Opinions

Beware The Grinchbots This Black Friday

Black Friday is predicted to be a bumper year for retailers - but also fraudsters. Pascal Geenens looks at the rise of 'Grinchbots', used to steal data from online retail accounts.

Share this article

Share this article

Black Friday is predicted to be a bumper year for retailers - but also fraudsters. Pascal Geenens looks at the rise of 'Grinchbots', used to steal data from online retail accounts.

Opinions

Beware The Grinchbots This Black Friday

Black Friday is predicted to be a bumper year for retailers - but also fraudsters. Pascal Geenens looks at the rise of 'Grinchbots', used to steal data from online retail accounts.

Share this article

Imagine how we would have coped with isolation and lockdowns if the pandemic had hit 40 years ago? Our binge watching would have been limited to whatever we already had on VHS or attempted to record ourselves with a camcorder. Pacman and Frogger would have been our best gaming options.

We’d have been attempting Jane Fonda workouts from a book with an accompanying vinyl record. Fax machine sales would have gone through the roof, used to send shopping lists to the local grocery store and butcher. Phone bills would have been sky high though we might have been able to at least leave a message via the answerphone.

Fast forward to today and things couldn’t be more different. We can peloton or do yoga with strangers around the world. We can ask Alexa to add beans to the shopping order,  subscribe to as much Disney as we can stomach, and Zoom is now a verb. The power of digital transformation has hit home well and truly.

Of course, there have also been some downsides. Technology has been exploited for mal-use. This year the number of phishing scams and victims of fraud have gone through the roof.

In fact, I can’t remember a year like it for attacks on individuals and businesses. Some company execs say attempts to breach their networks went up by 40% at the start of lockdown.

That’s because the pandemic forced companies, especially retailers, to move online at pace. They needed contactless payment, more comprehensive ranges available to buy online, and extensive delivery models. Some retailers had to work so hard to stay in the game they brought forward their online strategy by years.

This digital transformation has helped us and these businesses survive, but it’s also given hackers more to play with.

For a start there’s more data available to steal, be that company data or personal customer data, and there are more applications being used by companies to connect people to their shop or services, without adequate security in place.

There’s also a large section of society using online services for the first time, and hackers are prepared to exploit their innocence.

Among the most likely type of attacks we’ll see over Christmas are account takeovers using a method called ‘credential stuffing’ whereby automated bots, also known as Grinchbots, are used to carry out cross checks on stolen customer data and login information against that held by e-commerce sites.

If the bots find a match, then hackers can login to steal and use credit card information, gift cards and hard earned loyalty points, or sell the verified data on the dark web.

The abundance in phishing scams over the pandemic have provided hackers with plenty of personal information to test. It’s for this reason, I predict we’ll see a 1,000-fold increase in the use of Grinchbots this holiday season, compared to the 400-fold increase we saw last year.

Predictions are that Black Friday will be the biggest on record taking in the region of $10 billion in online sales, representing a 35% year on year growth. Delivery companies are bracing for grid lock.

Hackers are ready for this frenzy and retailers have to assume that as millions flock online to grab a bargain, hackers will swoop in too. And they won’t stop at account take overs.

They will attempt to steal IP, possibly even illegally obtain pricing info, launch sabotage attacks to take sites offline completely, and block stock by loading up but not checking out shopping baskets. When every sale is crucial, hackers are the last thing retailers need on their back.

So, what’s the answer? In terms of technology, bots work much faster than the human brain so automation, such as the use of big data and crowdsourced intelligence, are the only way to stay ahead of the bad bots that will be deployed at scale.

In short you must have automated systems and processes that can detect anomalies in your website traffic and react in real-time accordingly. Without such methods in place, retailers risk not just a breach, but reputational fall out. At a time when so much is at stake, anything that erodes trust and damages your brand has to be avoided at all costs.

I truly believe that retailers have a chance to make this the Golden Quarter they planned for at the start of the year. But I also believe from bitter experience, that hackers know they can engineer a bumper pay out if they get their tactics right. The trick for retailers will be to find ways to combat the onslaught and come out on top.

Pascal Geenens is director of threat intelligence at Radware.

Related Articles
Get news to your inbox
Trending articles on Opinions

Beware The Grinchbots This Black Friday

Share this article