This holiday season, hackers are using the surge in online shopping to launch cyberattacks on small e-commerce businesses. Hackers are targeting small businesses because: (1) they rarely spend money on security systems and (2) they are using a few computers to operate their online stores. This makes it easier to target the administrator account with all the valuable client information.

Social Engineering: Impersonating A Customer To Deceive Small Business Owner

Exploiting the surge in online spending during December holiday spending, hackers are sending emails to the small business owner pretending to be a customer who has paid for an order, but has yet to receive the product. The hacker claims there were problems at the post office and asks the owner of online store to fill out a document with details (sender information, tracking number, and so on).

The email contains a link to a file hosted on Google Docs. Clicking the link starts the download of an archive, which contains a malicious file — in this case, one with a Microsoft Excel extension (.xlsx). This Excel file contains a script that downloads and runs an executable file from a remote service — the banking Trojan DanaBot. This malware has a modular structure and can download additional plugins that enable it to intercept traffic and steal passwords and even cryptowallets.

Hackers Are Evading Cyber Security Solutions

Even the few small e-commerce businesses that have cyber security solutions in place are being successfully hacked. The emails contain nothing malicious. They are a few paragraphs with text and a Google Docs link. Automatic spam filtering and email security solutions are not programed to stop these sorts of emails because they are not considered spam, phishing or contain malicious documents.

Let’s recap how hackers are targeting:

  1. Hacker targets small online retailers due to increased spending in December and lack of security systems in place
  2. An email is sent to business owner posing as a client who has not received product
  3. The email contains a Google Docs link
  4. Clicking link automatically stars download of a malicious Microsoft Excel file and runs executable banking Trojan Danabot
  5. Danabot intercepts traffic and steals information like passwords and cryptowallets

CyberQuay’s CDR Solution Would Detect This Threat

CyberQuay’s CDR solution would detect and disarm the malicious file before it is downloaded into the small business owner’s computer. This means that the Microsoft Excel file, which contains a malicious script, would be scanned and the malicious script would be disarmed. Click here to learn more about our solution and stay protected from all incoming file threats.