Cyber Threats to Financial Sector During 2018 Holiday Season

PRODUCED NOVEMBER 7, 2018

LOOKINGGLASS CYBER SOLUTIONS

THREAT ANALYSIS AND INVESTIGATIONS UNIT

LookingGlass STRATISS: Confidential |

1

Overall Report Distribution is TLP: GREEN Overall Source/Information Reliability: B2

Executive Summary Theholidayseasonhashistoricallyattractedcybercriminalstoconductoperationsdesignedtostealmoneyandothersensitivefinancialinformation,andthe2018seasonshouldbenodifferent.Theexcitementoftheseasoncoupledwiththevolumeofe-commerceande-bankingtransactionsthatoccursduringthisperiodprovidesampleopportunitiesforhostileactors.WhiletheRetailSectorwillremainthemaintargetforenterprisingcybercriminalsduringthe2018holidayseason,theFinancialSectorcontinuestobehigh-profileinitsownright.NotonlyhastheFinancialSectorbeentargetedbycybercriminals,suspectedstateactorsandhacktivistshavealldirectedtheirattentionagainstinstitutionsinthisindustryatonetimeoranother.Moreover,stateactorscantakeadvantageofthedistractionsassociatedwiththeholidayseasontoconductstealthyoperationsagainstthissector,whilehacktivistscouldusethepublicitysurroundingtheseasontolaunchattacksdesignedtodrawattentiontotheircauses.

Key Points

• Theholidayseasonpresentsaprimeopportunityforhostilecyberactorstoconductoperationsthatsupporttheirobjectives.Typically,thistimeperiodsolicitsincreasedattentionfromcybercriminalsintentonstealingmoneyorfinancialinformation.Assuch,LookingGlassanalystsexpectthattheRetailSectorwillremaintheprimaryindustrytargeted.

• PaymentsystemsareavaluedtargetduringtheHolidaySeason;assuch,any

organization-regardlessofitssector-thatusesthemtosupporttheirbusinessoperationsisapotentialtargetforcybercriminals.

• TheFinancialSectorisayear-round,high-profiletargetforactorsinthecyber

threatlandscape.Cybercriminals,suspectedstateactors,andhacktivistgroupshavebeenobservedtargetingtheFinancialSector.Thehighvolumeofe-commerceande-bankingtransactionsduringtheHolidaySeasoncouldprovidestateactorsthenecessarydistractiontoobfuscatemoresurreptitiousnetworkexploitation.

*This report is based on open source findings. Therefore, the report is open source intelligence and does not constitute definitive evidence. Information found in the open source cannot necessarily be verified and is presented as intelligence and as additional information to enhance or expand current investigations.

******

LookingGlass STRATISS: Confidential |

2

The Holiday Season Theholidayseasoncontinuestobeatimeofincreasedhostileactivitybycybercriminals,particularlyforonlineandbrickandmortarretailersande-commerceservices,butcanincludeactivitiesconductedbystateactorsandhacktivists,aswell.Overthepastyear,retailfraudhasincreased,makingthesectorahigh-valuetarget.iTherefore,itcomesasnosurprisethat,overthesametimeperiod,threatresearchershaveidentifiedasignificantinfluxofretailgoodsforsaleinthecybercriminalunderground.iiHowever,althoughretailersmaybethemajorfocusofcybercriminalsthisholidayseason,othersectors--includingthefinancialsector--remainaconstanttargetfortheseenterprisingindividualsandgroups.

Cyber Threats to Financial Sector over 2018 Holiday Season Thefinancialsectorwritlargeisahigh-profile,potentially-lucrativetargetforthreatactorsatanypointduringtheyear.However,theholidayseason,whichtypicallyhasobservedincreasesinhostilecyberactivity,isacatalystforanescalationofcyberattacksagainstthesector.Enterprisingcybercriminalstakeadvantageofconsumerenthusiasmandatarget-richenvironmentthatincludesincreasedrelianceonmobiletechnologiesasapaymentsystemsplatformtoputthemselvesinafavorablepositionovertheholidays.Cyberthreatsaffectingthefinancialsectorduringtheholidayseasonremainthesameastheonestypicallyfacedbythesectoratanyothertimeoftheyear.AccordingtoVerizon’s2018DataBreachreport,bankingTrojansanddistributeddenial-of-serviceattacksweretheprimarythreatstothefinancialsector.iiiAtthistime,LookingGlassanalystsbelievethatthiswillholdtrueduringtheholidayseasonaswell.Theonenotabledifferenceishowhostileactorswillleverageholiday-relatedthemesasanenticementtotheusersofthetargeteddevices.Thetypeofhostilecyberactivitythatthefinancialsectorpotentiallyfacesduringthe2018HolidaySeasonincludes,butisnotlimitedto:

