This quarter of the year is when there are celebrations, festivals, and occasions all around the world. This is the best time to relax and take vacations to enjoy life with your loved ones. While most people relax in the last quarter, the world sees a surge in the number of cyberattacks.
Security is a matter of concern at this crucial time, especially for shared hosting providers who offer hosting solutions to website owners. The provider has to ensure uptime while protecting the infrastructure from several types of cyberattacks.
The last quarter makes huge profits during various festive sales, and occasional discount offers such as thanksgiving, Black Friday, Cyber Monday, Super Saturday, Halloween, and Christmas. Meanwhile, New Year's Eve is yet another occasion for businesses to claim profits.
Highlights of Cyber Attacks In Q4
A study by the Ponemon Institute predicted that cyber-attacks on Black Friday and Cyber Monday would cause losses exceeding $500,000/hour for retailers. The study further revealed that 64% of all enterprises experienced more cyberattacks than usual during the Christmas period.
DDoS Attacks almost doubled in Q4 2014 compared to Q4 2013, and most of these used reflection techniques. This period also marked a significant increase in application and infrastructure layer attacks.
Hacker group Lizard Squad made Christmas holidays dull for game lovers in 2014 by bringing down the PlayStation Network and Xbox Live with DDoS attacks. Also, they threatened to do the same again in 2015. The group emphasized PSN and Xbox's poor security, which encourages hackers to exploit what the organizations willingly leave vulnerable
Rampant online shopping increased cyber risks. ThreatMetrix identified over 130 million cyber attacks in November 2016. It had announced that the year's final quarter would witness many more such cyber attacks during the Christmas holidays.
In the first shopping weekend of the holiday season of 2016, Enigma Software Group studied a 106% increase in the number of malware infections. Cyber Monday is a day of great deals for online purchases. On this particular Cyber Monday, malware infections were 118% higher than normal!
According to Carbon Black's data, cyber attacks were on the rise in 2017, with 57.5% more attempts during the last holiday shopping season. Carbon Black also expected that a similar increment would be seen in the holiday seasons of preceding years.
Since email has become the storehouse of receipts for all holiday shopping done in Q4, this period is also when cybercriminals launch personalized phishing attacks. A 2018 email security report stated that 12% of all phishing attacks in Q4 were VIP impersonations, whereas 10% of emails were sent from compromised accounts.
Two days before Black Friday, a major data breach put the tech-giant Amazon in trouble. This data breach resulted in the names and addresses of its customers being revealed on the website.
A DDoS Protection analysis stated that DDoS attacks almost doubled in Q4 2019 compared to Q4 2018. Furthermore, the report revealed that attacks were launched more on weekends than on weekdays. The analysis also stated that only normal attacks increased in November and December, considering the season's vibrant business.
According to our statistics, there was a 32% rise in cyberattacks in 2020 Q4 over 2020 Q3. Furthermore, the average number of DoS attacks weekly also rose by 58%.
What Are the Attack Methods and Who Are the Victims?
During the holiday season, the most common cyberattack methods are DoS attacks, phishing sites, and Ransomware. Most organizations are targeted with malware infections. On the other hand, individuals are often the victim of social engineering attacks.
Botnets are the most common way for hackers to initiate a flood of traffic. An attacker controls such malware-infected devices to send unmitigated requests to a target. Last year, the botnet attacks before Christmas doubled.
While lucrative holiday deals are all around, it is easier for cybercriminals to target users using fake deal sites (phishing sites). According to a press release by Dimension Data (2017), over 1.4 million phishing pages were created every month during the holiday season. In 2019 Q4, Phishing attacks increased rapidly up to 400% to gain unauthorized access using fake order receipts, spoofed shipment tracking, or fake holiday offer emails.
While individuals and organizations are targeted using such cyberattacks, small and medium-sized businesses remain the most preferred victim of hackers. Due to the increasing cost of a data breach, most SMB's come near to closure after a security breach. In Verizon's 2019 Data Breach Investigations Report (DBIR), SMBs were the target of over 43% of the cyber-attacks, making them a favorite choice to attack for the hackers.
How To Stay Safe Online During This Festive Season?
The most intensive and vulnerable period is Q4 when the workforce capacity is less, and the best minds in the organization are on vacation. The fall of the year is the time when the world witnesses a surprising spike in cyberattacks.
Though several factors contribute equally to reducing the shield's strength on the systems, it is crucial to take precautions before the holiday season. Below are the things an individual or enterprise can do:
- Set up a Web Application Firewall
- Use a Load Balancer or Content Delivery Network
- Have Anti-Malware software and scan for malware regularly
- Deploy an Intrusion Detection System
- Offer a website protection add-on to your customers
BitNinja Server Security has the features mentioned above and even more! If you haven't tried BitNinja yet, don't forget to register! We have a special offer this month! Install BitNinja in November and get a 50% discount! We offer you a one-week free trial, so you can experience the BitNinja effect. No credit card needed!
The above-mentioned actions are a must-have, but here are +3 additional tips:
- Regularly update the software in advance to avoid unauthorized access.
- Follow the 'principle of least privileges' when providing access to employees and enable Multi-Factor Authentication and avoid password repetition. Use strong passwords, and change them regularly.
- Focus on your customers' cybersecurity awareness and education.
An IT lockdown in Q4 is not permitted. But, if an enterprise does its homework well before letting employees off for the holiday season, hackers cannot do much harm. At an individual level, be it Black Friday or any ordinary day of the year, vigilance is key to staying safe online and keeping data secure.
Employees should also be given education and training to bring awareness to cyberattacks and their symptoms. The wise old saying, 'Think before you act,' should be remembered while reacting to emails/ads received during the festive season in Q4. An impulsive click often makes one lose a lifetime's earnings and that's not the worst thing that could happen!