Black Friday Preview: As Holiday Shopping Thrives Online, Will Cybercriminals Move In?


Despite this year’s deluge of emails and commercials already proclaiming, “BLACK FRIDAY IS HERE!” there are still several days until the official start of the holiday shopping season.

The realities of 2020 have seen the traditional doorbuster-type frenzy give way to a more diffuse set of bargains throughout the month (and even as early as October). But in the U.S., the period between Thanksgiving evening and 11:59 p.m. the following Monday is still expected to reign supreme, as shoppers rush to get the year’s best prices on electronics, home goods and appliances.

This year’s holiday shopping season comes amid perhaps the biggest wave of financial uncertainty to hit the U.S. since the recession of the late aughts. Combined with the ongoing COVID-19 pandemic and an unpredictable political climate, it’s little surprise that this year’s holiday shopping revenue is expected to fall short of the $184 billion spent this time last year.

Even so, according to NerdWallet, 201 million Americans, or roughly 8 out of 10, are expected to take part in the holiday shopping season of 2020 and will generate a still very robust $167 billion in sales.

But they won’t be standing in line at the mall to do so. While the shift toward online shopping goes back to at least 2005, when the term “Cyber Monday” was coined by the National Retail Federation, this year will almost certainly accelerate this trend, as people are choosing to avoid crowds for safety, are quarantining or are prohibited by law from doing things like massing in front of retail stores.

According to Digital Commerce 360, during the first 10 days of November, customers already spent $21.7 billion online, a 21% year-over-year increase — and the period from Thanksgiving through Cyber Monday is expected to generate 35-40% more online shopping than last year. Roughly 66% of shoppers say they’ll make more purchases online in 2020, with over 95% of people expected to buy half or more of their gifts online.

But while this might be good to help control the spread of the pandemic, it’s also good for cybercriminals. For the past few years, SonicWall Capture Labs threat researchers have recorded a higher than usual number of attacks taking place over the holiday shopping period. For example, in 2019, between Nov. 25 and Dec. 2, there were 129.3 million malware attacks (a 63% increase over 2018.) In the U.S. specifically, both malware (130%) and ransomware attacks (69%) were up compared to 2018.

What will this year hold? While 2020 continues to defy predictability, there’s already trouble on the horizon. The last quarter for which we have data, Q3 2020, showed some disturbing trends: In September, malware had its biggest rally of the year, increasing by 59 million over August. Worse, the 20% YoY increase in ransomware we saw at the end of Q2 had widened to a 40% increase by the end of Q3, having been on a steady rise since June

While it might be tempting to think this level of cybercrime would suggest we’re nearing some sort of ceiling and won’t see the sorts of increases over Black Friday weekend that we’ve seen in the past, everything we know about cybercriminals in 2020 refutes that. The cybercriminals we’ve seen at work during the pandemic have been as opportunistic and crafty as any we’ve seen before. And they’ve shown no qualms about targeting those they perceive as vulnerable, whether it’s hospitals, local governments or individual remote workers.

Unfortunately, this means holiday shoppers, more bargain-hungry than ever and doing most or all of their shopping online, could prove tempting quarry indeed — particularly since many people will be using the same devices and networks to shop that they use to connect to their employers’ corporate networks.

Of course, we hope that cybercriminals instead decide to cut us a rare break in a trying year and just watch some football. But no matter what happens, SonicWall’s threat researchers will be watching.

Amber Wolff
Senior Digital Copywriter | SonicWall
Amber Wolff is the Senior Digital Copywriter for SonicWall. Prior to joining the SonicWall team, Amber was a cybersecurity blogger and content creator, covering a wide variety of products and topics surrounding enterprise security. She spent the earlier part of her career in advertising, where she wrote and edited for a number of national clients.