Stock cyber crime hacking
Cyber crime , hacking Image Credit: Shutterstock

Highlights

  • Potential risks associated with increased online activity rises during seasons of elevated e-commerce transactions. 
  • Study shows malicious bot attacks rise in Ramadan in UAE: bots’ entry into retail sites rises by 45% during festive season.
  • Any type of smartphone or computing device can potentially be “botted.” 

The rise in e-commerce, especially during Ramadan, has also seen a spike in cyber attacks and hacking risks.

One study shows bot activity on e-commerce websites during holiday sales periods goes up by an average of 45 per cent, a trend likely to continue during Ramadan, one of the most celebrated events in the UAE and across the Muslim world.

With the surge in online shopping, and as people look for the best e-deals and discounts, experts warn of a potential rise in malicious cyber attacks. 

According to recent research by Qrator Labs, a distributed denial of service (DDoS) attack mitigation company, during the Ramadan period, bots are more likely to enter retail sites under a "unified client account" and register new accounts en masse for sites offering bonus programmes.

Malicious bots: What are they?
Bots, in general, are autonomous virtual programs that operate as program or user agents.

They are usually created to simulate human activity.

Malicious bots have malign purposes and can be programmed to hack user accounts and are capable of causing vast amounts of damage.

What to watch out for:

The study urged customers to watch out for the following malign bot attacks that could carry out the following:

  • Operate within a customer's basket
  • Steal accounts with active bonus programmes
  • Change customer details — like their delivery address.
  • Distort business metrics
  • Subvert marketing campaigns
  • Slow down site operation (or make in unavailable)

Moreover, retailers possess a lot of consumer data, which could be leaked, traded — or sold on the dark web — causing customers and businesses to be at risk.

Key takeaways:

95% of analysed bot traffic shows that they enter retail sites under a "unified client account" (a mechanism that allows them to use the same email and password).

They also try to register new accounts en masse for sites offering bonus programs and will oftentimes operate within a customer’s basket. 

Accounts with an active bonus program are stolen by hackers, especially those that are used 1-2 times a year, have been recently registered, or lost.

In the UAE, old accounts can fall into the hands of hackers, and when that data is leaked, bots leverage that information to gain account access 1-2 weeks before sales, in order to change customer details like their delivery address, Qrator Labs stated.

What happens you are "botted"

External attackers effectively take remote control over a computer, smartphone, Internet of Things device, or other digital instrument once it is infected or "botted".

In a lot of bot assaults, the bot sneakily gathers data from infected devices, including keystrokes or screenshots, and acquires unauthorised access to data kept on the devices.

Attackers can then access any data a user could be entering into or seeing from an infected device, including passwords and other credentials, personal data, credit card numbers, bank account information, and anything else. Bots can also keep an eye on local networks and intercept any passing unencrypted communications.

Bots can access and infect devices via all the usual "attack vectors" (drive-by downloads, exploiting unpatched flaws and software configuration errors, and deceiving users through social engineering). 

Another study: 250% spike in cyber attacks

Another study shows that cyberattacks increase during Ramadan. According to Semrush, cyberattack searches in the UAE rose by 250% during Ramadan in 2021 compared to the same period last year.

Avanti, a security company, in a blog about Ramadan, also stated: “Cybercriminals don't take holidays off. In fact, they cleverly exploit people's joyful mood for their own purposes. Mobile phishing attacks in particular are tricky and promising.”

“And they are increasingly targeting employees who use their cell phones for both personal and professional purposes. Fraudulent links in messaging apps and social media or manipulated QR codes lure users to fake target pages. The targeted prey: your company data.”

How to protect yourself

To protect against cyber threats during Ramadan, experts recommend the following:

For businesses:

  • Make proactive behavioural analyses
  • Use security services
  • Implement predictive algorithms to stop bots.

For end users:

Ordinary users can also enhance the security of their accounts by doing the following:

  • Change passwords regularly
  • Use different passwords for e-commerce websites
  • Set two-factor authentication
  • Regularly verify account logins through your devices.
  • Keep all software | apps up to date and securely configured.

“High bot activity can overload websites, consumers might not be able to make purchases, and as a result, it could lead to customer churn,” says Maxim Beloenko, Sales Global VP, Qrator Labs.

“The problem may lie deeper than most think. A business has to mitigate risks in any season, but especially during the holiday sales period, when website traffic increases due to ordinary users and is strengthened by malicious bots,” Beloenko added.

“It can be avoided if businesses make proactive behavioural analysis, use security services, and implement predictive algorithms to stop bots,” he said.