The annual e-commerce fest is upon us again. It should be the time when people are only concerned about the latest bargains ahead of Christmas, but there’s more to think about than that. E-commerce providers, data centres and consumers alike need to take heed by being aware of the fact that it’s one of those times of the year when hackers and scammers are very busy.
C8 Secure writes on its blog, ‘The Current State of Cybercrime; the Role of AI in Cybersecurity’: “Cybercrime is a constantly evolving threat that affects people and organisations of all sizes. In 2022, cyberattacks increased by 38% according to Check Point research, further compounding the growth of 300% seen in 2020, with iGaming and e-commerce businesses being the primary targets. Cybercriminals use a variety of techniques to gain unauthorised access to sensitive information, such as phishing, malware and ransomware attacks. The consequences of these attacks can be devastating, including loss of data, financial damage, and reputational harm.”
Cyber-criminals are increasingly using artificial intelligence technologies, such as generative AI, to carry out their attacks on individuals and businesses. So, in the UK, the Information Commissioner’s Office (ICO) cautioned shoppers to check the privacy and security credentials of any smart technologies they intend to purchase this Black Friday. As the data protection regulator, it is working on new guidance that will be issued in 2024, and it warns consumers that they could be risking their personal data.
Organisations – including e-commerce and m-commerce companies – should also take steps to protect themselves. The Cyberwire reveals that hackers are, for example, exploiting cloud vulnerabilities. A survey for Illumio on cloud security by Vanson Bourne found that 47% of breaches between 2022 and 2023 originated in the cloud.
The most commonly exploited security vulnerabilities included the complexity of applications and workloads, as well as the significant overlap of cloud and on-premise environments. Next is the diversity and wide-ranging number of services that cloud providers offer – such as Infrastructure-as-a-service (IaaS), Platform-as-a-service (PaaS), containers, and serverless computing. Poor visibility over all of these is also cited as an issue, leading to an inability to identify any weakness and to making it harder for them to proactively ensure that cyber-protections are in place. The consequence of this can also be that they have to reactively lock down compromised systems.
The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have warned, too, that ransomware remains a significant concern. They say that since September 2022, Royal Ransomware has targeted over 350 known victims worldwide and the ransoms have exceeded $275m. In an advisory notice on CISA’s website, they comment:
“Royal conducts data exfiltration and extortion prior to encryption and then publishes victim data to a leak site if a ransom is not paid. Phishing emails are among the most successful vectors for initial access by Royal threat actors. There are indications that Royal may be preparing for a re-branding effort and/or a spinoff variant. Blacksuit ransomware shares a number of identified coding characteristics similar to Royal. A previous joint CSA for Royal ransomware was published on March 2, 2023. This joint CSA provides updated IOCs identified through FBI investigations." In its ‘2023 Active Adversary Report for Security Practitioners’, Sophos notes that smash and grab ransomware incidents are becoming more common. The ‘dwell time’ of all attacks has fallen by 44%
year-on-year. In addition to this, there is a 72% all-time drop in the dwell time for ransomware attacks, which saw a dwell time decrease to a media of 5 days. As a result, some cyber-security experts have concluded that ransomware attackers know that detection capabilities have got much better than they previously were. From their perspective, this has necessitated quicker and well-practised attacks. In her Barracuda blog, ‘How AI is changing ransomware and how you can adapt to stay protected’, Anastasia Hurley, Principal Product Marketing Manager for Data Protection, warns: “Attackers of all experience levels can use AI to increase the number of attacks that their organisation can carry out, as well as improve the effectiveness of the attacks and help to fill in the limitations of their criminal organisation.”
She says this means that cyber-criminals can use AI to automate time-consuming activities and optimise existing procedures. She adds that this includes using machine learning to camouflage any attack with any normal activity. An example is hiding data exfiltration within normal traffic, making it more difficult for organisations to detect any attacks and making it more difficult to stop them.
Cyber-criminals can also use AI tools to automate research into their targets on social media, websites, and perhaps even on e-commerce sites. There is no need to manually research a site to collate details because the AI can rapidly consolidate the research from a multitude of sites. This makes for more effective, faster and more efficient phishing attacks while broadcasting the attacks to a greater volume of potential victims.
