December 24, 2018updated 18 Jul 2019 11:02am

Foiling festive cyberattacks: “Home Alone” tips to stop holiday hackers

By Tom Kellerman

Crime of all kinds increases during the holiday season. The phenomenon was immortalised in the 1990 Christmas film classic ‘Home Alone,’ where 8-year-old Kevin McCallister defends his family home against persistent would-be burglars, “The Wet Bandits.” 

The fashions may have changed but, for criminals, theft never goes out of style. Instead of targeting homes in a suburban neighbourhood, today’s cybercriminals now focus on gaining access to digital properties and making away with valuable personal details and financial information.

The holiday season sees a sharp uptick in cyberattacks. Last year, Carbon Black’s Threat Analysis Unit (TAU) reported a 57.5% increase in attacks on endpoints over the holiday period and we expect that to rise to 60% this year.

As cybercriminals kick off what’s arguably their peak season, let’s return to our festive film to see how tactics used by burglars Harry and Marv are replicated in the online world, and how individuals and businesses can protect against them:

Taking advantage of distraction

As the McCallisters rush around preparing for their holiday, their security defences are low. They overpay the pizza delivery guy and burglar Harry walks in to case the joint unchallenged, pretending to be a police officer. In a similar way, cybercriminals take advantage of the fact that everyone tends to be less vigilant during the busy run-up to the holidays.

Many companies are experiencing their busiest period and at the same time security teams may be operating with fewer staff due to scheduled leave. This increases vulnerability and makes networks a tempting target for malicious actors.  

Impersonation and social engineering

Harry poses as a police officer to scout the neighbourhood, engaging with unsuspecting homeowners who naively answer his questions about when they’ll be away. Spear phishing emails rely on the same tactic. By impersonating emails from authoritative sources that the user may be expecting, such as parcel tracking updates or messages from trusted colleagues, they increase the chances that the recipient will click on infected links and launch the malware payload, or share private information.

In both cases, criminals use human weaknesses to gain the advantage. A human problem requires a human solution, and that means improving vigilance and being aware of the ways that threat actors try to trick us into doing what they want.

Stay vigilant

Be alert to phishing emails which, according to data from CBTAU are the most popular attack vector for malware. Look out for the tiny alterations in email addresses and domain names, such as a letter replaced by a number, or an additional character.

If an email asks for personal and/or financial information, always double-check that the source is authentic – however busy you are. This applies equally to work-based communications; that email from the Head of Finance asking you to move funds or respond with privileged information should always be confirmed via other channels before you take action.

Shop securely

Of course, the holiday season is the prime shopping period. The convenience of online shopping is balanced by the risks of sharing banking details online, but there are some sensible precautions that can keep your information safe.

First, tempting though it might be to do your shopping on the move as you try to save precious time, avoid using public WIFI for anything involving payments. Anyone with a little computer acumen can see and steal the data you share. Secondly, make sure that you use credit, rather than debit cards, as these offer the best liability protection against fraud.

Trust your instincts

A healthy dose of scepticism about deals that look too good to be true is useful when it keeps your credit card details safe. Make sure you shop with brands that you trust, via secure websites that include “https” in the URL (not just http), so you know communications between you and the site are encrypted.

And if a random website is offering an 80%-off deal on this year’s must-have toy, there’s a good chance they’re just looking to get their hands on your credit card information.

When it comes to keeping the bad guys out, you need to strengthen your defences to become a harder target. Make updates to all software on your computer, make sure you are using the latest version of your browser and make all your online passwords truly random and unique.

Hunt out signs of intrusion

Our ‘Home Alone’ burglars wanted to become famous as “The Wet Bandits,” leaving taps turned on as a calling card in the houses they hit. While cybercriminals who attack businesses are generally more concerned with avoiding detection, the signs of intrusion are there if you look for them. Put threat hunting on your department Christmas list this year and you can start to proactively identify the attackers who have already gained a foothold inside your network and start work on neutralising them. 

Criminals will always seek to use the cover of major calendar events to pursue their illegal ends but, like Home Alone’s Kevin, by staying vigilant, being sceptical and strengthening both reactive and proactive defences, you can improve your chances of defending your property and staying safe online this holiday season.