Cybercriminals attack KEEN shoe drive for people affected by coronavirus pandemic

KEEN is providing shoes to people most impacted by the COVID-19 pandemic, but their website was bombarded by malicious bots.

The coronavirus pandemic is affecting every aspect of our lives and dozens of companies are chipping in to help those affected most by the current crisis. KEEN footwear decided to do its part through a pledge to provide up to 100,000 pairs, or about $10,000,000 in shoes, to the workers on the front lines and the families at home fighting through the crisis. 

Last week, they kick-started Together We Can Help by allowing fans of their brand across the globe to visit KEENfootwear.com to easily send shoes to members of their community most in need. In less than a week, KEEN patrons helped give more than 100,000 pairs of shoes, free of charge.

Unfortunately, cybercriminals tried to disrupt the charity drive on the evening of Thursday, March 19 and again on Sunday morning.

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)

While we put this in place in less than five days, our team was still able to put checks in place that would alert them to any malicious behavior. When the alerts went off, our team worked to find a solution that meant we were only offline temporarily and able to get back to helping our fans help others,” said Erik Burbank, KEEN Global general manager of Outdoor, Lifestyle and Kids.

“A sudden surge of codes being redeemed alerted our team to potential malicious behavior. Our team was able to manually check the codes the bots attempted to redeem and prevent the orders from going out.”

They stopped the program briefly on Friday morning and added a PIN-based authentication to the free shoe nomination process before putting it back online Saturday afternoon. 

SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic)

The cybercriminals staged a second bot attack on Sunday where 2,000 codes were taken by bots in less than 10 minutes. The people behind the drive added an expiration time to the PINs used for authentication, which enabled the company to stay ahead of the bots and get the program back up and running in a few hours. 

The attack didn’t compromise the KEEN website and the only thing the bots temporarily exploited were the free shoe codes. 

“Sadly, a malicious few tried to take advantage of this moment for personal gain. This was obviously not how we intended Together We Can Help to be used. We wanted to start a movement of kindness and encourage people all over the world to give shoes to those who need them most. Hackers tried to take advantage of the program, but in the end, kindness prevailed,” Burbank said.

“Since day one, KEEN has been a values-led company. We want to be responsible citizens of the planet who embrace other cultures and ideas, and make a positive contribution. Making shoes that help people get outside and get the job done is what we do best- it’s the unique skill we bring to the world. We will continue to look for ways of helping communities in need.”

Also see

View original article here Source