Online thieves apparently take a break from work to do their own shopping during the holiday season, just like everyone else.
The number of attacks against sites, especially against retailers, dropped dramatically during the week before and after Black Friday and Cyber Monday, according to data released on Jan. 5 by IBM.
In a study of attacks against its managed services clients, the company found that only 4,200 attacks occurred on average each day in the two weeks around the prime shopping weekend, compared to a daily average of 43,000 attacks for all of 2014. Retailers and wholesalers, however, were the most attacked group in the top–5 industries in 2014, even though those businesses were at the bottom of that list in 2012 and 2013.
For retailers, the data shows a mixed outlook, but the lower total volume of attacks was a surprise, John Kuhn, senior threat researcher with IBM Managed Security Services, told eWEEK.
"Our retail customers are always asking about what they can do to protect themselves during the holidays, and it turns out that—while it makes sense to expect more attacks—the volume is lighter,” he said.
The type of attacks commonly encountered by companies also changed in 2014. In prior years, attackers used malicious code to take control of systems inside a targeted network and then used the infected systems as a beachhead to compromise other targets.
In 2014, attackers primarily used command-injection attacks, such as SQL injection, to find weak spots in online systems. However, during the two weeks around the shopping weekend, attackers switched to password guessing, with unauthorized access attempts rising to account for half of all attacks.
Yet, the number of successful breaches disclosed during the three-day weekend dropped from a high of 22 in 2013 to 10 in 2014. And, while opportunistic attacks had largely subsided by early 2014, the arrival of the easy-to-exploit Heartbleed and Shellshock vulnerabilities brought an increase in scans for vulnerable systems.
For retailers, the data offers little hope of a respite from attacks. While attackers may take time off during the actual shopping weekend, they likely prepare their attacks and attempt to infiltrate systems in the weeks before the busiest shopping days.
IBM noted that the start of the attack and the real damage in terms of data losses occur at different times. While the attack on Target resulted in the theft of payment-card data beginning with Black Friday, for example, the actual attack occurred a month earlier.
For that reason, companies and retailers should have consistent security practices during the critical time, IBM's Kuhn said.
"Make sure you are prepared months before that weekend," he said. "A lot of these companies go into a freeze during that weekend, because they don't want anything to go wrong. So they need to be prepared."
Retailers should limit Internet access, especially to point-of-sale (POS) systems, which are seldom updated and thus may have vulnerabilities. Among other security precautions, an application firewall should prevent command injection attacks and strong passwords should be required to restrict access.