Cybercriminals exploit seasonal events

Apparently cybercriminals were not showing any love this past Valentine’s Day—on February 14, 2016, florist sites were under attack. Security vendor Imperva observed sharp increases in automated bot traffic directed at florist sites. Considering Valentine’s Day is the busiest day of the year for florists, with experts estimating that consumers spent close to $20 billion this year, it is understandable that their websites can become a prime target for attacks.

According to Imperva, more than nine in 10 of the florist sites witnessed a sudden surges in bot traffic between February 5 through 11. About 23% of those cases saw a dramatic enough spike to cause problems. The attack traffic did not appear to be opportunistic in nature, but rather, florists were being individually targeted in denial-of-service campaigns apparently designed to extort money.

Exploiting major seasonal and news events

Cybercriminals have shown a tendency to exploit both seasonal events and major news, whether on customers or merchants. Earlier this year, a series of picture message spam campaigns on the Kik messenger service that were timed to coincide with seasonal events, upcoming holidays and even sporting events. The spam messages used images from well-known brands such as Amazon, iTunes, McDonalds and Subway, and tried to trick recipients into following these links to malicious websites.

The Christmas holiday season is also known for its high number of cyberattacks. The 2015 holiday season resulted in a significant number of email threats that used relevant themes such as merchant sales or package deliveries to attack unsuspecting users. A few other dates that businesses should tighten their security measures on include: September 11, Memorial Day, Election Day, Independence Day, Black Friday and Cyber Monday.

Recognize signs and prepare for attacks

• Monitor your traffic – Look for abnormalities, such as heavier than usual traffic spikes and new visits from unfamiliar IP addresses.
• Watch your social media platforms – Twitter or other sites may show conversation threads that could indicate an incoming attack.
• Consider a third-party DDoS testing or pentesting – Test before heavy traffic holidays to help you assess your defenses and prepare for an attack.
• Plan for an outage – Create a plan a dedicated response team who will react in the event of an attack.

There are steps that businesses can take in order to be prepared for surges in cyberattacks. Preparedness will help businesses from losing business, valuable data and customer’s trust.