Top Risks
January 09, 2020

Black Friday, Cyber Monday and the Seasonal E-Commerce Onslaught

1 min. read

Black Friday, Cyber Monday and the seasonal ecommerce feeding frenzy are always big news.

Hyperactive online activity and potentially compromised purchasing, promotion and sales behaviours are like a red rag to a bull for enterprising cybercriminals.

From denial of service (DoS) attacks shutting down retailers in their revenue-generating prime to ransomware campaigns extorting your hard-earned spending money, there’s a world of banana skins out there.

Formjacking is one of this years’ most notable threats and is, according to the F5 Labs 2019 Application Protection Report, now one of the most common web attack tactics in play. It was responsible for 71 per cent of F5 Labs-analysed, web-related data breaches in 2018.

As more web applications connect to critical components such as shopping carts, card payments, advertising and analytics, vendors become an outsized target. Code can be delivered from a wide range of sources – almost all of which are beyond the boundaries of usual enterprise security controls. Since many websites make use of the same third-party resources, attackers know that they just need to compromise a single component to skim data from a huge pool of potential victims.

Read the full article published November 29, 2019 here: by ITProPortal.

Join the Discussion


Expertly picked stories on threat intelligence

Hundreds of apps will be attacked by the time you read this.

So, we get to work. We obsess over effective attack methods. We monitor the growth of IoT and its evolving threats. We dive deep into the latest crypto-mining campaigns. We analyze banking Trojan targets. We dissect exploits. We hunt for the latest malware. And then our team of experts share it all with you. For more than 20 years, F5 has been leading the app delivery space. With our experience, we are passionate about educating the security community-providing the intel you need to stay informed so your apps can stay safe.


9 hrs

a critical vulnerability—with the potential for remote code execution—is released.