Mon | Nov 7, 2022 | 4:03 PM PST

Every holiday season, malicious threat actors ramp up their activities as consumers spend their days at home cuddled up on the couch, surfing for gifts for their loved ones. This holiday season figures to be no different.

The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) released its 2022 Holiday Season Cyber Threat Trends report, detailing the threat landscape the retail and hospitality industries face during the holiday season.

The report found that QakBot, Emotet, Agent Tesla, and Dridex are likely to be the most used malware tools by threat actors, while phishing and fraud remain "critical concerns," with return and gift card fraud increasing significantly. 

Perhaps more importantly, the report includes "perspectives from key subject matter experts at leading consumer-facing organizations who provided insights into their organization's holiday season cybersecurity measures." Those experts provide analysis of threat trends for this upcoming holiday season, while taking a look back at other historical trends.

Holiday cyber threats and analysis

The RH-ISAC spoke with several key member analysts that have specific expertise in fraud prevention who are currently implementing their organization's holiday season security measures.

When asked what their primary threat focuses for this holiday season were, five things popped up consistently:

•  Phishing and credential harvesting
•  Account takeover (ATO)
•  Bots (scalpers and resellers)
•  Gift and loyalty card fraud
•  Return fraud

As for what defensive measures cyber teams should be focusing on, the report says:

"Members reported focusing on understanding very specific tactics
fraudsters and threat actors are using across kill chains to enhance
detection and mitigation efforts. Understanding broad trends
across the threat landscape and how they work within member
environments has enabled analysts to create more effective alerting,
detection, and mitigation efforts."

It also discusses things like working closely with customer service departments and providing them with "refund-as-a-service training material," as well as stressing the importance of change freezes, staffing
adjustments, and operational changes in preparation for increased
threats during the holiday season.

Experts specifically noted that an "increased emphasis on improved Endpoint Detection and Red Team operations helped validate threat concerns and highlight areas for improvement."

Holiday season threat landscape and attack trends 

The two graphs below display the total instances of threat indicators reported by RH-ISAC members during the 2020 and 2021 holiday seasons.

From these trends, the RH-ISAC report was able to come up with six key consistent trends:

  • "Qakbot indicators are down significantly from 34% of total reported threats in 2020 to 5% in 2021."
  • "Emotet indicators are also down significantly from 20% in 2020 to 3% in 2021."
  • "Credential Harvesting indicators are up slightly from 13% in 2020 to 17% in 2021. Credential harvesting shares are consistently at a much higher prevalence than any other threat."
  • "Phishing activity sharing is down slightly from 18% in 2020 to 16% in 2021. While significantly less prevalent than credential harvesting, phishing activity is consistently among the most prevalent trends in shared intelligence."
  • "Agent Tesla sharing is up slightly from 15% in 2020 to 16% in 2021."
  • "Dridex indicators are relatively stable at 3% for both periods."

See the report from the RH-ISAC, 2022 Holiday Season Cyber Threat Trends, for more information. 

How is your team preparing for the increase in cyber threats this holiday season?

Follow SecureWorld News for more information.

Comments