Businesses leaning into online sales for Black Friday and Cyber Monday this year should be on the lookout for increased cyber attacks as pandemic shoppers increasingly go online, according to a recent cybersecurity forecast.
California-based CrowdStrike says in its latest eCrime Index forecast that while online threats to credit card and financial information always peak on Black Friday and Cyber Monday, this year is “especially precarious” because of the impact of COVID-19 on consumer habits and the monthslong logjam in the global supply chain.
“As long as there’s money to be made, threat actors will strike,” Adam Meyers, CrowdStrike‘s senior vice president of intelligence, said in a video presentation.
“When they are taken down, others will emerge to take their place,” he added.
Mr. Meyers said he expects the attacks to continue after Cyber Monday and then dip between Christmas Day and Orthodox Christmas on Jan. 7, when the internet pirates take time off to enjoy the holidays.
“Threat actors are taking time off, they’re spending time with their families, they’re doing all of the things we’re doing during that same time period,” Mr. Meyers said.
He said online adversaries from China, North Korea, Russia and Iran often blackmail companies in “data extortion” schemes after infecting their systems with ransomware and malware programs that hold their financial records hostage.
CrowdStrike said online attackers also use spam and old-fashioned hacking to sell stolen financial information, including credit card numbers, to the highest bidder.
The forecast comes as Adobe predicts U.S. consumers will spend a record $209 billion online between Nov. 1 and Dec. 31, a 10% increase over 2020.
CrowdStrike‘s current eCrime Index of 83.79 out of 100, which spiked sharply leading into Thanksgiving weekend, reflects the current activity level of cybercriminals across 30 factors ranging from data extortion to spam.
The security firm said the online criminal gangs nicknamed Pinchy Spider, Wizard Spider and Doppel Spider are currently the most active.
It also noted that many of the online crime organizations work together on big-money electronic heists, coordinating strikes during Microsoft software updates and other vulnerable times.
These more sophisticated attacks often seek the U.S. consumer information that has the most value to foreign interests on the black market, going well beyond identity theft.
The firm’s 2021 Global Threat Report warns of 149 distinct “targeted intrusion adversaries” who coordinated attacks on supply chains and the health-care sector in 2020.
CrowdStrike CEO George Kurtz wrote in the report that state-sponsored adversaries “infiltrated networks to steal valuable data on vaccine research and government responses to the pandemic.”