In the wake of the upcoming Black Friday sales period, cybercriminals are targeting customers of apparel e-commerce websites, including fashion, shoes, gifts, toys and jewellery. Consumers looking for deals in these areas during the upcoming weeks are advised to be careful when making online purchases. These are the key findings of a Black Friday Alert 2019: Net Shopping Bag of Threats, prepared by Kaspersky experts, to evaluate what risks consumers may face during the holiday sales season.
Black Friday is arguably the most anticipated retail sales period in the world, when brands offer consumers the largest discounts and promotional offers. At the same time, cyber-fraudsters also consider this period fruitful, to lure people in to fraudulent schemes and steal their money. To understand the extent of fraudsters’ activity, Kaspersky researchers analysed Black Friday threats, including the activities of botnets that distribute banking Trojans – malware aimed at stealing users’ credentials and financial data.
Proportion of e-commerce categories targeted by malware in 2019, by number of targeted brands.
Botnets are networks of computers infected with malware. Depending on the will of the botnet owner, the malware may download additional malicious modules to use for other purposes. Using state of the art technology, Kaspersky tracks the activity of multiple botnets and is able to learn when a particular one is being changed and new abilities added. Recently, Kaspersky researchers observed botnets made of computers infected with malware aimed at intercepting users’ credentials to gain access to leading e-commerce websites and subsequently (in some cases) bank card details, attached to user accounts in particular e-shops. Kaspersky found 15 malware families that were targeting a total of 91 consumer e-commerce sites and mobile apps across the world.
Of those, consumer goods – such as clothing stores, jewellery and toys – appear to be the key focus of financial botnets operators this season, with 28 websites from this category part of the malware families mentioned above. This was followed by the entertainment segment, including movies, music and games (20 sites targeted). Users of e-commerce brands dealing with the travel industry, such as transportation tickets retailers, taxi services and hotels are also in the list of top sites targeted, with 15 popular websites.
Last year the situation was different: the total number of targeted brands was lower at just 67, while the top of the most ‘hunted’ brands was led by consumer apparel, entertainment and consumer electronics websites. This year, only two websites from the latter category were identified as targeted by one of 15 malicious families.
“The growing interest of cybercriminals in getting users credentials of e-commerce brands is easy to understand. In some cases, there are credit card details or loyalty program card details linked with these accounts and getting access to an e-shop account of a user would also mean access to their money. And even if there is no direct financial gain, personal user accounts contain a lot of valuable information that could be used to further target users, such as purchase history or personal information related to a delivery address etc. Such information is highly valued on the underground market and will inevitably find a buyer. However, the good news for consumers is that through simple precautionary measures and remaining vigilant, they can stay safe. We wish everyone a pleasant shopping experience this Black Friday and during the festive season,” said Oleg Kupreev, security researcher at Kaspersky.
To stay safe during the Black Friday period, Kaspersky recommends shoppers:
- Avoid purchasing from websites that appear suspicious or flawed, no matter how great their Black Friday deals are
- Don’t click on unfamiliar links you receive in emails or social media messages, even from people you know, unless you were expecting the message
- Double-check the email address of the sender. If it is not the official brand’s website domain, do not click on the link
- Chose payment processing services that use multifactor authorisation of purchases, if available
- Use a dedicated security solution on your device, with built-in features to create a secure environment for all financial transactions and prevent fraud, such as Kaspersky Security Cloud and Kaspersky Internet Security.
To learn more about Black Friday tricks and scams, visit securelist.com.
Liquid, IS, partner for 5G roll-out to corporate SA
Liquid Telecom has teamed up with Internet Solutions to develop an ultra-fast wholesale connectivity service for enterprises – including telcos
Liquid Telecom South Africa has partnered with Internet Solutions (IS) to provide wholesale 5G connectivity targeted at delivering enterprise services to their existing and potential new customer bases.
The 5G service will provide operators and internet service providers with faster speeds, lower latency and greater capacity, ultimately enabling businesses to deliver richer experiences to their customers.
“Providing IS with 5G wholesale services as an alternative to fibre connectivity, Liquid Telecom South Africa is highlighting how we are delivering on our commitment to the market to continue being the best business network in South Africa,” says Reshaad Sha, CEO of Liquid Telecom South Africa. “Local businesses are adopting technologies like SD-WAN, IoT, and cloud computing, However, these technologies need network connectivity that provides high quality, increased capacity, and greater reliability to ensure optimum performance.”
IS managing executive Dr Setumo Mohapisays the company has evolved its networking model to provide a high-performance hybrid network that aggregates multiple WAN transport services.
“This enables clients to fully utilise all available bandwidth for high availability and total application performance,” he says. “The innovation, flexibility and range of 5G use cases that this offers for different industries such as agriculture, retail, manufacturing, and logistics is boundless. 5G is a core component of our hybrid network and we are extremely excited about the extended capability this partnership with Liquid enables us to offer our clients.
