While the upcoming Lunar New Year holidays will once again herald shopping sprees and good deals for consumers, it also marks a time when businesses face increased vulnerabilities. Fluctuations in staffing and business operations, combined with the inherent distractions of the Lunar New Year holidays, create an opportune environment for cybercriminals to exploit potential weaknesses.
Online retail platforms and chat group transactions will play a critical role in consumers’ shopping experiences during the Lunar New Year holidays. Singapore, the Philippines, Thailand, and Vietnam have particularly seen a 50% surge in online retail usage over the past two years.
At the same time, mom-and-pop stores continue to shift to modern trade channels such as online stores to boost their sales. However, retailers’ increased digital presence has not only opened new avenues for business growth, but also created opportunities for eCrime actors to launch malicious campaigns, ranging from payment-system attacks to data theft. These retailers are attractive targets due to limited resources, and minimal cyber security expertise.
Based on recent data, access brokers - which gain and sell access to organizations to smoothen how cybercriminals carry out their e-Crimes - are especially active during the holidays. Not surprisingly, the retail sector ranked among the top sectors when it comes to intrusion frequency in Asia Pacific & Japan (APJ) according to a recent report.
These data breaches come with far-reaching consequences, including regulatory penalties, reputational damage, and operational risk. Take the case of Singapore’s online shopping cashback giant ShopBack, which faced hefty fines following a data breach that compromised the data of over one million customers.
How then should retailers and businesses stay one step ahead of adversaries, have peace of mind, and make the most of the Lunar New Year holidays?
Prioritizing identity protection
Amid the flurry of Lunar New Year festivities and promotions, adversaries will naturally attempt to steal and use the credentials of both businesses and consumers. The same report showed that Kerberoasting attacks - a form of identity-based threat - ballooned by 583% year on year. Dark web advertisements on access brokers - who gain and sell access to organizations for e-crime activities - jumped by 147%. The report data also revealed that access broker activity spiked in the weeks leading to Christmas and New Year, with attacks targeting high-profile organizations and entities in Southeast Asia rising to 416 in November from 357 in the previous four weeks.
This region is all too familiar with data breaches targeting big public and private organizations, including attacks on luxury retailer Cortina Watch in Singapore.
Against this threat landscape, the onus falls on business leaders to train staff not to share credentials in support calls, emails, or tickets. Businesses should refrain from making IT contact details public on their websites as this may only aid adversaries in their impersonation efforts.
During scheduled Lunar New Year department shutdowns and IT changes, it is advisable to keep the details private and refrain from posting them on social channels. It is also good practice to use a VPN when carrying out business functions in another destination, as wi-fi services in resorts and hotels are likely unprotected and shared among a whole bunch of people outside the organization.
Ensuring protection for cloud infrastructure
The accelerated use of cloud infrastructure among retail businesses over the years has resulted in bigger digital footprints. Mapping out assets can help organizations better identify areas of exposure. This will allow security teams to address security gaps proactively before the adversaries come up to their door.
Adversaries are aggressively targeting cloud infrastructure for their attacks. In 2022, the number of observed cloud exploitation cases grew by 95% year on year. They tap on techniques to compromise critical business data and applications in the cloud. It is recommended for corporate networks to not utilize the mega sync function for data exfiltration and upload large amounts of data into the cloud to minimize cases and impact of cloud breaches.
Getting to know the enemy
In May 2023, scammers posing as Shopee employees deceived victims into participating in a fraudulent shopping survey on WhatsApp and Telegram in Singapore, resulting in losses exceeding S$750,000. Even when attacks are directed towards consumers, businesses face reputational damage when adversaries take their guise to carry out e-crimes.
As retailers carry on with Lunar New Year holiday sales events and promotional activities, adversaries will exploit this busy period to mimic and launch attacks. Organizations should particularly watch out for websites or newly created domains that imitate their business. Leveraging threat intelligence that provides information about the latest threats and adversaries targeting specific industry sectors helps organizations to understand the nature of cyber risks. Meanwhile, threat hunting exposes what’s happening within an organization's network that may be hidden from security teams.
Cybersecurity is not just a seasonal concern
The best way to manage cybersecurity risks and threats is to adopt modern security solutions and to ensure that an organization has a ‘security first’ mentality so all employees remain vigilant. Though practicing vigilance may not be enjoyable in the beginning, it will eventually become second nature as it develops into muscle memory.
The Lunar New Year holidays are only a reminder for retailers to keep their guard up. Ultimately, regardless of whether there’s an upcoming holiday or not, businesses should be proactive in looking out for threats and refining their cybersecurity strategy. Conducting tabletop exercises, raising awareness, and providing employees with cybersecurity training are essential steps in strengthening defenses and safeguarding organizations during the holidays and throughout the year.
