![Page 1: STRATISS - Cyber Threat to Financial Sector During 2018 ... · • Web-Application Attacks. According to one network security platform company, web-application attacks are among the](https://reader036.vdocuments.net/reader036/viewer/2022070906/5f76e00c735b2a4dd0655c26/html5/thumbnails/1.jpg)
Cyber Threats to Financial Sector During 2018 Holiday Season
PRODUCED NOVEMBER 7, 2018
LOOKINGGLASS CYBER SOLUTIONS
THREAT ANALYSIS AND INVESTIGATIONS UNIT
![Page 2: STRATISS - Cyber Threat to Financial Sector During 2018 ... · • Web-Application Attacks. According to one network security platform company, web-application attacks are among the](https://reader036.vdocuments.net/reader036/viewer/2022070906/5f76e00c735b2a4dd0655c26/html5/thumbnails/2.jpg)
LookingGlass STRATISS: Confidential |
1
Overall Report Distribution is TLP: GREEN Overall Source/Information Reliability: B2
Executive Summary Theholidayseasonhashistoricallyattractedcybercriminalstoconductoperationsdesignedtostealmoneyandothersensitivefinancialinformation,andthe2018seasonshouldbenodifferent.Theexcitementoftheseasoncoupledwiththevolumeofe-commerceande-bankingtransactionsthatoccursduringthisperiodprovidesampleopportunitiesforhostileactors.WhiletheRetailSectorwillremainthemaintargetforenterprisingcybercriminalsduringthe2018holidayseason,theFinancialSectorcontinuestobehigh-profileinitsownright.NotonlyhastheFinancialSectorbeentargetedbycybercriminals,suspectedstateactorsandhacktivistshavealldirectedtheirattentionagainstinstitutionsinthisindustryatonetimeoranother.Moreover,stateactorscantakeadvantageofthedistractionsassociatedwiththeholidayseasontoconductstealthyoperationsagainstthissector,whilehacktivistscouldusethepublicitysurroundingtheseasontolaunchattacksdesignedtodrawattentiontotheircauses.
Key Points
• Theholidayseasonpresentsaprimeopportunityforhostilecyberactorstoconductoperationsthatsupporttheirobjectives.Typically,thistimeperiodsolicitsincreasedattentionfromcybercriminalsintentonstealingmoneyorfinancialinformation.Assuch,LookingGlassanalystsexpectthattheRetailSectorwillremaintheprimaryindustrytargeted.
• PaymentsystemsareavaluedtargetduringtheHolidaySeason;assuch,any
organization-regardlessofitssector-thatusesthemtosupporttheirbusinessoperationsisapotentialtargetforcybercriminals.
• TheFinancialSectorisayear-round,high-profiletargetforactorsinthecyber
threatlandscape.Cybercriminals,suspectedstateactors,andhacktivistgroupshavebeenobservedtargetingtheFinancialSector.Thehighvolumeofe-commerceande-bankingtransactionsduringtheHolidaySeasoncouldprovidestateactorsthenecessarydistractiontoobfuscatemoresurreptitiousnetworkexploitation.
*This report is based on open source findings. Therefore, the report is open source intelligence and does not constitute definitive evidence. Information found in the open source cannot necessarily be verified and is presented as intelligence and as additional information to enhance or expand current investigations.
******
![Page 3: STRATISS - Cyber Threat to Financial Sector During 2018 ... · • Web-Application Attacks. According to one network security platform company, web-application attacks are among the](https://reader036.vdocuments.net/reader036/viewer/2022070906/5f76e00c735b2a4dd0655c26/html5/thumbnails/3.jpg)
LookingGlass STRATISS: Confidential |
2
The Holiday Season Theholidayseasoncontinuestobeatimeofincreasedhostileactivitybycybercriminals,particularlyforonlineandbrickandmortarretailersande-commerceservices,butcanincludeactivitiesconductedbystateactorsandhacktivists,aswell.Overthepastyear,retailfraudhasincreased,makingthesectorahigh-valuetarget.iTherefore,itcomesasnosurprisethat,overthesametimeperiod,threatresearchershaveidentifiedasignificantinfluxofretailgoodsforsaleinthecybercriminalunderground.iiHowever,althoughretailersmaybethemajorfocusofcybercriminalsthisholidayseason,othersectors--includingthefinancialsector--remainaconstanttargetfortheseenterprisingindividualsandgroups.
