• Enhalo
  • >
  • 360 Security
  • >
  • Black Friday Cyber Security – Attackers Are Waiting In The Shadows

Black Friday Cyber Security – Attackers Are Waiting In The Shadows

On every Black Friday, as with any global event that may become a commonality across many countries, attackers are waiting in the shadows to leverage the chance to attack unsuspecting people.


Cloud jacking, phishing and social engineering are all emerging as big cyber security threats in 2020 and certainly in 2021 and beyond. All because of companies and individuals’ dependence on cloud computing and remote working.


During COVID-19, we’ve seen scams around PPE and other relevant topics which people react to as they are curious and wish to be in the know about current events.


Cloud jacking, or cloud account hijacking happens when a private or an organisation’s cloud account is taken, hijacked or appropriated by an attacker.
During COVID and Black Friday, cloud account hijacking is now a typical attack tactic in identity theft. The social engineering attacker ads the stolen account in their attack chain using gathered information alongside a live account to conduct the malicious or unauthorised activity.


These accounts could be PayPal, eBay, Amazon, Office 365 accounts – anything of use to the attacker which can be used to steal money or other credentials.

As we become more reliant on the cloud and services offered by providers, access to those services become vital elements in controlling these resources. The access control systems that provide substantial access control and multi-factor authentication (MFA) capabilities are commonplace. There’s no excuse not to use strong authentication personally and within the corporate environment. If it’s available, this defence is healthy and helps in preventing cyber attackers from taking over accounts.

Case Study – Compromised Account

In October 2020,  a midsize company called us for advice when one of its senior staff members wasn’t receiving email. 

On close inspection, we discovered that this person’s Office 365 account had been compromised.

The attacker got access to the account and redirected the e-mail into a folder that the user did not know about.

The attacker logged in from Nigeria, then from Miami in the US, then from Ontario and was constantly sending emails to over a 1000 of the user’s contacts in an attempt to persuade them into a compromising situation as well.


After running PowerShell scripts and over eight hours of labour, the user’s mailbox, and everyone else affected were sorted out and communicated with.

But, the likelihood that some of the 1000+ people clicked on something is big, and thus the compromise chain lives on and on with the online web of connections.

If the user was using MFA, this would have made things tons harder for the attacker. 

Limit The Possibility of Cloud Jacking this Black Friday

The cloud jacking attack method will be prevalent during Black Friday because the lure of deals will get us all clicking.


It’s so competitive within the hacker community that some hackers even resort to ‘malvertising’ – they buy legitimate adverts to advertise to people during global events such as Black Friday to entice them to click their malicious links.

Why Do People Still Not Use Multi-Factor Authentication?

The main reason for the low adoption of multi-factor authentication (MFA) in 2020 remains the poor understanding of its protection, and therefore, the requirement of this defence for all applications and devices that we use. 

The essential fact is, if you have a username and password/PIN, then that ought to be followed with a further factor of authentication.


Use a combination of something you’ve got – a device, tool or token plus something you know like a date and a password plus something you are, like a fingerprint or facial scan. All three – the ‘got’ + the ‘know’ + the ‘are’ –  together result in strong authentication.

It would be best if this authentication is continuous. Once the first check was done to authenticate you and allow you through the gate, ongoing checks must keep happening to ensure that you are still the one that was identified that first time.

Continuous Authentication

The industry is evolving to adapt to continuous authentication to defend against the next level of attack – session hijacking.

Companies like 8sense is exploring contextual, continuous authentication which will detect if the authorised person is in front of the console, app, device and platform plus behavioural elements to detect cameras taking photos of data once authenticated.

This Black Friday, cyber criminals will use cloud jacking to trick users, admins and c-levels into gaining access to cloud resources through the hijacking of accounts. Enabling MFA, makes this much harder to accomplish.

Additionally, this layer of defence should be applied everywhere a username and password or PIN is used – all devices, applications, websites. Anything that’s accessed only with username, password and or Pin, needs that extra level of protection to keep the resource safer, because the cloud basket is straightforward to compromise, if not protected.

