Black Friday Cyberattacks: Businesses Faced a Surge of Malware, Ransomware This Shopping Holiday
- SonicWall Capture Labs threat researchers recorded a double-digit malware spike (63%) in the U.S. between the eight-day holiday shopping window from Nov. 25 to Dec. 2, 2019
Cyber Monday and Black Friday are the proverbial holiday shopping seasons for cybercriminals and their strategic cyberattacks, including malware, ransomware and phishing attacks. Eager online shoppers are hurried to fulfil holiday dreams — often at the detriment of cybersecurity best practices and common sense.
According to Adobe Analytics, consumers spent $7.4 billion online during this year’s Black Friday event, up $1.2 billion over 2018. Those numbers jumped for Cyber Monday, where retailers collected $9.4 billion in online sales on the frantic shopping holiday. That kind of volume — in terms of both people and dollars — makes for a lucrative target for the modern cybercriminal. In 2018, SonicWall Capture Labs threat researchers discovered a spike in ransomware attacks during the Black Friday and Cyber Monday shopping events, as well as a 45% jump in phishing attacks.
Black Friday and Cyber Monday in 2019 resulted in much of the same. SonicWall Capture Labs threat researchers recorded* a double-digit malware spike (63%) in the U.S. between the eight-day holiday shopping window from November 25 to December 2, 2019.
- 129.3 million malware attacks (63% increase over 2018)
- 639,355 ransomware attacks (14% decrease over 2018)
- 51% increase in phishing attacks on Black Friday (compared to the average day in 2019)
Cyber Monday attacks dip, Black Friday takes the hit
Cybercriminals weren’t waiting until Cyber Monday to launch their campaigns, either. In the U.S., both malware (130%) and ransomware attacks (69%) were up on Black Friday compared to 2018. This trend continued on Cyber Sunday with increases in malware (107%) and ransomware (9%).
Interestingly, ransomware attacks were down on Cyber Monday (-41%) and Small Business Saturday (-55%), resulting in an overall 14% decrease in U.S. ransomware attacks during the eight-day shopping window.
Malicious Android apps spotted during Black Friday
It’s no secret that much of holiday shopping is done on mobile apps. Busy online shoppers often leverage mobile apps that keep track of deals, provide discount coupons and offer the convenience of skipping long lines at shopping malls.
To diversify their attack strategies, cybercriminals and malware writers use this opportunity to spread malware under the guise of shopping and deal-related apps — particularly during this eight-day Thanksgiving holiday shopping window.
In the past few weeks alone, SonicWall Capture Labs threat researchers observed a number of malicious Android apps that use the shopping theme to trick users into downloading and installing these apps.
One of the more notable malicious apps is this Amazon Shopping Hack, which is tied to a range of survey scams that attempt to steal user data and sensitive information.
Name: Amazon Shopping Hack Package: com.amazon.mShop.
After execution, this app shows a human verification page to continue using this app. This “verification” essentially leads to survey-related scams that attempt to extract sensitive user information, such as email address, credit card details, address, etc.
One of the domains contacted by this app during execution is mobverify.com. A quick search about this domain revealed a number of other survey related pages:
The mobverify.com domain is associated with a number of malevolent apps, survey scam links and malicious executables. During analysis, we observed a GET request to mobverify.com, which downloads a json file containing a list of different survey scams.
Intelligence for this report was sourced from real-world data gathered by the SonicWall Capture Threat Network, which securely monitors and collects information from global devices and resources including more than 1 million security sensors in nearly 215 countries and territories.
SonicWall has been fighting the cybercriminal industry for over 28 years defending small and medium businesses, enterprises and government agencies worldwide. Backed by research from SonicWall Capture Labs, our award-winning, real-time breach detection and prevention solutions secure more than a million networks, and their emails, applications and data, in over 215 countries and territories. These organizations run more effectively and fear less about security. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.
Disclaimer: The story is in the form of a Press Release and has not been edited or reviewed for language or content. The content is published in the form that it was received by the editors after removing certain personal information such as contact numbers and emails. CXOToday.com is not responsible for the veracity of this content