Gen-AI: more efficient phishing
Gen-AI can also be deployed to write more effective phishing emails – even in a foreign language. Manual attacks can often be detected, due to the poor grammar or typographical errors of the attacker. She warns that “AI is already very fast and effective at crafting effective and accurate phishing messages.” This means that AI can enable cyber-criminals to eliminate these mistakes, making phishing attacks more difficult to spot. AI is being used to uncover vulnerabilities too, and it helps hackers to defeat any safeguards that have been put in place so that they may be exploited.
Attackers can use Gen-AI to write and revise code with natural language prompts, making an attack much easier and faster to execute. With this capability, cyber-criminals no longer need highly experienced staff to build their attacks. Even the most inexperienced engineers can build them, allowing to make more of their most expert people. Subsequently, organisations should expect a higher volume of more sophisticated and effective ransomware attacks. This is because more ransomware attackers of different skill and experience levels are being enabled by the technology.
AI for cyber-defence
Thankfully, artificial intelligence is being used to defend organisations – including e-commerce operations. Tanya Bahrynovska, writing in her blog, ‘AI in Cybersecurity: How Artificial Intelligence is Revolutionising the Fight Against Cybercrime’ for Forbytes, says there are four horsemen of AI-driven cyber-security: Automated threat monitoring, behavioural analysis, vulnerability management and fraud detection. The latter is being particularly emphasised when it comes to e-commerce.
It’s possible to obfuscate cyber-criminals’ attempts to hack into systems or to launch ransomware attacks by putting stringent cyber-security controls and strategies in place, by deploying WAN Acceleration to accelerate data in flight, and by ensuring that air-gaps are created to protect an organisation’s most sensitive data.
Another part of the defence against any potentially successful cyber-attack is to ensure that data is backed up in at least three locations that are widely dispersed from one another. The trouble is that with WAN Optimisation and, to a certain extent SD-WANs, the ability to store data thousands of miles away, to transmit, backup and restore it rapidly, is impinged by latency and packet loss.
WAN Optimisation can’t also handle encrypted data, while WAN Acceleration can. It uses artificial intelligence, machine learning and data parallelisation to mitigate the effects of latency and packet loss – allowing for faster recovery time objectives and recovery point objectives. It permits data to be stored in different parts of the world, and it allows for more accurate Big Data analysis – even at a significant distance. It can also be used as an overlay with SD-WANs to further improve their performance and to significantly improve bandwidth utilisation.
A McAfee Senior Storage Engineer, who works in the cyber-security firm’s Technology Services division and for McAfee Cyber, and who asked to remain anonymous, recently commented about how it improves their transfer of voluminous amounts of data: “What would have taken us a year to transfer - got transferred for us in a week and a half”. The rate of throughput was incredible. PORTrockIT from Bridgeworks is a ‘game changer’. I am a storage engineer with limited networking knowledge. I was able to configure and deploy PORTrockIT in less than 2 hours”.
So, yes, Black Friday could be a security nightmare if organisations and individuals aren’t prepared to fend off the potential onslaught of cyber-attacks, and AI might enable the cyber-criminals. However, it can also forestall them and ensure that data is kept out of their reach. Even when an attack is successful, WAN Acceleration’s artificial intelligence, machine learning and data parallelisation can help e-commerce organisations to avoid any Black Friday blackouts.
WAN Acceleration can enable them to restore their operations more rapidly than they might be able to do with WAN Optimisation or with SD-WANs that don’t have a WAN Acceleration overlay. Even better, this technology can permit them to maintain service continuity, and to analyse e-commerce data more accurately in real-time (allowing for the better personalisation and targeting of products and services to customers).
All this at a time that is one of the most profitable periods of the year – particularly in the US, and in the UK where Black Friday has found a new home. This means that this e-commerce bonanza needn’t be a source of consternation. By stopping cyber-criminals, it could benefit e-commerce organisations and their customers by keeping them safe.