The holidays are upon as and while many businesses reap the rewards of increased consumer spending, cybersecurity concerns loom overhead like a falling sleigh. Hackers don’t care if they’re on the naughty list because the financial benefits of successful ransomware is a gift that keeps on giving to their crypto-accounts.
But don’t worry, because Fully Managed is here to stuff your stockings with tips to keep your operations and data safe during the otherwise festive season.
3 Cyber Threats to Watch Out for This Holiday Season and What You Can Do About It
1. Delivery Company Ransomware
Parcel delivery phishing campaigns are nothing new, but they are more successful during the holiday season because a wide number of people on your staff are expecting packages. It may be business related as a department may be taking advantage of third party vendor/partner holiday discounts. Or, employees may be shipping items to their place of work so as to not spoil the surprises of those at their respective homes.
At the very least they are likely checking their email often for delivery notifications. Hackers, tking advantange of this knowledge, have ramped up their phishing campaigns to deliver nothing but ransomware.
One of the most well-known parcel delivery scams which has hackers hiding under the guise of DHL Express has seen a resurgence here at the end of 2019. People are receiving emails and texts purporting to be from DHL Express regarding a package from Pitney Bowes, a company known for providing eCommerce, shipping, data and mailing services.
Pitney Bowes was hacked in October, and cyber criminals gained access to an international database of consumer emails and phone numbers.
The phishing email looks very legit, and simply asks that recipients click a link to initiate delivery or change the requirement to sign for their package. If you or someone on your staff is expecting a package from a vendor, supplier, corporate partner, or from an eComm purchase, it is very tempting to trust the email and click the malicious link.
On the flip side, hackers may be posing as your own business’ shipping service to trick consumers who are expecting a package from you. As per our
article on corporate social responsibility, the onus falls on you to make sure that your customers/clients are educated on what to look out for.
In continuing with the example regarding DHL Express and Pitney Bowes, take note that
DHL has provided a fraud awareness resource for their customers and the general public to reference. You need to do the same, and share it with your current and prospective consumer base with increased effort during the holiday season.
2. Crypto-Mining Puts a Lump of Coal in Your Energy Resources
Cryptocurrency mining is a complicated process that we’ve already covered. You can read about it in our article,
cybersecurity threats to watch out for in 2018. And yes, our prediction came to fruition as the evolution of cryptocurrency mining has drawn significant interest of malicious hackers and given rise to crypto-mining hacking (aka crypto-jacking). How significant is this interest?
CSO reports that as of end of 2019 it is often more profitable for hackers than ransomware.
In order for crypto-mining hackers to execute their scheme, they need to gain access to hardware, server space, and electricity from an outside source. They hijack the power and storage space that someone else is paying for, which may include your business because of the sizable energy resources required to manage your data centers.
This can result in the shutdown of your company’s servers and applications. Of course, given that the hacker will have infiltrated your systems with crypto-mining malware to access your energy resources, there is nothing to stop them from executing a ransomware attack too.
Crypto-mining increases with cryptocurrency values. Cryptocurrency values are tied to global use, and with a greater number of financial transactions during the holidays, you can expect certain cryptocurrency values to increase, which will spark a wave of crypto-mining and, ultimately, crypto-jacking. If you haven’t already, your organization needs to migrate data and productivity solutions to a proven cloud and have a stringent disaster recovery plan in place. You gain all of that when you switch to the
Cloud.
3. IoT Attacks
There is a notable rise of IoT attacks during the holidays. Hackers know that you may have tightened up the ship when it comes to computer security, have trained staff on phishing prevention, and even moved operations to a more secure cloud. However, they also know that you may have neglected to secure IoT, especially the most unexpected vulnerabilities.
When hacked, these vulnerable IoT devices and systems can halt revenue-generating operations, which makes you more likely to pay a ransom so that you can resume business in time for the holiday season rush.
Given the fact that they capture customer payment data, mobile POS systems are obvious targets, but there are other IoT appliances that hackers are unexpectedly targeting. Your HVAC system for one. If compromised, it can impact the temperature of your server room and impact online operations. Compromised HVAC systems can even make retail space temperature and humidity become unbearable, forcing customers to leave.
Compromised SMART lighting systems can also be shut down to drive customers out of your business and prevent staff from doing their work. If it’s connected to the web, a hacker can access it.
You need to make sure that all IoT hardware and software updates are made as they may address new security patches for exploited vulnerabilities. If you’re unsure, check with the product manufacturer and have your IT team run a full audit of all IoT devices as you enter the Holiday season.
Give your organization the greatest gift of all this year by scheduling a consultation with Fully Managed. We are happy to discuss a Managed IT support solution to address all of the cybersecurity threats above and so much more.
Contact us today to begin your Digital Transformation.