• DistributedDenial-of-ServiceAttacks(DDoS).DDoSattackshavebeenaweaponthathasbeenhistoricallyleveragedagainstthefinancialsector.Theseattackshavebeenusedbyhacktivistsandsuspectedstateactorsinordertodisruptonlineservices.Also,DDoShasbeenleveragedbyactorsasadiversioninordertoobfuscatemorestealthyoperationsthattypicallyinvolvegainingandmaintainingnetworkaccessand/orstealingsensitivedata.Inthepast,therehasbeensomeevidencesuggestingthatDDoSattacksactuallyincreaseastheholidayseasonapproaches.Onesourcefoundthat,between2014and2015,DDoSattacksincreasedanaverageofnearly150percentbetweensummerandwinter.ivTheconductionofsuchattacksisentirelylinkedtotheintentoftheattackerandmaynotbetelegraphedpriortotheinitiallaunch.

LookingGlass STRATISS: Confidential |

3

• Ransomware.Althoughithasbeendecreasinginpopularity,ransomwarehas

shownsignsofbeingmoresophisticatedinitsconstructandmoretargetedinitsdeployment.Often,ransomwareisdeliveredthroughvariousvectors,includingphishingandRemoteDesktopProtocol(RDP).vRDPallowscomputerstoconnecttoeachotheracrossanetwork,anditsversatilityisevidencedinvariantdevelopmentanditsserviceofferings.Cybercriminalsmaytrytotakeadvantageoffinancialsectorinstitutionsbydeployingransomwareovertheholidayseason,atatimewhencustomersmayneedincreasedaccesstofunds.

• Web-ApplicationAttacks.Accordingtoonenetworksecurityplatformcompany,

web-applicationattacksareamongthecommoncyberattackstargetingthefinancialsector.viUltimately,theexpansionofonlineanddigitalservices(toincludemobileapps)hasincreasedtheattacksurface.viiAccordingtothe2017findingsofonecomputersecuritycompany,financewebapplicationswereatgreatestrisk,withanear“100percentoftestedbankingandfinancewebapplicationsbeingsusceptibletohigh-severityvulnerabilities.”viiiPerhapsmoredisconcertingisthat87percentofbankingwebapplicationstestedbythecompanyweresusceptibletoattacksagainstusers.ixBotnetshaveconductedwebapplicationattacks,risingnearly30percentin2017.xTheseattackscanbeexpectedtointensifyduringtheholidayseason.

• BankingTrojans.Duetotheirpopularityandhighsuccessrate,bankingTrojans

remainaweaponofchoiceforhostilecyberactors.Accordingtoaprominentcomputersecuritycompany,bankingTrojanuseincreasedinthesecondquarterof2018(toincludemobilebankingTrojans).xiMoreover,tacticsusedbyhostilecyberactorstodeliverbankingTrojanscontinuetoevolveaswell,adaptingtoandimplementinganytechniquethatcaneffectivelytakeadvantageofauser.WeexpecthostileactorstotakeadvantageoftheholidayseasontodeliverbankingTrojanstounsuspectingtargets.In2017,thePandabankingTrojanwasobservedfocusingonnon-bankingtargetsusinganextensivelistofinjectsclearlydesignedtocapitalizeonholidayshoppingandactivities.xiiSimilarly,in2017,theRamnitbankingTrojanwasextremelyactiveduringtheholidayseason.Peronecompany’sresearchonthesubject,Ramnittargetedsomeofthelargestbanksintheworldandretaile-commercesites.xiii

• ThirdParties.It’salsoworthnotingthatthirdpartiesaresusceptibleto

compromiseandcanbeexploitedasaplatformfromwhichtoattack.The2013Targetbreachisaperfectexampleofhowhostileactorscanleveragethisthird-partyaccesstocompromisethenetworkandenabletheattackerstoexploitvulnerabilitiesinpaymentsystems.

