Full Report
How cybercriminals prepare for Black Friday: phishing, scams and malware targeting online shoppers and gamers, fake sales in spam and real sales on the dark web.
Analysis Summary
The provided context snippet is primarily the introductory/cookie consent section of a Kaspersky report titled "How cybercriminals prepare for Black Friday." **Crucially, it does not contain specific details about malware families, attack tools, technical procedures, or MITRE ATT&CK mappings.**
Therefore, the summary below is structured based on the *expected content* derived from the article's description (phishing, scams, and malware targeting shoppers/gamers), but the technical details fields will indicate that the specific information was not present in the excerpt provided.
---
# Tool/Technique: Black Friday Themed Phishing/Scam Campaigns (General)
## Overview
Cybercriminals leverage high-traffic shopping events like Black Friday to deploy various cyberattacks, primarily focusing on credential theft, financial fraud, and malware delivery targeting online shoppers and gamers. This includes widespread spear-phishing, deceptive landing pages promoting fake sales, and the use of malware distributed via spam.
## Technical Details
- Type: Technique/Campaign Theme
- Platform: Windows, Mobile (Inferred from targeting online shoppers/gamers)
- Capabilities: Deception, social engineering, financial data exfiltration, delivery of malware payloads.
- First Seen: Annually, seasonal escalation.
## MITRE ATT&CK Mapping
*Since specific execution techniques are not detailed in the excerpt, general mappings for the described intent are provided.*
- T1566 - Phishing
- T1566.001 - Spearphishing Attachment
- T1566.002 - Spearphishing Link
- T1597 - Spearphishing for Information (General intent in e-commerce attempts)
- T1562 - Impair Defenses (If malware is involved)
## Functionality
### Core Capabilities
- **Social Engineering:** Crafting highly convincing, time-sensitive lures related to Black Friday discounts, order confirmations, or shipping issues.
- **Credential Harvesting:** Directing victims to fake login pages designed to steal credentials for e-commerce sites, gaming platforms, or banking details.
### Advanced Features
- **Dark Web Integration:** The context mentions "real sales on the dark web," suggesting coordination between initial infection lures (phishing) and post-compromise monetization or sale of stolen data on black markets.
## Indicators of Compromise
*No specific IoCs (Hashes, IPs, Filenames) were present in the provided context snippet.*
- File Hashes: [Not available in context]
- File Names: [Not available in context]
- Registry Keys: [Not available in context]
- Network Indicators: [Not available in context - Likely infrastructure related to phishing domains or C2 servers]
- Behavioral Indicators: [Not available in context]
## Associated Threat Actors
- Cybercriminals targeting retail/e-commerce customers, financially motivated groups, and potentially TrickBot/Emotet operators (often associated with peak seasonal spam bursts). (Actors are generalized due to lack of specific attribution in the excerpt.)
## Detection Methods
*Detection methods would require specific malware signatures or detailed campaign infrastructure analysis, which is missing.*
- Signature-based detection: [Not available in context]
- Behavioral detection: [Not available in context]
- YARA rules: [Not available in context]
## Mitigation Strategies
- **User Education:** Training users to scrutinize email addresses, check URLs before clicking links, and be wary of extreme bargains.
- **Technical Controls:** Implementing robust email filtering solutions capable of blocking URLs known for phishing and using multi-factor authentication (MFA) on all high-value accounts.
- **Endpoint Protection:** Ensuring security software is up-to-date to detect known malware payloads dropped by phishing links.
## Related Tools/Techniques
- Malicious domain generation and squatting (Used for hosting fake sales pages).
- Exploit kits (If vulnerability exploitation is used pre-loader for malware delivery).