Amidst the holiday bustle, while many are busy decking the halls, cyber adversaries are busy trimming up the cyber underground for peak cybercrime season. It’s the time of the year that threat actors deploy phishing scams and other manipulative tactics to gather sensitive information, and infiltrate systems and pilfer funds.
Intel 471 would like to remind consumers and businesses in the retail and hospitality sectors to remain vigilant this holiday season. Even though you may be busy, short-staffed, or distracted with shopping, you can protect yourself and your org by remaining alert to cyber threats. Here are five threat tactics that we hope you stay alert to this season.
1. Ransomware. Instead of baking up gingerbread, cyber criminals seem to find joy in baking up ransomware attacks during your downtime. Ransomware threats over holidays and weekends can wreak havoc on organizations, particularly when businesses are contending with heightened holiday activity, overloaded systems, stretched-thin IT resources, low staffing levels, and key team players being away on holiday leave.
During the last holiday season – November and December 2023 – we observed that ransomware breaches impacting the retail and hospitality industries accounted for 24.5% of the total breaches for the year, making Q4 the quarter with the highest frequency of attacks. Ransomware operators use various techniques to gain initial access, including vulnerability exploitation, brute-force attacks, targeting of remote services, credential theft, purchasing compromised accounts, and phishing.
Organizations can set up intelligence-driven threat hunting practices to proactively seek out and mitigate threats the whole year round.
2. Phishing. Often cyber crooks increase their activity at this time, due to consumers’ spending activities and habits. Online sales in the U.S. are projected to reach US $240.8 billion during the critical November and December 2024 holiday months. Savvy cyber crooks know that cashing in on the season can bring them immediate joy. Accordingly, like elves behaving badly, these crooks send emails and text messages containing malicious links to phishing pages designed to steal sensitive information from distracted or unassuming consumers, like fake shipping notifications, travel reservation confirmations, travel deals, bank notifications, e-cards, and unsolicited charity donation emails.
During this holiday period, we’ve observed emails that claim to be from reputable retailers promising exclusive discounts or special offers in an attempt to entice recipients into clicking on links that redirect them to counterfeit online stores. We’ve also observed scammers leveraging paid ads on social media platforms as vehicles for disseminating schemes that take users to phishing sites where personal and payment information is collected.
At Intel 471, we are committed to helping organizations throughout every season – and no matter how well-fortified their organizations are – combat fraud and protect their brand and customers from increasingly sophisticated phishing scams with our intelligence-driven cybersecurity solutions.
3. Smishing. Cyber criminals are willing to get coal in their holiday stockings by engaging in smishing attacks. Smishing involves sending fraudulent text messages and updates in messaging apps that appear to come from legitimate sources. The messages contain suspicious links, tempting folks to click on exclusive offers or gift cards, delivery rescheduling, or requests to pay custom-duties for parcels.
4. TOAD Threats. Between decreased staff during the holidays and the natural inclination for employees and consumers to be more helpful and giving during the holidays, tactics such as telephone-oriented attack delivery (TOAD), callback phishing, and hybrid phishing that combines voice and phishing are potent attack combinations to deliver malware and wreak holiday havoc.
Upward of 10 million TOAD attacks are made every month, with 67% of businesses affected in 2023 by this grinchy cyber tactic. Throughout 2024, we’ve observed TOAD methods increasingly playing a significant role in the underground threat landscape, and over 60 bad actors on underground forums offering illicit calling services.
If you’d like to learn more about defending yourself against TOAD attack methods, check out our recent blogpost To Deliver Malware, Attackers Use the Phone.
5. Whaling & Business Email Compromise (BEC). The holiday season and crunch of the end of the year is the opportune time for bad cyber elves to target C-suite and high-level executives with whaling attacks. These attacks capitalize on social engineering to deceive targets to obtain sensitive information, such as by manipulating victims with urgency or impersonating trusted individuals to obtain passwords or codes and trick executives into executing fraudulent end-of-year wire transfer payments. During the holiday season, businesses are potentially more likely to pay for ransoms or meet scammer demands to minimize costly downtime or brand impact, so it’s not a holiday miracle that cyber crooks opt to exploit these tactics.
Our unique understanding of the cyber underground and BEC-linked behavior helps us protect our customers all year round. Learn more about Intel 471’s award-winning cyber threat intelligence here.
Stay Informed
At Intel 471, we help you stay informed well after the holiday decorations have been taken down about smishing and other tricks that can impact your business, brand, and reputation. Gain insights and timely data on threats, risks, and regulations affecting your organization by subscribing to our weekly Executive Intel Update.
The Lumma infostealer malware collects highly sensitive data including logins and session tokens. Here's how to conduct a threat hunt leveraging up-to-date tactics, techniques and procedures used by Lumma.
Pro-Russian hacktivism campaigns continued to be directed at countries and entities supporting Ukraine. Here's a briefing about new hacktivist groups and the risks the groups pose.
The leader of the Black Basta ransomware group employed a trusted, experienced cybercrime actor nicknamed Tinker who he relied on for phishing content, call center management and negotiation skills.
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.