The Growing Holiday Cyber Security Threat

By Hector Cisneros

Every year since the invention of malware, cyber-attacks have escalated. This is especially true during the holiday season. Every October, the U.S. government commemorates National Cyber Security Awareness Month, guided by the U.S. Department of Homeland Security and the National Cyber Security Alliance. My question is why don’t they declare the whole fourth quarter National Cyber Security Awareness Season instead. During the holidays, cybercriminals are all too aware of how people are distracted by their holiday plans. People become more careless online, especially on social media and this allows cybercriminals to take advantage of them. To make things worse, it’s extremely easy for anyone to acquire hacking and ransomware tools that are easy to deploy, without being a cybercriminal mastermind. In this episode of Working the Web to Win, we will explore the latest cyber holiday threats and provide our readers with tips, tools, and resources to counter these holiday Cyber-Grinches. So, put on your holiday cap to learn about what happens as the season of thieving nears.



In the past, we wrote several articles addressing the cyber threats that traditionally pop up during the holidays. These articles include: The Byte Before Christmas, The Endless Scams of Christmas (and beyond), The Grinch Goes Digital, and It's a Black Hat Christmas - Are Hackers in Your Stocking? In The Byte before Christmas, we talked about how people
Courtesy of www.1a20.com
behave badly when shopping on Black Friday and Cyber Monday. In the Endless Scams of Christmas and The Grinch Goes Digital, we discussed a couple dozen scams cybercriminals use to get at your hard-earned money. And in It’s a Black Hat Christmas we talked about the many ways cybercriminals have been attacking public figures, politicians and the general public. This article also provides more than a dozen ways you can protect your digital domain from cyber-attack.

We have also written more than two dozen other articles about the growing cybersecurity threats. These include articles about international threats (Chinese Hack Attack!), hackers and other cybercriminals (Who Wears a Black Hat on the Wild, Wild Web?), ransomware issues (The Crypto Crunch - Ransomware Run Amok) and many others. In my article called The State of Internet Privacy & Security in America Today, I list all 25 articles.

Courtesy of Pixabay
Thinking about cybercrime can easily make you forget the cheer of the Night Before Christmas, or any other holidays celebrated during the fourth quarter. In an article on boozalen.com entitled Retail Cybersecurity Report 2017 - Cyber threats to watch out for during peak retail season, they list what they believe will be the top threats to the retail industry. These include - Ranked by severity: Point-of-Sale Breach, Website Outages, Retail and Bank Account Takeover and Return and Refund Fraud. The threats ranked by likelihood include Return and Refund Fraud, Retail and Bank Account Takeover, Website Outages and Point-of-Sale Breaches. The report further goes on to say that various hacking and extortionist groups like “OurMine” and “LizardSquad”, along with many other copycat groups, live for the peak retail season. One of the tactics these groups use is to threaten retailers with DDoS attacks (distributed denial of service attacks). For more details on the “How and What of tools, tactics, and Techniques” these criminals use, I suggest reading the Cybersecurity report listed in this paragraph.

Courtesy of DoN CIO
On the home front, most individuals seem to ignore National Cyber Security month altogether, even though every year the number of identity theft’s increase. Attacks aimed at individuals usually start with psychological profiling on social media. An article entitled There is a new world of cyber security threat states; “What makes this year’s Cyber Security Awareness Month different from past observances is that some of the focus on cyber security and human behavior is beginning to shift from the traditional preventative and educational awareness messages about direct cyber-attacks to more sophisticated attacks that use social media to disrupt political, social or economic processes within targeted nation states.”

The current government alarm seems to be rearing its head primarily because of the Russian hacking during the 2016 election. I don’t see any real concern about the safety of average American citizens financial
security. It almost seems that any threat to a politician’s power base is more important than the security of the average American. Take for example the resent Equifax breach where 146 million (about half the US population) were exposed to possible identity theft. I wrote about this in my article called The Latest Hack Attack - Equifax Breach Exposes 143 Million Americans - Top things you Need to Know and Do. These kinds of breaches could literally bring our country to its knees if something is not seriously done to stop the frequency of these hacks.

Again, the government is more concerned about fake news and social media accounts used to disseminate disinformation about candidates running for office than they are about helping to create real initiatives to counter the increasing threats of cybercrime.  What is needed is a joint private sector and government initiative to create security methods and tools that improve current security methods by a factor of four. Until a majority of Americans begin to complain to their representatives about this problem, little if anything will get done by our government.

Courtesy of Flickr
Psychological Profiling is Real – So how does a cybercriminal compromise your digital world? How is it that a hacker can gain access to your computer, tablet or smartphone? Believe it or not, they don’t use some password decryption program to gain access to your systems. More often than not, they ask you for the information via social media, email or even by phone! And guess what, those who got hacked, often provided the hacker with the information they asked for.