Liquid Telecom is the first to launch a 5G wholesale network service, which it says will “accelerate the building of Africa’s digital future and the digital revolution in South Africa”.
Liquid Telecom is a leading communications solutions provider across 13 countries, primarily in Eastern, Southern and South Africa. It serves mobile operators, carriers, enterprise, media and content companies and retail customers with high-speed, reliable connectivity, hosting and co-location and digital services. This means that it can provide the basis for its clients to offer 5G services to end-users.
Liquid has built Africa’s largest independent fibre network, approaching 70,000km, and operates state-of-the-art data centres in Johannesburg, Cape Town and Nairobi.
IS, which pioneered Internet connectivity in South Africa, is a subsidiary of the Dimension Data Group and part of Japanese telecoms giant NTT. It now leverages its infrastructure and global footprint to support organisations with the rapid deployment of emerging technologies. Still headquartered in South Africa, it has operating offices in Mozambique, Uganda, Ghana, Kenya and Nigeria. It has 82 Points of Presence (PoPs) in 19 African countries and four international PoPs in London, Germany, Hong Kong and Singapore. The company has over 10 000 square metres of data centre space across Africa.
So you think you need a Blockchain?
By CAYLE SHARROCK, Head of Engineering at Tari Labs
It’s 2020, and we’re still in hype overdrive about blockchain. If conventional wisdom is to be believed, blockchain is going revolutionise and disrupt every industry known to humankind.
But does every industry actually need a blockchain? Let’s take an objective look at two of the most aggressively touted use cases for Blockchain to see if it’s all it’s cracked up to be.
Before we do this, let’s remind ourselves about the four pillars of Blockchain technology and what they give you: tamper-evident logs (the blockchain); cryptographic proof of ownership (digital signatures); public accountability (the distributed public ledger); and corruption resistance (proof of work).
If we use these four features as a checklist, we can evaluate any proposed use case of blockchain technology and decide whether the potential is genuine, or whether it’s just buzzword bingo.
There have been hundreds of headlines over the past four years proclaiming how Bank Y will use Blockchain to disrupt the industry. Usually, what they claim is that they can perform interbank settlements at a fraction of the cost of what the incumbent monopoly, SWIFT, provides.
So does Blockchain work for the banking sector? Clearly, tamper detection of the transaction history is a must-have here. What about digital signatures and proof of ownership? Without a doubt. Multiple signatures? The more the merrier.
Bitcoin was conceived as trustless money – and with banks, we have a fairly small community that is heavily regulated, and that do actually trust each other to some degree. Essentially, banks use governments’ big stick instead of proof-of-work to keep everyone honest. This works most of the time. Except when it doesn’t. The 2008 crisis and the 2012 Cypriot haircuts are just two examples.
How about Public Accountability from distributed public records? No, public accountability has never been the banking sector’s strong suit. That means the banks’ ideal “blockchain” is just tamper detection, plus digital signatures. This sounds like a bunch of databases that have tightly controlled access along with strong cryptographic signatures.
The banks actually gave this non-Blockchain blockchain a name: Distributed Ledger Technology. And it’s pretty much what SWIFT already does.
Verdict: Do banks need Blockchain? Nah. They want a cheaper alternative to SWIFT.
Blockchain technology is going to revolutionise the supply-chain management (SCM) industry, we’re told. BHP Billiton was one of the first large companies to announce in 2016 that they were implementing Blockchain for their core sample supply chain. We’ve heard similar stories about the diamond industry.
Whether you think a proof-of-work Blockchain makes sense for SCM is really secondary to the challenge of The Oracle problem: blockchains are brilliant at letting you know when data in the system has been compromised. But they have zero sense whether that data is true or not.
The Oracle problem arises whenever you need to bring the concept of truth, or providence from the real world into a trustless system like Blockchain. How does the core sample data get onto the blockchain ledger? Does a guy type it in? Does he never make mistakes? Can he be bribed to type in something else? If it’s a totally automated system, can it fail? Be hacked?
Maybe we solve this by having two systems running and we compare the results. Or three. Or four. Now we have the problem of having to ship our samples to different labs around the world and be sure they weren’t tampered with in transit. If only we had a blockchain-based SCM system to secure our blockchain-based SCM system …
Verdict: The Oracle problem is really hard, and torpedos a lot of tangible good-based blockchain proposals.
So, back to our original question: do you need a blockchain? Ultimately, the future of blockchain applications (beyond money) lies in whether the benefits of having a decentralised, public record secured by proof-of-work outweighs its costs. There are plenty of really encouraging use cases emerging – think ticketing, for example, or trading in any digital assets. But for most industries, the jury’s still out.