Connect with us

Hi, what are you looking for?



Cybercriminals Celebrate the Holidays

Whether It’s Stealing Your Information or Selling it Online, the Holidays are a Bonanza for Cybercriminals

Whether It’s Stealing Your Information or Selling it Online, the Holidays are a Bonanza for Cybercriminals

The joy of the season, at least as expressed through the growing dollar volume of Black Friday and Cyber Monday online sales, was huge this year.  Final numbers aren’t yet available, but according to Salesforce, U.S. sales exceeded $8 billion while Adobe Analytics expects that number to be closer to $9.4 billion in U.S. online orders. Either way, the total would represent a new record.

But the surge in bargain hunting and online buying isn’t just limited to traditional holiday shoppers.  It is also a bonanza for cybercriminals whose own sales and purchases of contraband on the dark web mirror the one-day-only specials of their consumer-facing counterparts.  

How do I know that?  My company’s primary mission involves peering around the digital shadows of the internet that most people never see – variously known as the Dark Web or the Deep Web – to determine whether a client’s credentials, credit cards, or other high-value data have been stolen and offered for sale through online black marketplaces.  And the volume of contraband material available is huge. 

Act now!

Take, for example, BriansClub, which specializes in the sale of stolen credit cards and other financial information.  In October, the site offered customers who spent $500 or more in the shop a Black Friday bonus and eligibility for special discounts.  We suspect that this largesse was an attempt at public relations to win customers back after experiencing some bad publicity that followed an attack on the site’s data center which exposed 26 million credit and debit cards.  

Like their above-ground counterparts, cyber criminals are always on the outlook for good deals.  And as vendors of contraband, they use many of the same tools to attract customers as legitimate businesses.  For example, BlackHatWorld is an online forum for members that focuses on black hat search engine optimization strategies and other dark marketing tactics to attract prospective buyers to their marketplace.  Those members, in turn, use the forum to track news about other deals that they come across.  In fact, there are so many members clamoring for others to follow a particular thread, that clandestine forum moderators often intervene in an attempt to impose order on the shopping chaos.  

Advertisement. Scroll to continue reading.

Black Fridays

Display advertising using high profile banners also proliferate around the holidays, drawing attention to dark web Black Friday deals.  One marketplace, UnderMarket 2.0, boasts a variety of goods including stolen credit cards, counterfeit products, and drugs.  During the Black Friday/Cyber Monday weekend, its deals typically include bargains like 30 percent off everything with extra discounts available for buyers who spend more than $2,000.  

Not surprisingly, the volume of dark web traffic reaches a peak on Black Friday but continues through the holiday season and beyond.  By tracking across chat messages, forum posts, and other dark web pages, we have found that mentions of Black Friday spike sharply in the days immediately after U.S. Thanksgiving.  But the Black Friday concept has now grown beyond its calendar limits.  The term has become so widely understood as a synonym for bargains that we have seen “Black Friday” sales pop up well outside of the winter shopping season. 

Better tools

Dark web vendors are usually, and appropriately, associated with the sale of stolen credit cards and other illegal products.  But even when they’re not offering wares for sale, Black Friday can also be an opportunity for cybercriminals to improve the tools of their trade.  Discounts are frequently available on SEO kits, on HTTPS proxies, and virtual private network services – all of which can be used to trick and defraud unsuspecting targets.  For example, a black hat SEO strategy coupled with backlink software could allow cybercriminals to push malicious websites higher on Bing or Google searches, drawing much larger audiences.  And those tools can be used all year long.  

So, what are businesses to do in order to remain safe?  First of all, it’s important to understand that nothing is perfectly secure and that the techniques of cybercriminals will continue to evolve and become even more difficult to evade as time goes on.  That said, however, here are some guidelines which can narrow the opportunity for becoming a victim. 

• Be diligent about your supply chain: Point of sale (POS) devices are prime targets, so make sure they are protected and monitored regularly for suspicious activity. Besides POS devices, don’t forget about third-party vendors such as your HVAC vendor, IT services, third-party software, etc. Have a defined supply chain onboarding process to include a robust vendor review, implement least privilege access, ensure there are strict security controls, and remember to revisit every step on a regular basis or if the scope of the vendor partnership changes.

• Use payer authentication and validation: Requiring card verification numbers (CVNs), using an address verification service (AVS), or using a 3-D Secure payer authentication service can help reduce the use of stolen credit cards.

• Monitor dark web forums and marketplaces for mentions of your company: The presence of your company domain on a criminal forum is a good indication you are being targeted by credential stuffing tools.

• Use anti-CNP (Card-Not-Present) tools to validate transactions: Device fingerprinting, customer history, velocity monitoring, and negative lists (in-house or shared) are all valuable tools to disrupt fraudsters.

• Plan ahead and stay one step ahead of cybercrime: Have a process in place to handle compromised customer accounts, be prepared to deal with extortion scenarios, and use threat intelligence to track actors and understand their threat level.

Enjoy your success this holiday season, but take these steps to avoid sharing the joy with cybercriminals.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...