Hackers are writing apps, setting up phony Wi-Fi networks and unleashing malware in attempts to turn legitimate Black Friday 2016 and Cyber Monday retailing into profits for themselves, according to security experts.
Bad actors are stealing personal information like passwords and credit card numbers, compromising computers and phones, and blackmailing retailers with hopes of lining their pockets, researchers say.
For example, researchers at RiskIQ found frequent cases of criminals linking the names of legitimate brands to sketchy applications and Web sites in order to lure unsuspecting shoppers.
They looked at five popular e-commerce brands to see how often their names appeared along with the term Black Friday in the titles or descriptions of black-listed applications. The research didn’t reveal the names of the retailers, but found that they lined up with bogus apps from 8.4% to 16% of the time.
“Some fake apps contain malware that can steal personal information or lock the device until the user pays a ransom,” the company’s report says. “Others encourage users to log in using their Facebook or Gmail credentials, potentially exposing sensitive personal information.”
[ MORE ON NETWORK WORLD: 50-plus jaw-dropping Black Friday 2016 tech deals ]
The research checked out the top five brands in e-commerce against blacklisted URLs that contained their names and the term Black Friday. They had a total of 1,950 that tied to spam, malware or phishing and sometimes more than one of them.
Watch out for Wi-Fi
Mobile security vendor Skycure checked out Wi-Fi networks at the top brick-and-mortar malls and named the most dangerous 10 based on the number of vulnerable networks at each.
“Many are simply misconfigured and may expose your communications to anyone who may be interested in viewing them, while others are being monitored or even set up by cyber criminals specifically to steal your data,” the blog says.
Hacker-compromised Wi-Fi access points can monitor user keystrokes or divert users to malicious Web sites, the report says.
Fake Wi-Fi networks may use the word “free” in the SSID of the network, or the name of legitimate stores. For example the report says it found Wi-Fi networks named Macysfreewifi and AppleStore in places where there was no Macy’s or Apple store.
+ RELATED: 12 tips for a safer Black Friday, Cyber Monday +
Here’s their list of the malls with the most dangerous Wi-Fi, each with at least five dangerous networks: Fashion Show, Las Vegas; Tysons Corner Center, McLean, Va.; Yorktown Center, Lombard, Ill.; Town Center at Boca Raton, Boca Raton, Fla.; Sawgrass Mills, Sunrise, Fla.; Mall of America, Bloomington, Minn.; Houston Galleria, Houston; King of Prussia Mall, King of Prussia, Pa.; Westfield Garden State, Paramus, N.J.; and Memorial City Mall, Houston.
Recorded Future's take
Real-time threat intelligence company Recorded Future made predictions on threats that will pop up based on what has occurred during past holiday shopping. Phishing attempts will triple during Thanksgiving week, according to a report by this outfit. “Themes include payment-related fraudulent emails purporting to be from PayPal, delivery confirmation emails claiming a package is being delivered, coupons promoting products or retailers, and fake refunds,” the company’s blog says.
Major shopping sites were hit by malvertising – ads that download malware – last year, and that is likely to continue, the company says. The blog cites malware that was preloaded on new mobile devices as another line of attack against consumers who receive these items as gifts.
Point-of-sale malware that steals credit card information directly from machines in check-out lines is a continuing threat, the blog says.
+ MORE: 10 top holiday phishing scams +
“POS malware is constantly evolving with each year bringing new names, types, and variants,” the company says. The specifics of the malware varies from year to year, but the objective stays the same, it says. A new version of one such malware type, FastPOS, was made available last month, for instance.
Retailers should look out for DDoS attacks against their transaction Web sites that could grind online sales to a halt and scare customers away. With the recent addition of high-volume attacks fueled by the Mirai botnet software – which has been published online – this emerges as a very real threat. “Criminal botnet operators will likely use Mirai’s success as a way to extract blackmail payments from online retailers and banks with threats of interfering with online shopping,” the company says.
Application security vendor CheckMarx reports that WordPress plugins used in content management for e-commerce may be vulnerable. The company performed static code analysis on 12 of these plugins earlier this month to find out what they might be vulnerable to.
The company found that four of the plugins tested were vulnerable and, if all were exploited, they could affect users of more than 135,000 sites. The attacks they were vulnerable to include reflected cross-site scripting, SQL injection, second-order SQL injection and file manipulation.
The researchers chose not to release which plugins they found vulnerable in order to give the organizations behind them the chance to write fixes.