorite shopping sites, they can protect themselves from attacks aimed directly at them.

“Consumers need to be paranoid about what kinds of things people might do to lure them into scams,” said Venkat Rajaji, senior vice president for marketing at Core Security.

“You’ve got to keep your guard up during the holiday season. Don’t click on any link in a consumer email unless it’s a highly, highly trusted source,” he told TechNewsWorld.

“You’ve got to be paranoid,” Rajaji added. “You’ve got to assume the worst when you’re shopping.”

Report abuse

Comments

Your Comments
Question   Razz  Sad   Evil  Exclaim  Smile  Redface  Biggrin  Surprised  Eek   Confused   Cool  LOL   Mad   Twisted  Rolleyes   Wink  Idea  Arrow  Neutral  Cry   Mr. Green

Top Stories
Recent Stories

Register

Newsletter

Email this story
Email this story

If you really want to ban this commenter, please write down the reason:

If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.