Cyber Threats to Financial Sector over 2018 Holiday Season Thefinancialsectorwritlargeisahigh-profile,potentially-lucrativetargetforthreatactorsatanypointduringtheyear.However,theholidayseason,whichtypicallyhasobservedincreasesinhostilecyberactivity,isacatalystforanescalationofcyberattacksagainstthesector.Enterprisingcybercriminalstakeadvantageofconsumerenthusiasmandatarget-richenvironmentthatincludesincreasedrelianceonmobiletechnologiesasapaymentsystemsplatformtoputthemselvesinafavorablepositionovertheholidays.Cyberthreatsaffectingthefinancialsectorduringtheholidayseasonremainthesameastheonestypicallyfacedbythesectoratanyothertimeoftheyear.AccordingtoVerizon’s2018DataBreachreport,bankingTrojansanddistributeddenial-of-serviceattacksweretheprimarythreatstothefinancialsector.iiiAtthistime,LookingGlassanalystsbelievethatthiswillholdtrueduringtheholidayseasonaswell.Theonenotabledifferenceishowhostileactorswillleverageholiday-relatedthemesasanenticementtotheusersofthetargeteddevices.Thetypeofhostilecyberactivitythatthefinancialsectorpotentiallyfacesduringthe2018HolidaySeasonincludes,butisnotlimitedto:
• DistributedDenial-of-ServiceAttacks(DDoS).DDoSattackshavebeenaweaponthathasbeenhistoricallyleveragedagainstthefinancialsector.Theseattackshavebeenusedbyhacktivistsandsuspectedstateactorsinordertodisruptonlineservices.Also,DDoShasbeenleveragedbyactorsasadiversioninordertoobfuscatemorestealthyoperationsthattypicallyinvolvegainingandmaintainingnetworkaccessand/orstealingsensitivedata.Inthepast,therehasbeensomeevidencesuggestingthatDDoSattacksactuallyincreaseastheholidayseasonapproaches.Onesourcefoundthat,between2014and2015,DDoSattacksincreasedanaverageofnearly150percentbetweensummerandwinter.ivTheconductionofsuchattacksisentirelylinkedtotheintentoftheattackerandmaynotbetelegraphedpriortotheinitiallaunch.
![Page 4: STRATISS - Cyber Threat to Financial Sector During 2018 ... · • Web-Application Attacks. According to one network security platform company, web-application attacks are among the](https://reader036.vdocuments.net/reader036/viewer/2022070906/5f76e00c735b2a4dd0655c26/html5/thumbnails/4.jpg)
LookingGlass STRATISS: Confidential |
3
• Ransomware.Althoughithasbeendecreasinginpopularity,ransomwarehas
shownsignsofbeingmoresophisticatedinitsconstructandmoretargetedinitsdeployment.Often,ransomwareisdeliveredthroughvariousvectors,includingphishingandRemoteDesktopProtocol(RDP).vRDPallowscomputerstoconnecttoeachotheracrossanetwork,anditsversatilityisevidencedinvariantdevelopmentanditsserviceofferings.Cybercriminalsmaytrytotakeadvantageoffinancialsectorinstitutionsbydeployingransomwareovertheholidayseason,atatimewhencustomersmayneedincreasedaccesstofunds.
• Web-ApplicationAttacks.Accordingtoonenetworksecurityplatformcompany,
web-applicationattacksareamongthecommoncyberattackstargetingthefinancialsector.viUltimately,theexpansionofonlineanddigitalservices(toincludemobileapps)hasincreasedtheattacksurface.viiAccordingtothe2017findingsofonecomputersecuritycompany,financewebapplicationswereatgreatestrisk,withanear“100percentoftestedbankingandfinancewebapplicationsbeingsusceptibletohigh-severityvulnerabilities.”viiiPerhapsmoredisconcertingisthat87percentofbankingwebapplicationstestedbythecompanyweresusceptibletoattacksagainstusers.ixBotnetshaveconductedwebapplicationattacks,risingnearly30percentin2017.xTheseattackscanbeexpectedtointensifyduringtheholidayseason.
