RiskIQ, the global leader in attack surface management, today released its annual Holiday Shopping Season Threat Review highlighting how bad actors leveraged the season to fill their pockets.
The 2019 holiday shopping season – November 29 through December 31 – raked in a record $1 trillion, an increase of nearly $300 billion from 2018. Online sales increased 13 percent overall, while Black Friday and Cyber Monday saw 17 percent and 19 percent increases respectively. And for every pound that consumers spend shopping online, bad actors are looking to capitalise.
Hackers capitalise by using the brand names of leading e-tailers, as well as the poor online security hygiene of consumers. They fool shoppers eagerly searching for deals, sales, and coupons by creating fake mobile apps and landing pages. These tactics trick users into unknowingly downloading malware, using compromised sites, or giving up their login credentials and credit card information.
For businesses, what begins as an event that significantly boosts sales can turn into a major security fiasco that erodes the trust of customers and prospects.
Using RiskIQ Illuminate – a platform housing petabytes of internet intelligence collected over the past decade – internal analysts were able to efficiently surface malicious findings across several data sets including mobile applications, domain registrations and hosting infrastructure.
RiskIQ’s key findings:
• 58 percent of e-commerce traffic on Black Friday came from smartphones
• 1,180 apps were blacklisted as malicious that can be found by searching for terms related to holiday shopping
• 72 highly concerning blacklisted apps contained both branded terms of the top-10 e-commerce websites and holiday terms in the title or description
• 3,839 combined blacklisted apps targeting the branded terms of top-10 most trafficked sites on Thanksgiving weekend
• 36 blacklisted apps for the top-five ‘Elite’ Retailers in the UK contained their branded terms in the title or description, causing concerns for consumers
• 72 incidents of domain infringement across the top-10 e-commerce sites and holiday shopping, trying to trick e-commerce customers into clicking on malicious sites
• 1,878,818 blacklisted URLs contained holiday terms
• 2,671 Credit Card Skimmers, like Magecart, detected by RiskIQ over the 4th quarter of 2019
• 24 percent of consumers unknowingly downloaded an app outside of the Google Play and Apple App stores
• 38 percent of consumers do not read or are unsure if they read the permissions before downloading an app
• 58 percent of consumers do not check whom the developer is before downloading an app
To understand the methods threat actors employed and where they focused their efforts, RiskIQ analysed the RiskIQ Global Blacklist and RiskIQ mobile app database* before and after the holiday season. Our researchers looked for instances of the 10-most trafficked e-commerce sites over the holiday season—brands people are incredibly likely to shop with during that time of year.
For our research into websites and landing pages, the RiskIQ Research team focused on domain infringement and phishing attacks for each of the e-tailers. They also explored instances of their branded terms appearing alongside “Black Friday,” “Cyber Monday,” “Christmas,” or “Boxing Day” in blacklisted URLs. We also looked at “cause-page URLs,” URLs that send potential customers to pages hosting something malicious.
For specific methodology, metrics or to learn more, download the RiskIQ 2019 Holiday Season Threat Review: https://www.riskiq.com/infographic/holiday-shopping-threat-review-2019/
*The source of RiskIQ’s Blacklists is our expansive collection of internet data gathered by our exclusive virtual users by scanning, crawling, and passively sensing the internet—including web pages, mobile apps and stores, and the most popular social networks. RiskIQ’s crawling technology covers more than 2 billion daily HTTP requests, hundreds of locations across the world, 40 million mobile apps, and 600 million domain records.