As e-commerce activity surges during Ramadan, cyberattack risks have also spiked, according to experts. During holiday sales periods, bot activity on e-commerce websites goes up by an average of 45%, a trend that is likely to continue during Ramadan, which is one of the most celebrated events in the UAE and the Muslim world. This has prompted concerns about the potential rise in malicious cyber attacks, especially as people look for the best e-deals and discounts online.
A recent study by Qrator Labs, a distributed denial of service (DDoS) attack mitigation company, found that during the Ramadan period, bots are more likely to enter retail sites under a “unified client account” and register new accounts en masse for sites offering bonus programmes. The research also revealed that 95% of analysed bot traffic showed that they enter retail sites under a “unified client account,” which allows them to use the same email and password. Additionally, bots operate within a customer’s basket and try to register new accounts en masse for sites offering bonus programs. Hackers tend to steal accounts with active bonus programs, especially those that are used 1-2 times a year, have been recently registered, or lost.
According to Qrator Labs, in the UAE, old accounts can fall into the hands of hackers, and when that data is leaked, bots leverage that information to gain account access 1-2 weeks before sales in order to change customer details, such as their delivery address. This raises concerns about the potential damage that bots can cause once they have gained access to customer data, including personal data, credit card numbers, bank account information and anything else a user enters into or sees from an infected device.
Bots can access and infect devices via all the usual “attack vectors” such as drive-by downloads, exploiting unpatched flaws and software configuration errors, and deceiving users through social engineering. Once the device is infected or “botted,” external attackers can take remote control of it and gather data from it, including keystrokes or screenshots. They can also keep an eye on local networks and intercept any passing unencrypted communications.
About Author
