Threats to the e-commerce industry have increased in the last year as multiple threat actors have complicated their attacking tactics, tools and procedures in order to gain higher efficiency and quick profit. The following report will cover the major threats in the upcoming holiday season and provide critical information and mitigation steps. Over the course of time, a trend that started in the United States has been adopted across the globe.It is the Friday after Thanksgiving, called Black Friday.

Over the past weeks, Elon Musk’s purchase of Twitter has drawn the attention of people worldwide, even those who are not using the platform. One of many ideas Musk had while purchasing Twitter was to allow users to pay $8 per month and receive the blue check mark. Until this decision, only verified celebrities, companies, and journalists by Twitter, received the mark and it helped fight against fraud and identity theft incidents.

We’ve all heard of the “dark web,” but many of us have no idea what it is and even less of how to access it. The Dark Web, a global challenge to law enforcement, is a region of the World Wide Web accessible only through special software permitting anonymity. Your search engine cannot index the Dark Web’s pages. They are not viewable on your standard web browser, requiring special software or configuration for access.

The Guacamaya group is a fairly new hacktivist group based in Latin America. The group was first seen around March 2022 as they released sensitive data of several companies based in Chile, Ecuador, Brazil and Colombia. As mentioned, the group is mainly focusing on LATAM but dabbles every now and then with campaigns in Russia. The group is defined as a data leakage threat group, which means they do not encrypt but only leak the stolen data, often they do it for free.

Open-source intelligence (OSINT) is essentially any information that can be obtained from publicly available sources. The practice of collecting this information is not new; in fact, in the early 1990s, the Deputy Director of the CIA asserted that over 80% of CIA analysis came from open-source information. Maps, phone books, printed materials, news reports, and other forms of content can provide a lot of information if one knows where and how to look.

Q3 of 2022 has provided us with many interesting insights into the ransomware industry. While the number of incidents this quarter slightly increased compared to the previous quarter.

On September 29, Microsoft Security Threat Intelligence reported two significant zero-day vulnerabilities being exploited in the wild. The two vulnerabilities, named “ProxyNotShell”, affect Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.

It may sound counterintuitive, but the Dark Web presents an invaluable opportunity for businesses to flip the script on hackers. The Dark Web remains a relatively hidden digital space that comprises upwards of 5 percent of the entire internet. This is where cybercriminals go to peddle sensitive and valuable data after breaching vulnerable business networks.

Over the past few months, a new info stealer has emerged. Erbium Stealer is developed by an underground Russian-based group that has been operating since July. The group seems to work very professionally, creating proper documentation and keeping their clients in the loop regarding new features on an almost weekly basis, via their Telegram channel.

In a world where more and more communities and businesses are based on instant messaging applications, it is just a matter of time before instant messaging takes the spotlight away from the traditional social media and commerce platforms. Instant messaging applications are more convenient than conventional forums and social media groups. However, the instant messaging realm is also divided into different application types and purposes.