Online Threats While Holiday Shopping

Babur Khan
December 7, 2018

Online Threats While Holiday Shopping

With Thanksgiving over and holiday sales in full swing, the 2018 holiday season is upon us. For retailers and financial institutions alike, this is one of the busiest times of the year. Between Thanksgiving, Black Friday, Hanukkah, Christmas, and New Year’s Eve, millions of Americans are shopping online for gifts, decorations and transportation.

With Big Business Comes Bigger Threats

Unfortunately, it’s one of the busiest times for attackers, too. Holiday shopping for cybercriminals is the ideal time to target consumers and companies. Network attacks are set to rise by 20 percent this holiday.

If you’re not an e-retailer or financial institution, you might think you have nothing to worry about. Many employees do their holiday shopping at work. This creates a security threat for organizations of all types and sizes.

Let’s look at some of the biggest security threats of the 2018 holiday shopping. Then we’ll look at the best network security solutions to prevent these online threats.

Consumer Security Threats 2018

Online security threats don’t affect just employees. They can also affect the companies where they work. This is because many employees do their holiday shopping at work. They may expose their company’s networks and sensitive information with nothing more than the click of a suspicious link.

Potential security threats include:

  • Phishing and spear-phishing: Both phishing and spear-phishing attacks are designed to trick recipients into sharing sensitive information, such as passwords or credit card numbers. The main difference between the two is that phishing attacks are broad and can be sent to many people, while spear-phishing attacks are more personalized and often contain information that’s relevant to the victim.
  • Malware: Malware can quickly infect consumers’ computers by opening an email attachment or clicking on a malicious pop-up ad. It can take the form of spyware, a virus or ransomware, and is designed to accomplish any number of goals, from stealing credit card information to hijacking computers.
  • Ransomware: Ransomware is another kind of malware attack that has recently become fairly popular. In a ransomware attack the data on the victim’s computer is encrypted. Then a ransom demand is displayed on the screen. In most cases, even when the ransom is paid, the data is never completely recovered. The main motivation behind ransomware may be financial, but it can cause harm throughout the network. Users can lose access to important data and resources.
  • Data theft: Cyber criminals can carry out data breaches by exploiting network vulnerabilities. They convince their targets to voluntarily give up their data or purchasing login credentials on deep web marketplaces. Once armed with stolen data, cyber criminals can demand ransom in exchange for its return or make fraudulent purchases.

Malicious Insiders Often Strike During Shopping Season

Malicious insiders may also view the shopping season as the perfect time to strike without being detected. One way they could attack is by using admin credentials to access and steal critical assets or access financial information.

As IBM explained cyber attacks don’t always originate outside organizations. IT Biz Advisor described it this way in their 2018 article of the evolving cyber-threat landscape.

According to white hat Dark Web professionals at Black Hat 2018, it appears that many hackers are certified professionals who operate as trusted time bombs and have already penetrated most organizations.

Security Threats to Financial Institutions and E-Retailers

Both financial institutions and e-commerce providers face many of the same security threats as consumers, albeit on a much larger scale:

  • Encrypted malware attacks: Attackers can boost their chances of bypassing network security checkpoints by encrypting their malware. Then it can be hidden within normal encrypted traffic.
  • Network vulnerabilities: As we saw with the catastrophic Equifax breach in 2017, network vulnerabilities can be used to access and control websites. Hackers can then steal personal and financial information including addresses, social security numbers, names, birth dates and more.
  • DDoS attacks: Hackers can overload an organization’s network with an unmanageable amount of traffic by leveraging clusters of hijacked computers known as botnets. These network outages can cost companies millions of dollars in lost revenue as well as brand damage.
  • Traffic surges: Traffic surges aren’t always the result of a DDoS attack. During high-traffic times, such as the opening of holiday sales or the release of a highly anticipated product, an increase of visitors to a retail or financial site can cause the website to become unavailable.

Network Security Solution to Holiday Shopping Threats

Organizations must take the precautions necessary to protect their data from such a wide variety of potential security threats. This includes network threats directly from hackers and malicious insiders, as well as indirectly from unwitting employees.

If you haven’t implemented protections before the holidays, you’ll have no choice but to hope for the best. With many attackers viewing the holiday season as an ideal opportunity to be exploited, that’s not a chance you want to take.

Here are the solutions that can help protect your organization this holiday season and beyond:

  • Safeguard critical assets by ensuring that only employees with the proper credentials can access them, and that those credentials can’t be easily stolen.
  • SSL inspection protects your organization from encrypted malware and ransomware as well as encrypted data breaches. It also keeps your employees safe from phishing attacks and unintentional data leaks.
  • Record and enforce security policies regarding administrator privileges, proper use and disclosure of sensitive information and continuous documentation to hinder both external and internal attacks.
  • Precise DDoS protection can defend your company from both targeted DDoS attacks and unexpected traffic surges, effectively preventing the loss of legitimate traffic and sales.
  • Secure your perimeter with a comprehensive security strategy that can effectively protect your company’s data center applications and network from any threats that may arise.

With these security measures in place, all companies have a much better chance of surviving the holiday season and the following year with their (and their customers’) data intact.
Learn more about A10’s SSL/TLS visibility & DDoS detection and mitigation products.


Babur Khan
December 7, 2018

About Babur Khan

Babur Nawaz Khan is a Senior Product Marketing Manager at A10 Networks. He is responsible for A10's Enterprise Security and DDoS Protection solutions. Prior to this, he was a member of A10's Corporate Systems Engineering team, focusing on Application Delivery Controllers. Babur holds a master's degree in Computer Science from the University of Maryland, Baltimore County. READ MORE

Seeing is believing.
Schedule a live demo today.

Get a Product Demo