Nightmare Before Christmas: Researchers Warn Of Holiday Shopping ThreatsIncreases in malware, enterprise vulnerabilities, laptop theft expected
Move over, Ebenezer -- there's a whole new class of holiday gloom in town.
During the past several weeks, security vendors and researchers have been predicting a wide range of attacks and threats for the holiday shopping season that begins Friday. This year's warnings include malware, phishing, insider threats, lost laptops, and a partridge wearing a surveillance camera in a pear tree. (OK, kidding about that last one.)
As a service to our readers and shoppers everywhere, Dark Reading presents this year's list of holiday threats. If you still want to go shopping online after this, better check your eggnog -- it might be spiked.
Eighty-four percent of retailers expect online fraud to increase this season as a result of the economic downturn. In a survey of attendees at the recent Merchant Risk Council conference, researchers from 41st Parameter found that 67 percent of retailers are most concerned about increased fraud ring activity and botnets. Thirty percent said their biggest challenge is a lack of funding to purchase better fraud-fighting technology.
IBM's ISS X-Force security research team last week issued a series of warnings, including a new wave of "parasitic" malcode-carrying spam, an increase in phishing attacks disguised as banks or online shopping portals, new launches of malware hidden on legitimate Websites, and even the infection of electronic toys and gadgets as a means of reaching corporate networks.
Security vendor Cyveillance this week issued a warning for online retailers and consumers to prepare for a significant increase in phishing attacks during the Thanksgiving weekend. Last year, Cyveillance saw a 300 percent increase in phishing attacks on Thanksgiving Day alone. With the current economic downturn -- and with phishing attacks peaking at more than 13,200 during recent months -- Cyveillance analysts expect phishing attacks to hit record highs this weekend.
Webroot is warning enterprises that it saw an 87 percent jump in malicious URLs between October and December of last year, and this year's holiday shopping season could be even worse. These sites are typically used to trick shoppers into giving their debit or credit card numbers, or to download malware, the security vendor says.
According to a report released by Shop.org this week, 55.8 percent of employees with Internet access at work -- roughly 72.8 million people -- will shop for holiday gifts from work. This figure is up from 44.7 percent in 2005. Web security firm Finjan believes there could be a near-term surge in infected corporate computers resulting from employees shopping from work.
Similarly, a new survey of 200 individuals who use computers at work indicates that 36 percent expect to do some online shopping from their desks this holiday shopping season, up 1 percent from last year. The study, conducted by Web filtering tool vendor St. Bernard Software, states that 79 percent of respondents plan to spend two work hours per week doing online shopping, and 14 percent may use up to four hours. Enterprises should consider developing "acceptable use" policies that guide employees as to how and when they may use the corporate network for shopping, St. Bernard says.
In a survey of IT professionals published last week, ISACA -- an association of IT professionals -- found that nearly half (46 percent) believe that their companies will lose an average of $3,000 or more in productivity per employee from online holiday shopping at work. More than half (55 percent) also reported that their company permits workers to shop online, but has no strategy for educating them about the risks.
A recent survey by RSA Security indicates that 10 percent of all laptop computer users have lost their machines at some point. Mozy, which offers an online data backup service, is encouraging users to back up their data before they take their laptops over the river and through the woods.
Absolute Software echoed Mozy's warnings, citing a study by the Ponemon Insitute that indicates a laptop goes missing every 50 seconds at U.S. airports.
Virtually all of the studies predicted an increase in online holiday shopping this season, even though overall sales are expected to drop as a result of the economic downturn. The researchers all suggested that IT departments take the time to educate end users about the dangers of online shopping, as well as threats posed to laptops and other portable devices.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message
Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio