Retailers Brace for AI-Powered Bot Attacks During Holiday Shopping Season, Hackers Exploit Old Avast Driver to Deliver Windows Malware and Starbucks Turns to Manual Pay After Ransomware Attack on Scheduling Software
This is Cyber Security Today. I’m your host, Jim Love
Retailers Brace for AI-Powered Bot Attacks During Holiday Shopping Season
Retailers are gearing up for a surge in AI-enabled bot attacks as the holiday shopping season begins. These sophisticated bots threaten to disrupt online shopping by making fraudulent purchases, exploiting security vulnerabilities, and stealing customer information, potentially leaving consumers struggling to find gifts
AI has significantly advanced the capabilities of malicious bots, enabling attackers to automate and scale their operations:
Fraudulent Purchases: Bots quickly buy up high-demand items like sneakers and electronics, often for resale, frustrating consumers.
Security Exploits: Bots scan retailers’ networks for vulnerabilities, creating entry points for ransomware or other destructive attacks.
Account Takeovers: Automated bots use stolen credentials to gain control of customer accounts, often bypassing traditional defenses.
Research from Imperva found retail websites experienced over 560,000 AI-driven attacks daily between April and September. A third of these were business logic abuses, manipulating prices, discount codes, or bypassing security protocols, while another third were distributed denial-of-service (DDoS) attacks, overwhelming websites to cause outages.
The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) reports a sharp increase in bot activity during the holiday season. “It intensifies during the holiday season,” said Lee Clark, manager of cyber threat intelligence at RH-ISAC, as cybercriminals exploit the high traffic and reduced visibility of their activities.
A VikingCloud survey revealed 52% of retailers feel more vulnerable to cyberattacks during the holidays, with threats extending beyond websites to third-party vendors. “If key suppliers are vulnerable, the fulfillment of orders may be more challenging,” said VikingCloud’s chief product officer, Kevin Pierce.
Retailers face a delicate balance between security and user experience. Measures like multi-factor authentication or purchase limits can deter bots but risk frustrating customers. Information sharing across the retail sector is crucial to identifying and blocking malicious domains and IP addresses used in attacks.
With just 20% of companies reporting confidence in their defenses against high-volume AI bot attacks, the retail industry is racing to adapt. As AI-driven threats evolve, collaboration and proactive defenses are critical to safeguarding this year’s holiday shopping season.
Hackers Exploit Old Avast Driver to Deliver Windows Malware
Cybersecurity researchers at Trellix have uncovered a new type of Windows malware, dubbed “Kill Floor,” that leverages an old Avast Anti-Rootkit driver to infiltrate PCs. This kernel-level malware disables critical security systems, allowing attackers to take over the computer and execute malicious processes.
The malware begins by deploying a copy of the legitimate Avast driver, which grants it kernel-level permissions—the highest level of access within an operating system. By exploiting this trusted driver, hackers bypass many of the usual security defenses, making their malware harder to detect. Once installed, the malware disables key security features and runs processes to gain control of the machine.
Kernel-level software, while useful for legitimate system operations, poses significant risks when compromised. It can provide attackers with near-total control over a system, as seen in this case. Similar issues arose this summer when a faulty kernel-level update from CrowdStrike caused widespread outages, prompting Microsoft to review its policies on kernel access.
Trellix identified key signs of infection. If you see kill-floor.exe on your system or locate ntfs.bin in the C:\Users\Default\AppData\Local\Microsoft\Windows folder, your computer may be compromised. Unusual behavior, unexplained downloads, or the appearance of new processes are also potential red flags.
This attack underscores the risks of kernel-level vulnerabilities. As hackers continue to exploit legitimate tools for malicious purposes, companies like Microsoft are reviewing how kernel access is granted to prevent similar issues in the future.
For now, users are advised to remain vigilant, keep systems updated, and take proactive security measures to stay protected.
Starbucks Turns to Manual Pay After Ransomware Attack on Scheduling Software
Starbucks is manually paying its baristas following a ransomware attack on Blue Yonder, the third-party software provider it uses to manage employee schedules. The outage forced the coffee chain to revert to manual processes to ensure workers are compensated accurately, according to Starbucks spokesperson Jaci Anderson.
Blue Yonder, an Arizona-based cloud services provider for major corporations, was hit by ransomware last week. The attack has disrupted operations for multiple companies, including two of the UK’s largest grocery chains and automaker Ford, which is investigating potential impacts. Blue Yonder’s services are critical for supply chain and workforce management, leaving affected companies scrambling for workarounds.
Starbucks assured employees they would be paid for all hours worked, with local managers stepping in to handle schedules manually. “Store leadership have advised their employees on how to work around the outage,” Anderson said.
Blue Yonder has engaged cybersecurity firm CrowdStrike to assist in recovery but has not disclosed which clients were affected. In a statement, the company said it is “working around the clock to respond to this incident.”
Ransomware attacks, which lock victims’ systems until a ransom is paid, are increasingly targeting large organizations during critical periods like the holiday season. In 2023, ransomware extorted a record $1.1 billion globally, according to crypto-tracking firm Chainalysis. A study by Semperis found that 86% of surveyed organizations facing ransomware were attacked during holidays or weekends, when defenses are often weaker.
Broader Challenges
This disruption adds to the challenges faced by Starbucks’ new CEO Brian Niccol, as the company grapples with declining sales across three consecutive quarters. The attack also highlights the vulnerabilities in reliance on third-party providers, especially during peak periods like the holiday shopping season.
That’s our show for today.
You can find links to reports and other details in our show notes at technewsday.com. We welcome your comments, tips and the occasional bit of constructive criticism at editorial@technewsday.ca
I’m your host, Jim Love, thanks for listening.