• BankingTrojans.Duetotheirpopularityandhighsuccessrate,bankingTrojans
remainaweaponofchoiceforhostilecyberactors.Accordingtoaprominentcomputersecuritycompany,bankingTrojanuseincreasedinthesecondquarterof2018(toincludemobilebankingTrojans).xiMoreover,tacticsusedbyhostilecyberactorstodeliverbankingTrojanscontinuetoevolveaswell,adaptingtoandimplementinganytechniquethatcaneffectivelytakeadvantageofauser.WeexpecthostileactorstotakeadvantageoftheholidayseasontodeliverbankingTrojanstounsuspectingtargets.In2017,thePandabankingTrojanwasobservedfocusingonnon-bankingtargetsusinganextensivelistofinjectsclearlydesignedtocapitalizeonholidayshoppingandactivities.xiiSimilarly,in2017,theRamnitbankingTrojanwasextremelyactiveduringtheholidayseason.Peronecompany’sresearchonthesubject,Ramnittargetedsomeofthelargestbanksintheworldandretaile-commercesites.xiii
• ThirdParties.It’salsoworthnotingthatthirdpartiesaresusceptibleto
compromiseandcanbeexploitedasaplatformfromwhichtoattack.The2013Targetbreachisaperfectexampleofhowhostileactorscanleveragethisthird-partyaccesstocompromisethenetworkandenabletheattackerstoexploitvulnerabilitiesinpaymentsystems.
![Page 5: STRATISS - Cyber Threat to Financial Sector During 2018 ... · • Web-Application Attacks. According to one network security platform company, web-application attacks are among the](https://reader036.vdocuments.net/reader036/viewer/2022070906/5f76e00c735b2a4dd0655c26/html5/thumbnails/5.jpg)
LookingGlass STRATISS: Confidential |
4
Cyber Threats to Payment Systems over the 2018 Holiday Season Itshouldcomeasnosurprisethattheholidayseasonisatarget-richenvironmentforcybercriminals,asconsumersrelyone-commerceplatformsande-bankingtomakepurchasesandconductfinancialtransactions.Therearetriedandtruemethodsthathackersimplementtocompromisetheirtargets.Paymentsystemsareaprimetargetforcybercriminalsthroughouttheyear,butperhapsevenmoresoduringtimesofincreasedpurchasingactivitysuchastheholidayseason.Accordingtoonesource,digitalpaymentsareexpectedtohitUSD726billionby2020.xivA2018surveybytheAssociationforFinancialProfessionalsrevealedthatpaymentsfraudsubstantiallyincreasedin2017.xvAccordingtoonesitetrackingpaymentsystemsnews,someofthebiggestsecuritythreatstopaymentsystemsincludethecompromiseofInternet-of-Thingsdevices;over-trustingencryption;cloudunpreparedness;smartersocialengineering/phishing;andthird-partyserviceproviders.xviPoint-of-Salebreachesandwebsiteoutagesaremostthreateningtoretailstores,accordingtoa2017studyconductedbyaninternationalconsultingfirm.xviiExpectedcyberthreatstopaymentsystemsovertheholidayseasoninclude:
• Point-of-Sale(POS)Systems.POSsystemshaveexploitedsomeofthebiggestretailersintheUnitedStates.However,therehasbeensomeimprovementinshoringupPOSsystemsbytighteningupendpointsecurity.Nevertheless,enterprisinghackersalwaysfindwork-arounds;POSisnodifferent.Accordingtoaprominententrepreneurialonlineperiodical,securityresearchersidentifiedapossibleweakpointbetweenaPOSworkstationandastoreserver.SuchaccessopensthedoorforanewbutrathersimplePOSattackvector(note:thiswasdisclosedtoPOSvendors).xviiiSomeofthemoreprominenttypesofPOSmalwareincludeBlackPOS,TreasureHunt,NitlovePOS,PoSeidon,andMalumPOS.xix
o MobilePOScouldprovideaprimetargetforcyberattackers.Accordingtoa
