Throughout the year, SonicWall tracks cyber threats around the clock. But the holiday shopping season — specifically the days around Thanksgiving — is anything but typical.
During this nine-day window, cybercriminals plan and execute cyberattacks, even before the early hours of Black Friday. They systematically build malware, ransomware and phishing campaigns to prey on busy holiday shoppers.
For the 2018 holiday shopping season, SonicWall Capture Labs threat researchers focused on the three key shopping days — Black Friday, Small Business Saturday and Cyber Monday — that anchor Thanksgiving week in the U.S.
At a macro level, malware attacks dipped in 2018, while ransomware, phishing and cryptojacking attacks all increased significantly. Over the nine-day Thanksgiving holiday shopping window (Nov. 19-27), SonicWall customers faced:
- 91 million malware attacks (34 percent decrease over 2017)
- 889,933 ransomware attacks (432 percent increase over 2017)
- 45 percent increase in phishing attacks compared to the average day in 2018
Malware Volume Dips for Holiday Shopping, Still Trending High in 2018
Malware data trends represent one of the best indicators of cybercriminal tactics and big-picture strategies. After a relatively down 2016, malware volume surged in 2017 to record levels, increasing 18.4 percent, as published earlier this year in the 2018 SonicWall Cyber Threat Report. Through October 2018, malware attacks were already up 44 percent year to date.
However, U.S. malware attacks were actually down, across the board, during the Thanksgiving holiday. This moderate decline in the use of malware includes a 47 percent drop on Cyber Monday and a 40 percent decrease on Black Friday, the two biggest shopping dates of the season.
This regression likely signifies that criminals are narrowing the focus to the most profitable types of attacks, such as ransomware, which spiked during the 2018 holiday shopping season.
Malware attacks dipped on each of the major shopping days in 2018, but overall malware volume has nearly doubled 2017 year to date.
As Black Friday Shoppers Stay Online, Ransomware Climbs
A decades-old tradition, Black Friday used to be the biggest shopping day of the year. But even with the emergence of Cyber Monday, more and more consumers are doing their Black Friday shopping online and not in brick-and-mortar stores.
According to Reuters, online sales surpassed $6 billion on Black Friday in the U.S. — a 23 percent jump over last year. Conversely, sales at physical retail locations dropped 4-7 percent.
And, predictably, cybercriminals were waiting. SonicWall Capture Labs threat researchers recorded 28 times more ransomware attacks on Black Friday compared to 2017. In November, the infamous Cerber ransomware variant was the most prevalent, representing 76 percent of all ransomware attacks.
Each major shopping day saw triple-digit jumps over the same dates in 2017. Interestingly, ransomware attacks on Small Business Saturday — likely bleed over from Black Friday — were up 919 percent over 2017.
From a volume standpoint, Cyber Monday only trailed Black Friday in total attacks, further signifying shifting cybercriminal strategies that focus on more than specific shopping days for better success. These trends continued upward for the Tuesday following Cyber Monday as well.
Ransomware attacks were up across the board for Black Friday and Cyber Monday.
In January, SonicWall Capture Labs threat researchers will analyze data and publish findings from the entire shopping season to help the industry better understand cybercriminal strategies and their shifting behavior patterns.
This cyber threat intelligence will also serve as a precursor to the 2019 SonicWall Cyber Threat Report, which will be published early next year.