Sign up to our newsletter
Black Friday 2017: time to fire up your charge cards and your PC for some online shopping! On second thought, first review the risks, then check your password hygiene and make sure your security solution is up to date.
Have you ever thought about what is going on in your PC while you’re shopping online? Well, at the center of it all are web browsers, which are among the primary targets for cyberattackers. This is due to the high volume of sensitive data that flows through browsers. This is especially true during the holiday shopping period. (Get some quick tips here)
Just as in past decades when cash drawers and bank vaults were targeted for theft, today’s e-shops and online banks have fallen under the scope of cybercriminals. Their “digital-focus” is just an evolutionary step beyond robbing stagecoaches in the Wild West, and banks in the 20th century.
Black Friday – and the holiday shopping season that follows – represents an opportunity for cybercriminals, where time invested yields maximum return on investment. To exploit browser vulnerabilities and capture the holiday plunder, criminals can deploy a number of tools including: code execution exploits in both the browser and browser plug-ins, man in the middle attacks, banking malware, fake Android banking apps and DNS Poisoning.“Just as in past decades when cash drawers and bank vaults were targeted for theft, today’s e-shops and online banks have fallen under the scope of cybercriminals”
To maintain vital trust relationships with customers, some retailers have responded to these potential attacks by building up cyber-defenses. However, losses of data and revenue are likely to continue to plague online shopping, and in parallel, the security of back offices for brick-and-mortar shops. As a result, retailers and consumers have adopted technologies that include SSL certificates, two-factor authentication, data encryption and equally important but often overlooked – education for employees. Other retailers (though in smaller numbers) have even become early adopters of cryptocurrencies for retail transactions.
While the number of transactions using cryptocurrencies may seem trivial, on the surface they do offer improvements in security over traditional online shopping, enabling a significant reduction in risk to sensitive information transferred during transactions with retailers who often collect considerable amounts of customer data.
However, there is a flip side. Reliably buying and using cryptocurrencies is still challenging for less technically astute users and doing so despite the risks, could expose them to further threats. Looking a little deeper, the majority of users probably never consider acquiring bitcoin until they face having to pay for ransomware encryption keys. And while cryptocurrencies like bitcoin could pave the way for considerably improved security, their adoption remains tightly bound to illicit activities.
There have long been cases of cryptocurrencies being mined secretly and thus illegally, via browsers to access the CPU capacity of users’ machines. This trend has not only grown among full-time cyber criminals: nowadays even popular (and legal) websites like Politifact.com and Showtime have been discovered cryptojacking users’ CPU capacity. Regardless of these difficulties, cryptocurrencies and associated technologies are unlikely to disappear from the commerce landscape.
Author Editor, ESET