recentreportinanonlinetechmediasource,morethanhalfofthemoreprominentmobilePOSwereidentifiedbythreatresearchersasbeingsusceptibletocyberattacks.Assuch,researchersanalyzedsevencardreadersacrosstheUnitedStatesandEuropefromfourvendors:SumUp,iZettle,PayPal,andSquare.Theresearchersnotedthefollowingattackvectors:xx
§ Twooftheterminals(note:theresearchersdidnotidentifythemanufacturers)haddisplaysthatahostileactorcouldsendcommandstoinordertomanipulateonscreenmessages.The
![Page 6: STRATISS - Cyber Threat to Financial Sector During 2018 ... · • Web-Application Attacks. According to one network security platform company, web-application attacks are among the](https://reader036.vdocuments.net/reader036/viewer/2022070906/5f76e00c735b2a4dd0655c26/html5/thumbnails/6.jpg)
LookingGlass STRATISS: Confidential |
5
researchersnotedthatthisvectorwouldfacilitatesocialengineeringtoenticethevictimtouselesssecurepaymentoptions.
§ Researchersalsorevealedthatman-in-the-middleattackscouldbelaunchedusingBluetoothaccesstointerceptHTTPStraffictransmittedfromthemobileapplicationtothepaymentserver.Theyfoundfiveterminalsvulnerabletothisattackvector,althoughtheydidpointoutthatitonlyworkedformag-stripetransactions.
§ Finally,researchersfoundtwoterminalsthatcouldbeexploitedviaremotecodeexecution.Thisvectorwouldprovideattackersaccesstotheterminals’operatingsystems.
• MobileDevicesarePrimeTargets.Wefullyexpecthostileactorstoaggressively
targetmobiledevices.Accordingtoonecomputersecuritycompany,inthethirdquarterof2017,mobiletransactionsovertookthedesktopforthefirsttime.xxiAccordingto2017studybyaU.S.marketingresearchcompany,smartphonesareexpectedtobeusedinmorethanonethird(USD1trillion)oftotalU.S.retailsalesatsomepointin2018.xxiiAccordingtodatafromGoogleAnalyticsfromJunetoSeptember2017,over40percentofonlinetransactionsweremadeonmobiledevices.xxiii
• Web-ApplicationAttacks.AccordingtoVerizon’sDataBreachreport,web-
applicationattacksweretheprimarythreattotheretailsector,alongwithcardskimmers.xxivPerthereport,approximatelyonethirdofallconfirmedbreachesinretailinvolvedawebapplication,includingOScommanding,SQLinjection,andtheuseofstolencredentialstocompromisethesystem.
• Skimming.InadditiontoPOSmalware,skimmersplacedonPOSterminalswillremainaconsistentthreatin2018.Thesedevicesareabletoreadthecardnumberandpincodewhencustomerspaywithacreditordebitcard.
A Look Back at the 2017 Holiday Season Cyber Crime In2017,therewasasubstantialamountoffraudactivityassociatedwithholidayshopping.Accordingtoonecomputersecuritycompany,betweenThanksgivingDayandDecember31,2017,thenumberofe-commercetransactionsgrewby19percentcomparedtothesamedatesin2016,andfraudattemptsincreasedby22percent.xxvThecomputersecuritycompanyprovidedthefollowingdatainitsreport:
![Page 7: STRATISS - Cyber Threat to Financial Sector During 2018 ... · • Web-Application Attacks. According to one network security platform company, web-application attacks are among the](https://reader036.vdocuments.net/reader036/viewer/2022070906/5f76e00c735b2a4dd0655c26/html5/thumbnails/7.jpg)
LookingGlass STRATISS: Confidential |
6
• ThanksgivingDayrankedhighestinfraudattempts,followedbyChristmasEve.Thecompanystressedthatthetrendsdrivingthesepeaksincludedshipmentcut-off,consumertraffic,andonlinepick-up-in-storetransactions.
o Toprovideperspective,thecompanysuppliedthefollowinginformationincomparison:In2017,oneoutofevery85transactionswasafraudulentattempt.In2016,oneoutofevery97transactionswasafraudulentattempt.In2015,oneoutofevery109transactionswasafraudulentattempt.
• TheaveragepriceofattemptedfraudtransactionsoverthecourseoftheentireholidayseasonwasUSD227.
• ThevolumeoftotalpurchasesrecordedduringtheJanuary-October2017period
increasedby14percent.Anothercomputersecuritycompany’sresearchwasconsistentwiththesefindings.Accordingtotheirresults,251millionfraudattemptswereobservedduringthefourthquarterof2017,a113percentincreasefromthepastyear.ThecompanyalsofoundthatasignificantportionofthisactivitycamefromRussia.xxviInthefirstquarterof2018,cyberfraudratesremainedalarminglyhighintothenewyear,totalingapproximatelyUSD150millionduringQ12018,anotable88percentincreaseoverthesameperiodthepreviousyear.xxviiWithregardstothefinancialsector,one2017studyfoundthatfinancialmalwareassociatedwithbreachesincreasedalmost25percent.Additionally,duringthe2016holidayseason,30typesofbankingTrojanswereinvolvedinactivityresultinginapproximatelyUSD6.9billioninonlinepaymentfrauds.xxviiiForsomebusinesses,“CyberMonday”isanextremelylucrativetimeforconsumerpatronage.Accordingtoonetechnologysource,2017CyberMondaygeneratedUSD2.2billioninsales.xxixHowever,perthesamesource,cybercrimekeptpacewiththebusyconsumerism.Phishinglinksincreased336percentoverThanksgiving,andmorethan30millionmaliciouslinksweretransmittedviasocialmediadaily.Perthesource’sfindings,themostcommonattacksduringthisperiodwere:
• Spearphishing.Hackerssentprofessional-lookinge-mailsand/orbuiltfakelandingpagestoenticevictimstoprovidetheirsensitiveinformationand/orcredentials.
• HashtagHijacking.Hackersusedtrendinghashtagstogainawideraudienceof
prospectivevictimstospreadmaliciouslinks,spam,etc.
• Clickbaiting.Hackerspostedanenticingheadlinelinkonasocialmediaaccount(e.g.,agooddeal)toenticevictimstoclickonit.
![Page 8: STRATISS - Cyber Threat to Financial Sector During 2018 ... · • Web-Application Attacks. According to one network security platform company, web-application attacks are among the](https://reader036.vdocuments.net/reader036/viewer/2022070906/5f76e00c735b2a4dd0655c26/html5/thumbnails/8.jpg)
LookingGlass STRATISS: Confidential |
7
Accordingtoanothersourcethattrackse-commerce,onBlackFridayin2017,desktopfraudattacksincreasedataratetwotimesgreaterthansalesgrowth;therewasalsoa334percentincreaseinmobileappfraudattacksanda13percentincreaseinmobilebrowserfraudattacks.OnCyberMondayin2017,thesourcefounda36percentincreaseindesktopattacks(aratethreetimesgreaterthansalesgrowth),a301percentincreaseinmobileappfraudattacks,anda27percentincreaseinmobilebrowserfraudattacks.xxx
The Cyber Threat Actor Landscape ThecyberthreatactorlandscapeiscomposedofavarietyofhostileactorswithdiversemotivationsfortargetingtheUnitedStates’financialsector.States,hacktivists,terrorists,andcybercriminalsaretheprimaryactorsthathavetheintent,motivation,andmeanstoconductremotecyberattacksagainstentitiesinthefinancialsectorecosystem.Thefollowingactortypesmakeupthecyberthreatactorlandscape:
Figure1.ThreatActorsandMotivations
(source:https://www.belfercenter.org/publication/state-and-local-election-cybersecurity-playbook)
• CyberCriminals.Cybercriminalsrunthegamutofsophistication,rangingfrom
rudimentarytoverysophisticatedandmayworkindividuallyoringroupsofvarioussizes.Thespanofoperationsisasdiverseastheactorsthemselves,withtargetsrangingfromindividualstobusinessestohealthcareorganizationstofinancialinstitutions.Nooneisimmunefromtheseactors.
