Retailers brace for AI powered bot attacks during holiday season shopping. Hackers exploit old Avast driver to deliver windows malware and Starbucks turns to manual pay after ransomware attacks on a scheduling software. This is cybersecurity today. I'm your host, Jim Love. Retailers are gearing up for a surge in AI enabled bot attacks as the holiday shopping season begins.
There are fraudulent purchases, bots that quickly buy up high demand items like sneakers and electronics, often for resale, frustrating consumers. There are security exploits, bots scanning retailers networks for vulnerabilities, creating entry points for ransomware or other destructive attacks, and there are account takeovers, automated bots that use stolen credentials to gain control of customer accounts, often bypassing the traditional defenses.
The retail and hospitality information sharing and analysis center reports a sharp increase in bot activity during the holiday season. As cyber criminals exploit the high traffic and reduced visibility of their activities. A Viking Cloud survey revealed 52 percent of retailers feel more vulnerable to cyber attacks during the holidays, with threats extending beyond websites to third party vendors. If key suppliers are vulnerable, the fulfillment of orders may be more challenging, said Viking Cloud's chief product officer, Kevin Pierce.
Cybersecurity researchers at Trellix have uncovered a new type of Windows malware dubbed Kill Floor that leverages an old Avast anti rootkit driver to infiltrate PCs. This kernel level malware disables critical security systems, allowing attackers to take over the computer and execute malicious processes. As hackers continue to exploit legitimate tools for malicious purposes, companies like Microsoft and others are reviewing how kernel access is granted to prevent similar issues in the future.
Blue Yonder's services are critical for supply chain and workforce management, leaving affected companies scrambling for workarounds. Starbucks assured employees they would be paid for all hours worked with local managers stepping in to handle schedules manually.
The attack also highlights the vulnerabilities in relying on third party providers, especially during peak periods like the holiday shopping season. And that's our show for today. You can find links to reports and other details in our show notes at technewsday. com. We welcome your comments, tips, and the occasional bit of constructive criticism at editorial at technewsday.