Here’s a hypothetical example: the cybercriminal will begin by purchasing information on you on the dark web, gleaned from one of the recent large security compromises, like the Yahoo or Equifax breaches. The cybercriminal will then start cyber-stalking you on Facebook, Twitter and anywhere else they can find information on you. They will then create a profile of things you like, are interested in, family members, things you buy, music you like, movies you’ve seen, and the list goes on. Once this profile has enough useful information, they will begin sending you phishing emails and direct messages tempting you to respond based on the psychological profile they’ve built. If you fall for any of their phishing traps, you have either given them more ammunition to continue their stalk or worse, compromise your system altogether. You may very well have given them complete access and control to whichever digital device you used. But believe it or not, most cybercriminals will not launch their attack immediately. They will take their time to gather as much additional access, account information and passwords as possible without alerting you, the unsuspecting victim in this attack.
Courtesy of Max Pixel

For instance; using a voice altering device, they often use a female voice (because studies show that female voices are generally trusted more) to call victims and their resources! If they need the rest of the digits to your credit card, they may even call the bank, with a fake baby crying in the background and start their conversation by explaining what a terrible day they are having and asking if the bank person could help them out.  Once they have all they need, it’s too late for you to do much of anything.

So, What Can the Average Person Do? In the past, I have written many articles on how to protect yourself and your business from cybercriminals. Recently, after the Equifax breach, I wrote an article entitled How to Implement an Internet Security Counter Attack. This article provides a wealth of information on how to use the latest technology to stop many
Courtesy of Pixabay
types of phishing attacks. It starts with the free things you can do like avoiding temptation, such as a cybercriminal offering things that are just too good to be true and making sure you avoid questionable high-risk websites including anything on the
dark web, porn, and warez sites. It further discusses the importance of regularly changing and using better passwords, implementing two or more step authentications and adding USB hardware keys to your digital devices. These things further increase the difficulty of breaching your digital security. In fact, this article provides a checklist of the top seven things a person can do to protect their digital life. That same article also mentions the importance of being responsible for the security of your devices by making sure you are implementing strong security measures yourself. Things like a multi-layered malware defense, making sure your systems are up to date and scanning your systems, all need to be performed regularly.

Other Security Measures That Must Be Attended To – New threats are emerging all the time. Recently a new vulnerability was discovered in WIFI systems that virtually everyone uses. These hardware vulnerabilities need to be plugged. In fact, all hardware drivers and supporting software need to be kept up to date because security holes are discovered in the software that controls the hardware all the time. If you’re wondering why smartphone and computer updates seem to be accelerating, its because its necessary to help plug security threats! Make sure you update everything. Browsers, software programs, apps, widgets, yes everything needs to be updated.
Courtesy of Flickr

If you want to have a happy holiday, you must take responsibility for the security of your digital world. Let’s face it, by the time our government gets around to taking any meaningful type of action, the cybercriminals will have all of our presents wrapped up in their sleds, saying Ho Ho, Ho, as they head to their hideaways. Be happy and enjoy your holiday this year by taking the time to shore up your internet security. Implement the ideas and techniques mentioned in this blog and the many resources linked to this article. Contact your representatives and strongly urge them to create a joint private/public sector initiative to counter the cyber war being perpetrated on the American public. Write Facebook, Twitter, Google, Microsoft and other tech companies asking them to join forces to create viable solutions to the threats being perpetrated using their systems. If we all hold our government and the tech companies accountable for dealing with the threats infecting the internet and our digital systems, we will make great strides in making the World Wide Web a safer utility for one and all.  

That’s my opinion; I look forward to reading yours’.

Get your Free Copy Today.
This article explores the latest cyber holiday threats and provides the reader with tips, tools, and resources to counter these holiday cyber Grinches. This article provides a multitude of lists on what needs to be done along with links to other articles and resources to help the reader shore up their cybersecurity defenses.

If you your business could use some help with its marketing, give us a call at 904-410-2091. We are here to help. You can also fill out the form in the sidebar of this blog. It will allow us to provide you with a free marketing analysis to help you get better online results. Our claim to fame is that we are one of the few companies that actually provides ironclad written guarantees. Don't forget to signup for your FREE eBook!



Hector Cisneros is COO and Director of Social Media Marketing at Working the Web to Win, an award-winning Internet marketing company based in Jacksonville, Florida.  He is also co-host of the weekly Internet radio show, "Working the Web to Win" on BlogTalkRadio.com, which airs every Tuesday at 4 p.m. Eastern. Hector is a syndicated writer and published author of “60 Seconds to Success.” 

1 comment:

  1. If you haven't noticed, the Grinch has gone digital in a big way.

    ReplyDelete