The Hack contacted Jen Miller-Osborn, Assistant Director of Threat Intelligence at Unit 42, a security research unit at Palo Alto Networks, to understand how this extended “Black Friday” is a concern for corporate personal security and even from stores. Check out!
Crimes and fraud directly related to Black Friday remain a worrying threat until Christmas and New Year. This threat must be considered by consumers, as well as by the companies in which they work and even by stores and e-commerce in general.
According to the executive, due to the isolation caused by the pandemic of the new coronavirus, many people are buying their gifts over the internet and for this reason, the main attacks and frauds, which were widely practiced on Black Friday, such as ransomware, phishing, cybersquatting and formjacking, should continue to be practiced until the holidays.
According to the executive, this year people are shopping online in advance. already thinking about the possible delivery delays caused by the pandemic and the high demand for delivery services. In addition, some stores and e-commerces are encouraging this type of behavior.
“The existing trend has become even more pronounced with many retailers advising their customers to make purchases sooner than ever, due to possible delays in shipping due to the pandemic,” says Jen.
Threat to companies
Another point that concerns the researchers at Palo Alto Networks is that due to the pandemic, many professionals will go shopping on the internet with work equipment, since they are at home and, in many cases, are working with notebooks and cell phones of the company.
“Consumers must remember to do their work stuff on their work devices and their personal stuff on their personal devices. This prevents invaders from having the opportunity to attack the company in which the consumer works ”, explains the executive.
One of the main threats that Palo Alto Networks noted this year is the cybersquatting, which is when cybercriminals register fake domains, which look like legitimate business websites and stores, like “netflixbrasil”[.]with”.
Although cybercrime is more targeted at companies and governments, this end of year consumers who are working from home are also in the crosshairs. Mainly because they are using work equipment to shop online. This behavior can open doors for cybercriminals to access corporate networks and consequently, organize more elaborate attacks like data theft and leakage, even malware distribution.
“At this time of year, there is a greater risk of this [invasão de redes corporativas por mal uso de equipamentos do trabalho] happen due to remote work. As previously described, the risk is that an attacker could compromise the consumer’s working device, enter the corporate network and attack an organization directly, ”explains Jen.
Still according to the executive, it is essential that e-commerce and online stores prepare for an active Christmas shopping season. “Most importantly, e-commerces must protect their customers’ data. Data breaches can cause irreparable damage to companies’ reputations, ”concludes Jen.
Top threats and how to protect yourself
According to Jen, phishing is one of the most common attacks throughout the year, but mainly during this festive period. “Remember to think before you click. Don’t click on links from unknown sources, ”recommends Jen.
Furthermore, it is essential that consumers make sure that they are accessing legitimate websites, be especially careful with links found on social networks and unreliable sites. “Always look for the lock symbol or the” https “in the browser’s address bar,” he says.
Another widely used attack on Black Friday that can be exploited until the end of the year is formjacking, which is when injected malicious JavaScript code into a website, to assume functionality of a form page.
This attack is designed to steal credit card details and other payment information that are captured on the “checkout” pages, that is, at the time of payment at e-commerce and online stores.
“Form theft attacks are difficult to detect. Your transaction will take place, but behind the scenes, your credit card information is being stolen by attackers – and can be sold on the dark web. Consumers should make sure to double check their credit card statements to ensure that they have no suspicious activity, ”explains the director of Palo Alto Networks.
Finally, but still very important, it is separate equipment from work with personal equipment and if you are shopping online, let it be done by the staff.
See the original post at: https://thehack.com.br/black-friday-criminosos-devem-continuar-atacando-ate-o-natal-diz-diretora-da-palo-alto-networks/?rand=48873
