Unlike many other businesses and industries, here at Triskele Labs, the Christmas season is one of the busiest times of the year. With cybercriminals on the prowl to exploit the cybersecurity vulnerabilities of thousands of businesses, cyber safety becomes our number one priority, both for ourselves and our clients, from the beginning of Black Friday till business as usual in 2020.
Back in 2017, it was estimated that 50 million attacks would occur during the Christmas season, alone. It’s been 2 years since then and it’s only fair to assume that with the growing sophistication of cybercriminals, this number will be much higher this year.
A question we often encounter is why the Christmas season is one of the most lucrative for cybercrime. As discussed in our previous post on cybercrime during the holidays, this is the result of employees working remotely on unsecured networks, the traditional IT lockdown that takes place during the holidays, and the irresistible urge to find the best Christmas deals - the perfect facade for determined cybercriminals.
In this post, we take a look at the type of attacks that can compromise your cyber safety this Christmas.
During this season, it’s common to receive an influx of emails from well-wishers, retailers, your favourite sites, clients, colleagues, and friends and family.
While this is all well and good, you need to be on the lookout for malicious phishing emails that prompt you to click on seemingly innocuous links or ask you to do something that doesn’t feel quite right.
What often happens is that these emails appear in the form of a Christmas greeting from a reputed person or company or even in the form of an exciting offer. Once you click these links or sign up, however, you’re taken to malicious sites that trigger the launch of ransomware or your personal details are used for nefarious purposes.
While it’s completely natural to feel more optimistic and be in good spirits during this season, it also pays to temper your exuberance with a little caution. Like we always say - anything that seems too good to be true needs to treated with a healthy dose of scepticism or even avoided altogether.
When you’re doing your shopping online, just be mindful about offers, promos and rewards from websites that don’t have any contact details or seem suspicious. Without knowing it, you may divulge personal details - including your passwords - to cybercriminals who will stop at nothing to get what they want.
Credit card fraud aside, you may even incur serious hardware damage or end up dealing with disastrous data breaches, especially if you’re doing your shopping on office devices.
In addition to scams that attempt to extract information through fraudulent means, cybercriminals also launch targeted attacks that attempt to hack your systems. This is more common during temporary spells of inactivity, such as when your staff pack up and leave for the holidays.
While not taking any holidays at all is not the solution, you must be more vigilant and ensure that your systems are protected during this period, including updating your antivirus software, updating your passwords, and if possible, leveraging 24x7x365 monitoring of your systems and incident response mechanisms, which can be automated.
While the Christmas season is one of joy for many, it’s also a time of great reward for cybercriminals who anticipate lacklustre cybersecurity efforts during this period.
If you work in the banking or e-commerce industry, this threat is especially serious. If you’re closing up for the holidays make sure your cybersecurity software is running or entrust system monitoring to an expert in this field.
If, on the other hand, you maintain your own transaction checkout pages, make sure that you’re checking them for skimmers, which are malicious scripts that extract credit card details when they’re entered.