Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/30/2018
04:00 PM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Holiday Hacks: 6 Cyberthreats to Watch Right Now

'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
Previous
1 of 7
Next

(Image: Andranik123 - stock.adobe.com)

(Image: Andranik123 stock.adobe.com)

It's the most wonderful time of the year – for holiday cheer, of course, but also for cybercriminals who use the season as leverage to manipulate their victims.

Like holiday music playing in department stores and decorations adorning your neighborhood, themed cyberattacks start around Thanksgiving and continue through Christmas. "These scams ride the wave of the holiday season, when users are more inclined to purchase online," explains Jerome Dangu, co-founder and CEO of Confiant, which has analyzed seasonal cyberattacks.

Most criminals aim to capitalize on the shopping frenzy that is the holiday season, and methods vary from victim to victim. Consumers are hit with fake delivery notices in phishing emails and credit card fraud; brands are targeted with malvertising campaigns and watering-hole attacks.

Holiday season cyberattacks are on pace to escalate by nearly 60% this season, states Carbon Black's Threat Analysis Unit (TAU) in this year's "Holiday Threat Report." Analysts considered the 2017 season for comparison: After Thanksgiving, notable security alerts spiked on Black Friday/Cyber Monday and continued at elevated levels through year's end.

Think you're safe after Christmas? Think again. The high point for seasonal crime happens in the days following Dec. 25, when people are taking advantage of post-holiday deals.

Here, cybercrime experts describe the threats that are top of mind for them during this year's holiday season. Read on to learn more about what you and your employees should watch for.

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21321
PUBLISHED: 2021-03-02
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is &...
CVE-2021-21322
PUBLISHED: 2021-03-02
fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing...
CVE-2021-21320
PUBLISHED: 2021-03-02
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messag...
CVE-2021-27730
PUBLISHED: 2021-03-02
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.
CVE-2021-25306
PUBLISHED: 2021-03-02
A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands.