Cyber Threats to Financial Sector During 2018 Holiday Season
PRODUCED NOVEMBER 7, 2018
LOOKINGGLASS CYBER SOLUTIONS
THREAT ANALYSIS AND INVESTIGATIONS UNIT
LookingGlass STRATISS: Confidential |
1
Overall Report Distribution is TLP: GREEN Overall Source/Information Reliability: B2
Executive Summary Theholidayseasonhashistoricallyattractedcybercriminalstoconductoperationsdesignedtostealmoneyandothersensitivefinancialinformation,andthe2018seasonshouldbenodifferent.Theexcitementoftheseasoncoupledwiththevolumeofe-commerceande-bankingtransactionsthatoccursduringthisperiodprovidesampleopportunitiesforhostileactors.WhiletheRetailSectorwillremainthemaintargetforenterprisingcybercriminalsduringthe2018holidayseason,theFinancialSectorcontinuestobehigh-profileinitsownright.NotonlyhastheFinancialSectorbeentargetedbycybercriminals,suspectedstateactorsandhacktivistshavealldirectedtheirattentionagainstinstitutionsinthisindustryatonetimeoranother.Moreover,stateactorscantakeadvantageofthedistractionsassociatedwiththeholidayseasontoconductstealthyoperationsagainstthissector,whilehacktivistscouldusethepublicitysurroundingtheseasontolaunchattacksdesignedtodrawattentiontotheircauses.
Key Points
• Theholidayseasonpresentsaprimeopportunityforhostilecyberactorstoconductoperationsthatsupporttheirobjectives.Typically,thistimeperiodsolicitsincreasedattentionfromcybercriminalsintentonstealingmoneyorfinancialinformation.Assuch,LookingGlassanalystsexpectthattheRetailSectorwillremaintheprimaryindustrytargeted.
• PaymentsystemsareavaluedtargetduringtheHolidaySeason;assuch,any
organization-regardlessofitssector-thatusesthemtosupporttheirbusinessoperationsisapotentialtargetforcybercriminals.
• TheFinancialSectorisayear-round,high-profiletargetforactorsinthecyber
threatlandscape.Cybercriminals,suspectedstateactors,andhacktivistgroupshavebeenobservedtargetingtheFinancialSector.Thehighvolumeofe-commerceande-bankingtransactionsduringtheHolidaySeasoncouldprovidestateactorsthenecessarydistractiontoobfuscatemoresurreptitiousnetworkexploitation.
*This report is based on open source findings. Therefore, the report is open source intelligence and does not constitute definitive evidence. Information found in the open source cannot necessarily be verified and is presented as intelligence and as additional information to enhance or expand current investigations.
******
LookingGlass STRATISS: Confidential |
2
The Holiday Season Theholidayseasoncontinuestobeatimeofincreasedhostileactivitybycybercriminals,particularlyforonlineandbrickandmortarretailersande-commerceservices,butcanincludeactivitiesconductedbystateactorsandhacktivists,aswell.Overthepastyear,retailfraudhasincreased,makingthesectorahigh-valuetarget.iTherefore,itcomesasnosurprisethat,overthesametimeperiod,threatresearchershaveidentifiedasignificantinfluxofretailgoodsforsaleinthecybercriminalunderground.iiHowever,althoughretailersmaybethemajorfocusofcybercriminalsthisholidayseason,othersectors--includingthefinancialsector--remainaconstanttargetfortheseenterprisingindividualsandgroups.
Cyber Threats to Financial Sector over 2018 Holiday Season Thefinancialsectorwritlargeisahigh-profile,potentially-lucrativetargetforthreatactorsatanypointduringtheyear.However,theholidayseason,whichtypicallyhasobservedincreasesinhostilecyberactivity,isacatalystforanescalationofcyberattacksagainstthesector.Enterprisingcybercriminalstakeadvantageofconsumerenthusiasmandatarget-richenvironmentthatincludesincreasedrelianceonmobiletechnologiesasapaymentsystemsplatformtoputthemselvesinafavorablepositionovertheholidays.Cyberthreatsaffectingthefinancialsectorduringtheholidayseasonremainthesameastheonestypicallyfacedbythesectoratanyothertimeoftheyear.AccordingtoVerizon’s2018DataBreachreport,bankingTrojansanddistributeddenial-of-serviceattacksweretheprimarythreatstothefinancialsector.iiiAtthistime,LookingGlassanalystsbelievethatthiswillholdtrueduringtheholidayseasonaswell.Theonenotabledifferenceishowhostileactorswillleverageholiday-relatedthemesasanenticementtotheusersofthetargeteddevices.Thetypeofhostilecyberactivitythatthefinancialsectorpotentiallyfacesduringthe2018HolidaySeasonincludes,butisnotlimitedto:
• DistributedDenial-of-ServiceAttacks(DDoS).DDoSattackshavebeenaweaponthathasbeenhistoricallyleveragedagainstthefinancialsector.Theseattackshavebeenusedbyhacktivistsandsuspectedstateactorsinordertodisruptonlineservices.Also,DDoShasbeenleveragedbyactorsasadiversioninordertoobfuscatemorestealthyoperationsthattypicallyinvolvegainingandmaintainingnetworkaccessand/orstealingsensitivedata.Inthepast,therehasbeensomeevidencesuggestingthatDDoSattacksactuallyincreaseastheholidayseasonapproaches.Onesourcefoundthat,between2014and2015,DDoSattacksincreasedanaverageofnearly150percentbetweensummerandwinter.ivTheconductionofsuchattacksisentirelylinkedtotheintentoftheattackerandmaynotbetelegraphedpriortotheinitiallaunch.
LookingGlass STRATISS: Confidential |
3
• Ransomware.Althoughithasbeendecreasinginpopularity,ransomwarehas
shownsignsofbeingmoresophisticatedinitsconstructandmoretargetedinitsdeployment.Often,ransomwareisdeliveredthroughvariousvectors,includingphishingandRemoteDesktopProtocol(RDP).vRDPallowscomputerstoconnecttoeachotheracrossanetwork,anditsversatilityisevidencedinvariantdevelopmentanditsserviceofferings.Cybercriminalsmaytrytotakeadvantageoffinancialsectorinstitutionsbydeployingransomwareovertheholidayseason,atatimewhencustomersmayneedincreasedaccesstofunds.
• Web-ApplicationAttacks.Accordingtoonenetworksecurityplatformcompany,
web-applicationattacksareamongthecommoncyberattackstargetingthefinancialsector.viUltimately,theexpansionofonlineanddigitalservices(toincludemobileapps)hasincreasedtheattacksurface.viiAccordingtothe2017findingsofonecomputersecuritycompany,financewebapplicationswereatgreatestrisk,withanear“100percentoftestedbankingandfinancewebapplicationsbeingsusceptibletohigh-severityvulnerabilities.”viiiPerhapsmoredisconcertingisthat87percentofbankingwebapplicationstestedbythecompanyweresusceptibletoattacksagainstusers.ixBotnetshaveconductedwebapplicationattacks,risingnearly30percentin2017.xTheseattackscanbeexpectedtointensifyduringtheholidayseason.
• BankingTrojans.Duetotheirpopularityandhighsuccessrate,bankingTrojans
remainaweaponofchoiceforhostilecyberactors.Accordingtoaprominentcomputersecuritycompany,bankingTrojanuseincreasedinthesecondquarterof2018(toincludemobilebankingTrojans).xiMoreover,tacticsusedbyhostilecyberactorstodeliverbankingTrojanscontinuetoevolveaswell,adaptingtoandimplementinganytechniquethatcaneffectivelytakeadvantageofauser.WeexpecthostileactorstotakeadvantageoftheholidayseasontodeliverbankingTrojanstounsuspectingtargets.In2017,thePandabankingTrojanwasobservedfocusingonnon-bankingtargetsusinganextensivelistofinjectsclearlydesignedtocapitalizeonholidayshoppingandactivities.xiiSimilarly,in2017,theRamnitbankingTrojanwasextremelyactiveduringtheholidayseason.Peronecompany’sresearchonthesubject,Ramnittargetedsomeofthelargestbanksintheworldandretaile-commercesites.xiii
• ThirdParties.It’salsoworthnotingthatthirdpartiesaresusceptibleto
compromiseandcanbeexploitedasaplatformfromwhichtoattack.The2013Targetbreachisaperfectexampleofhowhostileactorscanleveragethisthird-partyaccesstocompromisethenetworkandenabletheattackerstoexploitvulnerabilitiesinpaymentsystems.
LookingGlass STRATISS: Confidential |
4
Cyber Threats to Payment Systems over the 2018 Holiday Season Itshouldcomeasnosurprisethattheholidayseasonisatarget-richenvironmentforcybercriminals,asconsumersrelyone-commerceplatformsande-bankingtomakepurchasesandconductfinancialtransactions.Therearetriedandtruemethodsthathackersimplementtocompromisetheirtargets.Paymentsystemsareaprimetargetforcybercriminalsthroughouttheyear,butperhapsevenmoresoduringtimesofincreasedpurchasingactivitysuchastheholidayseason.Accordingtoonesource,digitalpaymentsareexpectedtohitUSD726billionby2020.xivA2018surveybytheAssociationforFinancialProfessionalsrevealedthatpaymentsfraudsubstantiallyincreasedin2017.xvAccordingtoonesitetrackingpaymentsystemsnews,someofthebiggestsecuritythreatstopaymentsystemsincludethecompromiseofInternet-of-Thingsdevices;over-trustingencryption;cloudunpreparedness;smartersocialengineering/phishing;andthird-partyserviceproviders.xviPoint-of-Salebreachesandwebsiteoutagesaremostthreateningtoretailstores,accordingtoa2017studyconductedbyaninternationalconsultingfirm.xviiExpectedcyberthreatstopaymentsystemsovertheholidayseasoninclude:
• Point-of-Sale(POS)Systems.POSsystemshaveexploitedsomeofthebiggestretailersintheUnitedStates.However,therehasbeensomeimprovementinshoringupPOSsystemsbytighteningupendpointsecurity.Nevertheless,enterprisinghackersalwaysfindwork-arounds;POSisnodifferent.Accordingtoaprominententrepreneurialonlineperiodical,securityresearchersidentifiedapossibleweakpointbetweenaPOSworkstationandastoreserver.SuchaccessopensthedoorforanewbutrathersimplePOSattackvector(note:thiswasdisclosedtoPOSvendors).xviiiSomeofthemoreprominenttypesofPOSmalwareincludeBlackPOS,TreasureHunt,NitlovePOS,PoSeidon,andMalumPOS.xix
o MobilePOScouldprovideaprimetargetforcyberattackers.Accordingtoa
recentreportinanonlinetechmediasource,morethanhalfofthemoreprominentmobilePOSwereidentifiedbythreatresearchersasbeingsusceptibletocyberattacks.Assuch,researchersanalyzedsevencardreadersacrosstheUnitedStatesandEuropefromfourvendors:SumUp,iZettle,PayPal,andSquare.Theresearchersnotedthefollowingattackvectors:xx
§ Twooftheterminals(note:theresearchersdidnotidentifythemanufacturers)haddisplaysthatahostileactorcouldsendcommandstoinordertomanipulateonscreenmessages.The
LookingGlass STRATISS: Confidential |
5
researchersnotedthatthisvectorwouldfacilitatesocialengineeringtoenticethevictimtouselesssecurepaymentoptions.
§ Researchersalsorevealedthatman-in-the-middleattackscouldbelaunchedusingBluetoothaccesstointerceptHTTPStraffictransmittedfromthemobileapplicationtothepaymentserver.Theyfoundfiveterminalsvulnerabletothisattackvector,althoughtheydidpointoutthatitonlyworkedformag-stripetransactions.
§ Finally,researchersfoundtwoterminalsthatcouldbeexploitedviaremotecodeexecution.Thisvectorwouldprovideattackersaccesstotheterminals’operatingsystems.
• MobileDevicesarePrimeTargets.Wefullyexpecthostileactorstoaggressively
targetmobiledevices.Accordingtoonecomputersecuritycompany,inthethirdquarterof2017,mobiletransactionsovertookthedesktopforthefirsttime.xxiAccordingto2017studybyaU.S.marketingresearchcompany,smartphonesareexpectedtobeusedinmorethanonethird(USD1trillion)oftotalU.S.retailsalesatsomepointin2018.xxiiAccordingtodatafromGoogleAnalyticsfromJunetoSeptember2017,over40percentofonlinetransactionsweremadeonmobiledevices.xxiii
• Web-ApplicationAttacks.AccordingtoVerizon’sDataBreachreport,web-
applicationattacksweretheprimarythreattotheretailsector,alongwithcardskimmers.xxivPerthereport,approximatelyonethirdofallconfirmedbreachesinretailinvolvedawebapplication,includingOScommanding,SQLinjection,andtheuseofstolencredentialstocompromisethesystem.
• Skimming.InadditiontoPOSmalware,skimmersplacedonPOSterminalswillremainaconsistentthreatin2018.Thesedevicesareabletoreadthecardnumberandpincodewhencustomerspaywithacreditordebitcard.
A Look Back at the 2017 Holiday Season Cyber Crime In2017,therewasasubstantialamountoffraudactivityassociatedwithholidayshopping.Accordingtoonecomputersecuritycompany,betweenThanksgivingDayandDecember31,2017,thenumberofe-commercetransactionsgrewby19percentcomparedtothesamedatesin2016,andfraudattemptsincreasedby22percent.xxvThecomputersecuritycompanyprovidedthefollowingdatainitsreport:
LookingGlass STRATISS: Confidential |
6
• ThanksgivingDayrankedhighestinfraudattempts,followedbyChristmasEve.Thecompanystressedthatthetrendsdrivingthesepeaksincludedshipmentcut-off,consumertraffic,andonlinepick-up-in-storetransactions.
o Toprovideperspective,thecompanysuppliedthefollowinginformationincomparison:In2017,oneoutofevery85transactionswasafraudulentattempt.In2016,oneoutofevery97transactionswasafraudulentattempt.In2015,oneoutofevery109transactionswasafraudulentattempt.
• TheaveragepriceofattemptedfraudtransactionsoverthecourseoftheentireholidayseasonwasUSD227.
• ThevolumeoftotalpurchasesrecordedduringtheJanuary-October2017period
increasedby14percent.Anothercomputersecuritycompany’sresearchwasconsistentwiththesefindings.Accordingtotheirresults,251millionfraudattemptswereobservedduringthefourthquarterof2017,a113percentincreasefromthepastyear.ThecompanyalsofoundthatasignificantportionofthisactivitycamefromRussia.xxviInthefirstquarterof2018,cyberfraudratesremainedalarminglyhighintothenewyear,totalingapproximatelyUSD150millionduringQ12018,anotable88percentincreaseoverthesameperiodthepreviousyear.xxviiWithregardstothefinancialsector,one2017studyfoundthatfinancialmalwareassociatedwithbreachesincreasedalmost25percent.Additionally,duringthe2016holidayseason,30typesofbankingTrojanswereinvolvedinactivityresultinginapproximatelyUSD6.9billioninonlinepaymentfrauds.xxviiiForsomebusinesses,“CyberMonday”isanextremelylucrativetimeforconsumerpatronage.Accordingtoonetechnologysource,2017CyberMondaygeneratedUSD2.2billioninsales.xxixHowever,perthesamesource,cybercrimekeptpacewiththebusyconsumerism.Phishinglinksincreased336percentoverThanksgiving,andmorethan30millionmaliciouslinksweretransmittedviasocialmediadaily.Perthesource’sfindings,themostcommonattacksduringthisperiodwere:
• Spearphishing.Hackerssentprofessional-lookinge-mailsand/orbuiltfakelandingpagestoenticevictimstoprovidetheirsensitiveinformationand/orcredentials.
• HashtagHijacking.Hackersusedtrendinghashtagstogainawideraudienceof
prospectivevictimstospreadmaliciouslinks,spam,etc.
• Clickbaiting.Hackerspostedanenticingheadlinelinkonasocialmediaaccount(e.g.,agooddeal)toenticevictimstoclickonit.
LookingGlass STRATISS: Confidential |
7
Accordingtoanothersourcethattrackse-commerce,onBlackFridayin2017,desktopfraudattacksincreasedataratetwotimesgreaterthansalesgrowth;therewasalsoa334percentincreaseinmobileappfraudattacksanda13percentincreaseinmobilebrowserfraudattacks.OnCyberMondayin2017,thesourcefounda36percentincreaseindesktopattacks(aratethreetimesgreaterthansalesgrowth),a301percentincreaseinmobileappfraudattacks,anda27percentincreaseinmobilebrowserfraudattacks.xxx
The Cyber Threat Actor Landscape ThecyberthreatactorlandscapeiscomposedofavarietyofhostileactorswithdiversemotivationsfortargetingtheUnitedStates’financialsector.States,hacktivists,terrorists,andcybercriminalsaretheprimaryactorsthathavetheintent,motivation,andmeanstoconductremotecyberattacksagainstentitiesinthefinancialsectorecosystem.Thefollowingactortypesmakeupthecyberthreatactorlandscape:
Figure1.ThreatActorsandMotivations
(source:https://www.belfercenter.org/publication/state-and-local-election-cybersecurity-playbook)
• CyberCriminals.Cybercriminalsrunthegamutofsophistication,rangingfrom
rudimentarytoverysophisticatedandmayworkindividuallyoringroupsofvarioussizes.Thespanofoperationsisasdiverseastheactorsthemselves,withtargetsrangingfromindividualstobusinessestohealthcareorganizationstofinancialinstitutions.Nooneisimmunefromtheseactors.
LookingGlass STRATISS: Confidential |
8
• Hacktivists.Theseactors/groupsareoftenmotivatedbypolitical,ideological,nationalistic,economic,social,orreligiousmotivations.TypicalhacktivistoperationshaveincludedDDoSattacks,webpagedefacements,doxing,andtheftofsensitiveinformation.
• NationStates/State-SponsoredActors.Theseactorsreceivedirection,funding,or
technicalassistancefromanation-statetoadvancethatnation’sparticularinterests.InthewakeofsuspectedNorthKoreaninvolvementintargetingglobalbanksandcryptocurrencyexchanges,it’simportantnottodiscountstateactivityduringtheholidayseasonagainstthefinancialsector.Additionally,suspectedstateactorsmayhavebeenresponsiblefortheOperationAbabilDDoSattacksthattranspiredin2012targetingU.S.financialinstitutions.
Conclusion Everyyear,theHolidaySeasondrawsconsiderableattentionfromcybercriminalsthattargetindividualsandorganizationsinordertostealmoneyand/orfinancialinformation.Whileretailentitiesarehigh-valueforthesefinancially-motivatedactors,anyentitythatprocessesfinancialtransactionsissusceptibletoexploitationattempts.Duetothenatureofitsoperations,LookingGlassanalystsbelievethatthefinancialsectorisapotentialtargetduringthe2018HolidaySeasonaswell.Whilecybercriminalsremaintheprimaryactorthreat,cyberespionage-relatedgroupsandhacktivistscanalsoleveragethedistractionoftheholidaystoconducttheiroperations.Withcybercriminalsgarneringthemajorityoftheattentionduringthisperiod,cyberespionageactorsmaytakethetimetoconductmoresurreptitiousexploitationeffortsagainsttheirtargets.Hacktivists–largelydrivenbytheirpolitical/ideological/religious/economic/nationalisticagendas–canusetheholidaystolaunchdisruptiveattackstodrawattentiontotheircauses.InformationCut-offDate:October25,2018
LookingGlass STRATISS: Confidential |
9
Traffic-Light Protocol for Information Dissemination Color WhenShouldItBeUsed? HowMayItBeShared
RED
SourcesmayuseTLP:REDwheninformationcannotbeeffectivelyacteduponbyadditionalparties,andcouldleadtoimpactsonaparty’sprivacy,reputation,oroperationsifmisused.
RecipientsmaynotshareTLP:REDwithanypartiesoutsideofthespecificexchange,meeting,orconversationinwhichitisoriginallydisclosed.
AMBER
SourcesmayusetheTLP:AMBERwheninformationrequiressupporttobeeffectivelyacteduponbutcarriestheriskstoprivacy,reputation,oroperationsifsharedoutsideoftheorganizationsinvolved.
RecipientsmayonlyshareTLP:AMBERinformationwithmembersoftheirownorganization,andonlyaswidelyasnecessarytoactonthatinformation.
GREEN
SourcesmayuseTLP:GREENwheninformationisusefulfortheawarenessofallparticipatingorganizationsaswellaswithpeerswithinthebroadercommunityorsector.
RecipientsmayshareTLP:GREENinformationwithpeersandpartnerorganizationswithintheirsectororcommunity,butnotviapubliclyaccessiblechannels.
WHITE
SourcesmayuseTLP:WHITEwheninformationcarriesminimalornoriskofmisuse,inaccordancewithapplicablerulesandproceduresforpublicrelease.
TLP:WHITEinformationmaybedistributedwithoutrestriction,subjecttocopyrightcontrols.
LookingGlass STRATISS: Confidential |
10
A Note on Estimative Language Estimativelanguageisusedinordertoconveyanassessedlikelihoodorprobabilityofanevent,aswellasthelevelofconfidenceascribedtoajudgment.Assessmentsarebasedoncollectedinformation(whichisoftenincomplete),aswellaslogic,argumentation,andprecedents.Confidencelevelsprovideassessmentsofthequalityandquantityofthesourceinformationthatsupportsjudgments. None Low Moderate High Complete0-10% 11-49% 50-79% 80-99% 100%
• Complete:Totallyreliableandcorroboratedinformationwithnoassumptionsandclear,undisputedreasoning.
• High:Wellcorroboratedinformationfrommultipleprovensources,extensive
databases,and/oradeephistoricalunderstandingoftheissue.Thereareminimalassumptionspresent.Theanalyticreasoningisdominatedbylogicalinferencesdevelopedthroughestablishedmethodologyormultipleanalytictechniques.Highconfidencedoesnotimplyanassessmentisfactoracertainty.
• Moderate:Partiallycorroboratedinformationfromsufficientqualitysources(amix
ofprovenandunprovensources)withsomedatabasesand/orhistoricalunderstandingoftheissue.Thereareassumptionspresent,ofwhichsomeshouldbecrucialtotheanalysis.Reasoningisamixtureofstrongandweakinferencesdevelopedthroughsimpleanalytictechniquesoranestablishedmethodology.
• Low:Uncorroboratedinformationfromgoodormarginalsources(mixofsemi-
provenandunprovensources)withminimaldatabaseorhistoricalunderstandingoftheissue.Therearemanyassumptionscriticaltotheanalysis.Reasoningisdominatedbyweakinferencesthroughfewanalytictechniques.
• None:Thereisnodirectinformationorpartiallycorroboratedinformationto
supportanalyticassessmentsorjudgments,oritisexploratoryanalysis.
LookingGlass STRATISS: Confidential |
11
Source and Information Reliability Source Rating DescriptionA Reliable Nodoubtaboutthesource'sauthenticity,trustworthiness,or
competency.Historyofcompletereliability.B UsuallyReliable Minordoubts.Historyofmostlyvalidinformation.C FairlyReliable Doubts.Providedvalidinformationinthepast.D NotUsuallyReliable Significantdoubts.Providedvalidinformationinthepast.E Unreliable Lacksauthenticity,trustworthiness,andcompetency.Historyof
invalidinformation.F Can’tBeJudged Insufficientinformationtoevaluatereliability.Mayormaynotbe
reliable.Information Rating Description1 Confirmed Logical,consistentwithotherrelevantinformation,confirmedby
independentsources.2 ProbablyTrue Logical,consistentwithotherrelevantinformation,notconfirmed
byindependentsources.3 PossiblyTrue Reasonablylogical,agreeswithsomerelevantinformation,not
confirmed.4 DoubtfullyTrue Notlogicalbutpossible,nootherinformationonthesubject,not
confirmed.5 Improbable Notlogical,contradictedbyotherrelevantinformation.6 Can’tBeJudged Thevalidityoftheinformationcannotbedetermined.
LookingGlass STRATISS: Confidential |
12
ihttps://www.darkreading.com/vulnerabilities---threats/retail-fraud-spikes-ahead-of-the-holidays/d/d-id/1333130iiIbid.iiihttps://www.calyptix.com/top-threats/top-causes-of-data-breaches-by-industry-2018-verizon-dbir/ivhttps://www.security.neustar/blog/-tis-the-season-for-ddos-attacksvhttps://www.itproportal.com/features/the-four-most-popular-methods-hackers-use-to-spread-ransomware/vihttps://www.lanner-america.com/blog/5-cyber-threats-currently-faced-financial-sector/viiIbid.viiihttps://www.finance-monthly.com/2018/05/banking-finance-were-the-most-vulnerable-web-applications-in-2017/ixIbid.xhttps://www.businesstimes.com.sg/technology/study-finds-rise-in-web-malware-attacks-merchants-more-vulnerable-during-holiday-seasonxihttps://www.securitynow.com/author.asp?section_id=715&doc_id=745218xiihttps://www.proofpoint.com/us/threat-insight/post/zeus-panda-banking-trojan-targets-online-holiday-shoppersxiiihttps://www.f5.com/labs/articles/threat-intelligence/ramnit-goes-on-a-holiday-shopping-spree-targeting-retailers-and-banksxivhttp://www.paymentsjournal.com/payments-and-cybersecurity-why-automating-threat-breach-response-is-critical/xvhttps://www.afponline.org/trends-topics/topics/articles/Details/afp-survey-payments-fraud-hits-record-high-of-78xvihttps://www.aciworldwide.com/insights/expert-view/2018/april/12-biggest-security-threats-to-paymentsxviixviihttps://www.retaildive.com/news/tis-the-season-for-retail-security-threats/510084/xviiihttps://www.forbes.com/sites/forbestechcouncil/2017/09/27/the-vulnerabilities-of-a-pos-system/#3f6dfd384b58xixhttps://digitalguardian.com/blog/what-point-sale-pos-malware-how-it-works-and-how-protect-your-pos-systemxxhttps://threatpost.com/square-paypal-pos-hardware-open-to-multiple-attack-vectors/138681/xxihttps://www.threatmetrix.com/digital-identity-blog/cybercrime/cybercrime-report-five-predictions-holiday-2017/xxiihttps://www.adweek.com/digital/mobile-shopping-is-on-the-rise-but-remains-split-between-the-mobile-web-and-apps/xxiiiIbid.xxivhttps://www.calyptix.com/top-threats/top-causes-of-data-breaches-by-industry-2018-verizon-dbir/xxvhttps://www.securitymagazine.com/articles/88637-online-fraud-increases-22-during-holiday-seasonxxvihttps://www.cutimes.com/2018/02/08/e-commerce-cyberattacks-grow-during-2017-holiday-s/xxviihttps://www.threatmetrix.com/digital-identity-blog/cybercrime/cybercrime-report-reveals-surge-in-ecommerce-fraud-attacks/xxviiihttp://www.myteltek.com/blog/2018/10/protecting-your-business-from-cyber-security-issues-during-the-holidays/xxixhttps://www.zerofox.com/blog/cyber-monday-breeds-cyber-crime-infographic/xxxhttps://www.kount.com/blog-against-fraud/comparing-2016-and-2017-holidays-trends-in-naughty-and-nice