If you’ve got all of your data and resources in one place, the danger of losing everything is even higher:

  • make sure you have a restorable backup
  • bundle your MFA with encryption for the critical data
  • create an additional layer – use different credentials with your MFA for sensitive information
  • don’t only use the one cloud vendors’ Native solution as this is often tied to the credential that gets compromised

Native Defence Gets Compromised More Often

The native defence gets compromised more often than something that’s mainstream. In the cloud the large vendors that are mainstream can get hacked, it’s guaranteed, and when that happens, and you do not have the best defences, the once that suffer the losses are the folks that use the systems. 

The large vendors have good lawyers and sophisticated policies, and therefore, the argument will be that you simply didn’t turn something that was indeed available.

Therefore, take matters into your own hands and defend yourself and your company in the cloud. Ultimately, if the cloud is breached, your reputation and your clients/employees, information is what you’re responsible for.

If “the safety” isn’t turned on by default, it’s not a secure platform.

Saying that it is the customers’ and users’ responsibility to keep data safe, won’t hold water with the regulators and thus the law. So, it is vital to gain the knowledge, switch on the defences and use the tools appropriate to limit the damage of cloud jacking. It’s about managing the cyber risk and limiting the possible damage.

Black Friday, What Can We Do To Be Safe?

• Be careful what you click
• Only visit reputable websites that you have browsed before and make sure you use services that you can trust
• Check the certificate on the websites
• MFA every time
• If you’re not expecting an email from a supplier or friend,  phone them
• If you do not trust a link but still want to browse the website, check the validity of the link on a mainstream search engine 

Be safe online this Black Friday and the festive season ahead, be careful what you click on and double-check the sites you visit.

Desperate people do desperate things, and today its easy pickings as digital integrity is tough to validate.

Gerhard Conradie Co-Founder and Global Head of Solutions Architecture at Enhalo
Gerhard Conradie

Gerhard, Co-Founder and Global Head of Solutions Architecture, sees quality staff as the most important asset to any business, and believes that giving them the space to grow as much as they are willing and able to, motivates them to grow Enhalo as well.

Supply Chain Threat Detection

Cyber criminals have upped their game, so should you. We never underestimate or ignore your supply chain's security threats.

Security Operations Center

Financial losses, intellectual property theft, and reputational damage due to security breaches can be prevented.

SOC Assurance Service

Despite a mature Security Operations Center, you're still under threat. Our SOC Assurance mitigates the risk of unnoticed breaches.

Emergency Cyber Response

Regain immediate control, contain the damage, and eradicate the threat. Your bullet-proof, SOS rapid response.

Agentless Network Segmentation

Rely less on vulnerability management and rest assured that the threat won’t spread across your network.

Cyber Risk Assessment

Understand how vulnerable you are. We identify your threat sources and calculate your risks – likelihood and impact.

Endpoint Detection and Response

This solution is for customers that do not have extensive security budgets or staffing to implement and monitor an endpoint security solution.

Irregular Behavior Detection

Companies focus heavily on malicious outsider mitigation, while the biggest threat lies with those who already have access.

Penetration Testing Services

A penetration test is arguably the most important part of any cybersecurity journey, it tests an organization’s ‘final line of defense’ against attackers.

Security Awareness Training & Testing

With cybersecurity awareness training, the risk of human error can be reduced, turning human error into a human firewall.

Insights

360 Security
Must Know Cyber
Security Services

Resources

WEBINARS
MEDIA
SON OF A BREACH
CASE STUDIES
USE CASES

Cyber Security Services

Supply Chain Thread Detection
Security Operations Center
SOC Assurance Service
Emergency Cyber Response
Agentless Network Segmentation
Cyber Risk Assessment

Supporting Cyber Security Services

Endpoint Detection and Response
Irregular Behavior Detection
Penetration Testing
Security Awareness Training and Testing

Related Posts

Cyberattack Emergency

Are you experiencing an active cyberattack?

Get rapid response.

Call ENHALO’s International SOS no:
For Other Inquiries: