SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
Christmas marked by sophisticated cyberattacks on retailers
Tue, 2nd Jan 2024

A change in tactics by cybercriminals during the 2023 holiday season has resulted in alarmingly complex attacks on online retailers, according to Cequence Security. Expressing concern over the novel approach, the organisation's Director of Threat Research, William Glazier, stated, "The 2023 holiday season exposed a chilling reality: cybercriminals are employing increasingly sophisticated attack methods and meticulously planning months to exploit vulnerabilities."

Glazier explained how sophisticated hackers have shifted gear to spread their attacks across wider timeframes, intending to evade detection by blending in with genuine internet traffic during peak shopping times. "This long-term approach allows them to target unprepared retailers and unsuspecting customers, particularly during peak shopping periods," voiced Glazier. He then underscored the pressing need for year-round vigilance and stringent security measures.

Many businesses, retailers in particular, tend to intensify their network and application security during the holiday season. Nonetheless, data indicates that crafty adversaries kick off their attack campaigns much earlier in the year, laying the groundwork for holiday sale attacks and intending to bypass as much of the retailers' security lockdowns as possible.

Intriguingly, cybercriminal activities such as gift card fraud surged by 110% in the second half of 2023, while scraping, loyalty card fraud and payment card fraud collectively increased by a staggering 700%. These skyrocketing figures suggest the complexity and interrelation of these tech-savvy adversaries' malicious strategies, which feature a broad array of tactics, techniques, and procedures far beyond simple brute force-style actions.

Another shift in malfeasance is the rising trend of trust-building account takeovers, which employ a slow and steady approach over extended periods. As Glazier detailed, "Account takeovers increased a staggering 410 times for retailers in the second half of the period analysed (September - November 2023)." Seemingly safe sectors such as social commerce platforms, which merge e-commerce and social media, were also affected.

The report further highlighted a surge in the use of automated tools to purchase sought-after items en masse, preventing sales to legitimate customers. "Whether it's Taylor Swift concert tickets or the latest hot sneaker drops, bots are a massive problem for fans and retailers alike," Glazier added, indicating the extent and ingenuity of these automatic 'line-jump tools' in the modern cybercrime scene.

Cequence detected malicious traffic from 719 million unique IP addresses and 325 million malicious login attempts from June to November 2023, underlining the magnitude of today's cyber threats. The ever-evolving strategies of hackers necessitate a vast and historical threat intelligence database, backed by an expert team to combat and interpret the rapidly changing API threat environment.

As a final tip to thwart such attacks, Glazier advises organizations to buttress their defence structures with a holistic security approach, ensuring the protection of their APIs throughout their entire lifecycle. "This includes discovering and cataloging all APIs, ensuring rigorous adherence to industry standards, and deploying advanced threat detection and mitigation tools to defend against attacks," Glazier concluded.