![Page 9: STRATISS - Cyber Threat to Financial Sector During 2018 ... · • Web-Application Attacks. According to one network security platform company, web-application attacks are among the](https://reader036.vdocuments.net/reader036/viewer/2022070906/5f76e00c735b2a4dd0655c26/html5/thumbnails/9.jpg)
LookingGlass STRATISS: Confidential |
8
• Hacktivists.Theseactors/groupsareoftenmotivatedbypolitical,ideological,nationalistic,economic,social,orreligiousmotivations.TypicalhacktivistoperationshaveincludedDDoSattacks,webpagedefacements,doxing,andtheftofsensitiveinformation.
• NationStates/State-SponsoredActors.Theseactorsreceivedirection,funding,or
technicalassistancefromanation-statetoadvancethatnation’sparticularinterests.InthewakeofsuspectedNorthKoreaninvolvementintargetingglobalbanksandcryptocurrencyexchanges,it’simportantnottodiscountstateactivityduringtheholidayseasonagainstthefinancialsector.Additionally,suspectedstateactorsmayhavebeenresponsiblefortheOperationAbabilDDoSattacksthattranspiredin2012targetingU.S.financialinstitutions.
Conclusion Everyyear,theHolidaySeasondrawsconsiderableattentionfromcybercriminalsthattargetindividualsandorganizationsinordertostealmoneyand/orfinancialinformation.Whileretailentitiesarehigh-valueforthesefinancially-motivatedactors,anyentitythatprocessesfinancialtransactionsissusceptibletoexploitationattempts.Duetothenatureofitsoperations,LookingGlassanalystsbelievethatthefinancialsectorisapotentialtargetduringthe2018HolidaySeasonaswell.Whilecybercriminalsremaintheprimaryactorthreat,cyberespionage-relatedgroupsandhacktivistscanalsoleveragethedistractionoftheholidaystoconducttheiroperations.Withcybercriminalsgarneringthemajorityoftheattentionduringthisperiod,cyberespionageactorsmaytakethetimetoconductmoresurreptitiousexploitationeffortsagainsttheirtargets.Hacktivists–largelydrivenbytheirpolitical/ideological/religious/economic/nationalisticagendas–canusetheholidaystolaunchdisruptiveattackstodrawattentiontotheircauses.InformationCut-offDate:October25,2018
![Page 10: STRATISS - Cyber Threat to Financial Sector During 2018 ... · • Web-Application Attacks. According to one network security platform company, web-application attacks are among the](https://reader036.vdocuments.net/reader036/viewer/2022070906/5f76e00c735b2a4dd0655c26/html5/thumbnails/10.jpg)
LookingGlass STRATISS: Confidential |
9
Traffic-Light Protocol for Information Dissemination Color WhenShouldItBeUsed? HowMayItBeShared
RED
SourcesmayuseTLP:REDwheninformationcannotbeeffectivelyacteduponbyadditionalparties,andcouldleadtoimpactsonaparty’sprivacy,reputation,oroperationsifmisused.
RecipientsmaynotshareTLP:REDwithanypartiesoutsideofthespecificexchange,meeting,orconversationinwhichitisoriginallydisclosed.
AMBER
SourcesmayusetheTLP:AMBERwheninformationrequiressupporttobeeffectivelyacteduponbutcarriestheriskstoprivacy,reputation,oroperationsifsharedoutsideoftheorganizationsinvolved.
RecipientsmayonlyshareTLP:AMBERinformationwithmembersoftheirownorganization,andonlyaswidelyasnecessarytoactonthatinformation.
GREEN
SourcesmayuseTLP:GREENwheninformationisusefulfortheawarenessofallparticipatingorganizationsaswellaswithpeerswithinthebroadercommunityorsector.
RecipientsmayshareTLP:GREENinformationwithpeersandpartnerorganizationswithintheirsectororcommunity,butnotviapubliclyaccessiblechannels.
WHITE
SourcesmayuseTLP:WHITEwheninformationcarriesminimalornoriskofmisuse,inaccordancewithapplicablerulesandproceduresforpublicrelease.
TLP:WHITEinformationmaybedistributedwithoutrestriction,subjecttocopyrightcontrols.
![Page 11: STRATISS - Cyber Threat to Financial Sector During 2018 ... · • Web-Application Attacks. According to one network security platform company, web-application attacks are among the](https://reader036.vdocuments.net/reader036/viewer/2022070906/5f76e00c735b2a4dd0655c26/html5/thumbnails/11.jpg)
LookingGlass STRATISS: Confidential |
10
A Note on Estimative Language Estimativelanguageisusedinordertoconveyanassessedlikelihoodorprobabilityofanevent,aswellasthelevelofconfidenceascribedtoajudgment.Assessmentsarebasedoncollectedinformation(whichisoftenincomplete),aswellaslogic,argumentation,andprecedents.Confidencelevelsprovideassessmentsofthequalityandquantityofthesourceinformationthatsupportsjudgments. None Low Moderate High Complete0-10% 11-49% 50-79% 80-99% 100%
• Complete:Totallyreliableandcorroboratedinformationwithnoassumptionsandclear,undisputedreasoning.
• High:Wellcorroboratedinformationfrommultipleprovensources,extensive
databases,and/oradeephistoricalunderstandingoftheissue.Thereareminimalassumptionspresent.Theanalyticreasoningisdominatedbylogicalinferencesdevelopedthroughestablishedmethodologyormultipleanalytictechniques.Highconfidencedoesnotimplyanassessmentisfactoracertainty.
• Moderate:Partiallycorroboratedinformationfromsufficientqualitysources(amix
ofprovenandunprovensources)withsomedatabasesand/orhistoricalunderstandingoftheissue.Thereareassumptionspresent,ofwhichsomeshouldbecrucialtotheanalysis.Reasoningisamixtureofstrongandweakinferencesdevelopedthroughsimpleanalytictechniquesoranestablishedmethodology.
• Low:Uncorroboratedinformationfromgoodormarginalsources(mixofsemi-
provenandunprovensources)withminimaldatabaseorhistoricalunderstandingoftheissue.Therearemanyassumptionscriticaltotheanalysis.Reasoningisdominatedbyweakinferencesthroughfewanalytictechniques.
• None:Thereisnodirectinformationorpartiallycorroboratedinformationto
supportanalyticassessmentsorjudgments,oritisexploratoryanalysis.
![Page 12: STRATISS - Cyber Threat to Financial Sector During 2018 ... · • Web-Application Attacks. According to one network security platform company, web-application attacks are among the](https://reader036.vdocuments.net/reader036/viewer/2022070906/5f76e00c735b2a4dd0655c26/html5/thumbnails/12.jpg)
LookingGlass STRATISS: Confidential |
11
Source and Information Reliability Source Rating DescriptionA Reliable Nodoubtaboutthesource'sauthenticity,trustworthiness,or
competency.Historyofcompletereliability.B UsuallyReliable Minordoubts.Historyofmostlyvalidinformation.C FairlyReliable Doubts.Providedvalidinformationinthepast.D NotUsuallyReliable Significantdoubts.Providedvalidinformationinthepast.E Unreliable Lacksauthenticity,trustworthiness,andcompetency.Historyof
invalidinformation.F Can’tBeJudged Insufficientinformationtoevaluatereliability.Mayormaynotbe
reliable.Information Rating Description1 Confirmed Logical,consistentwithotherrelevantinformation,confirmedby
independentsources.2 ProbablyTrue Logical,consistentwithotherrelevantinformation,notconfirmed
byindependentsources.3 PossiblyTrue Reasonablylogical,agreeswithsomerelevantinformation,not
confirmed.4 DoubtfullyTrue Notlogicalbutpossible,nootherinformationonthesubject,not
confirmed.5 Improbable Notlogical,contradictedbyotherrelevantinformation.6 Can’tBeJudged Thevalidityoftheinformationcannotbedetermined.
![Page 13: STRATISS - Cyber Threat to Financial Sector During 2018 ... · • Web-Application Attacks. According to one network security platform company, web-application attacks are among the](https://reader036.vdocuments.net/reader036/viewer/2022070906/5f76e00c735b2a4dd0655c26/html5/thumbnails/13.jpg)
LookingGlass STRATISS: Confidential |
12
ihttps://www.darkreading.com/vulnerabilities---threats/retail-fraud-spikes-ahead-of-the-holidays/d/d-id/1333130iiIbid.iiihttps://www.calyptix.com/top-threats/top-causes-of-data-breaches-by-industry-2018-verizon-dbir/ivhttps://www.security.neustar/blog/-tis-the-season-for-ddos-attacksvhttps://www.itproportal.com/features/the-four-most-popular-methods-hackers-use-to-spread-ransomware/vihttps://www.lanner-america.com/blog/5-cyber-threats-currently-faced-financial-sector/viiIbid.viiihttps://www.finance-monthly.com/2018/05/banking-finance-were-the-most-vulnerable-web-applications-in-2017/ixIbid.xhttps://www.businesstimes.com.sg/technology/study-finds-rise-in-web-malware-attacks-merchants-more-vulnerable-during-holiday-seasonxihttps://www.securitynow.com/author.asp?section_id=715&doc_id=745218xiihttps://www.proofpoint.com/us/threat-insight/post/zeus-panda-banking-trojan-targets-online-holiday-shoppersxiiihttps://www.f5.com/labs/articles/threat-intelligence/ramnit-goes-on-a-holiday-shopping-spree-targeting-retailers-and-banksxivhttp://www.paymentsjournal.com/payments-and-cybersecurity-why-automating-threat-breach-response-is-critical/xvhttps://www.afponline.org/trends-topics/topics/articles/Details/afp-survey-payments-fraud-hits-record-high-of-78xvihttps://www.aciworldwide.com/insights/expert-view/2018/april/12-biggest-security-threats-to-paymentsxviixviihttps://www.retaildive.com/news/tis-the-season-for-retail-security-threats/510084/xviiihttps://www.forbes.com/sites/forbestechcouncil/2017/09/27/the-vulnerabilities-of-a-pos-system/#3f6dfd384b58xixhttps://digitalguardian.com/blog/what-point-sale-pos-malware-how-it-works-and-how-protect-your-pos-systemxxhttps://threatpost.com/square-paypal-pos-hardware-open-to-multiple-attack-vectors/138681/xxihttps://www.threatmetrix.com/digital-identity-blog/cybercrime/cybercrime-report-five-predictions-holiday-2017/xxiihttps://www.adweek.com/digital/mobile-shopping-is-on-the-rise-but-remains-split-between-the-mobile-web-and-apps/xxiiiIbid.xxivhttps://www.calyptix.com/top-threats/top-causes-of-data-breaches-by-industry-2018-verizon-dbir/xxvhttps://www.securitymagazine.com/articles/88637-online-fraud-increases-22-during-holiday-seasonxxvihttps://www.cutimes.com/2018/02/08/e-commerce-cyberattacks-grow-during-2017-holiday-s/xxviihttps://www.threatmetrix.com/digital-identity-blog/cybercrime/cybercrime-report-reveals-surge-in-ecommerce-fraud-attacks/xxviiihttp://www.myteltek.com/blog/2018/10/protecting-your-business-from-cyber-security-issues-during-the-holidays/xxixhttps://www.zerofox.com/blog/cyber-monday-breeds-cyber-crime-infographic/xxxhttps://www.kount.com/blog-against-fraud/comparing-2016-and-2017-holidays-trends-in-naughty-and-nice