LookingGlass STRATISS: Confidential |

4

Cyber Threats to Payment Systems over the 2018 Holiday Season Itshouldcomeasnosurprisethattheholidayseasonisatarget-richenvironmentforcybercriminals,asconsumersrelyone-commerceplatformsande-bankingtomakepurchasesandconductfinancialtransactions.Therearetriedandtruemethodsthathackersimplementtocompromisetheirtargets.Paymentsystemsareaprimetargetforcybercriminalsthroughouttheyear,butperhapsevenmoresoduringtimesofincreasedpurchasingactivitysuchastheholidayseason.Accordingtoonesource,digitalpaymentsareexpectedtohitUSD726billionby2020.xivA2018surveybytheAssociationforFinancialProfessionalsrevealedthatpaymentsfraudsubstantiallyincreasedin2017.xvAccordingtoonesitetrackingpaymentsystemsnews,someofthebiggestsecuritythreatstopaymentsystemsincludethecompromiseofInternet-of-Thingsdevices;over-trustingencryption;cloudunpreparedness;smartersocialengineering/phishing;andthird-partyserviceproviders.xviPoint-of-Salebreachesandwebsiteoutagesaremostthreateningtoretailstores,accordingtoa2017studyconductedbyaninternationalconsultingfirm.xviiExpectedcyberthreatstopaymentsystemsovertheholidayseasoninclude:

• Point-of-Sale(POS)Systems.POSsystemshaveexploitedsomeofthebiggestretailersintheUnitedStates.However,therehasbeensomeimprovementinshoringupPOSsystemsbytighteningupendpointsecurity.Nevertheless,enterprisinghackersalwaysfindwork-arounds;POSisnodifferent.Accordingtoaprominententrepreneurialonlineperiodical,securityresearchersidentifiedapossibleweakpointbetweenaPOSworkstationandastoreserver.SuchaccessopensthedoorforanewbutrathersimplePOSattackvector(note:thiswasdisclosedtoPOSvendors).xviiiSomeofthemoreprominenttypesofPOSmalwareincludeBlackPOS,TreasureHunt,NitlovePOS,PoSeidon,andMalumPOS.xix

o MobilePOScouldprovideaprimetargetforcyberattackers.Accordingtoa

recentreportinanonlinetechmediasource,morethanhalfofthemoreprominentmobilePOSwereidentifiedbythreatresearchersasbeingsusceptibletocyberattacks.Assuch,researchersanalyzedsevencardreadersacrosstheUnitedStatesandEuropefromfourvendors:SumUp,iZettle,PayPal,andSquare.Theresearchersnotedthefollowingattackvectors:xx

§ Twooftheterminals(note:theresearchersdidnotidentifythemanufacturers)haddisplaysthatahostileactorcouldsendcommandstoinordertomanipulateonscreenmessages.The

LookingGlass STRATISS: Confidential |

5

researchersnotedthatthisvectorwouldfacilitatesocialengineeringtoenticethevictimtouselesssecurepaymentoptions.

§ Researchersalsorevealedthatman-in-the-middleattackscouldbelaunchedusingBluetoothaccesstointerceptHTTPStraffictransmittedfromthemobileapplicationtothepaymentserver.Theyfoundfiveterminalsvulnerabletothisattackvector,althoughtheydidpointoutthatitonlyworkedformag-stripetransactions.

§ Finally,researchersfoundtwoterminalsthatcouldbeexploitedviaremotecodeexecution.Thisvectorwouldprovideattackersaccesstotheterminals’operatingsystems.

• MobileDevicesarePrimeTargets.Wefullyexpecthostileactorstoaggressively

targetmobiledevices.Accordingtoonecomputersecuritycompany,inthethirdquarterof2017,mobiletransactionsovertookthedesktopforthefirsttime.xxiAccordingto2017studybyaU.S.marketingresearchcompany,smartphonesareexpectedtobeusedinmorethanonethird(USD1trillion)oftotalU.S.retailsalesatsomepointin2018.xxiiAccordingtodatafromGoogleAnalyticsfromJunetoSeptember2017,over40percentofonlinetransactionsweremadeonmobiledevices.xxiii

• Web-ApplicationAttacks.AccordingtoVerizon’sDataBreachreport,web-

applicationattacksweretheprimarythreattotheretailsector,alongwithcardskimmers.xxivPerthereport,approximatelyonethirdofallconfirmedbreachesinretailinvolvedawebapplication,includingOScommanding,SQLinjection,andtheuseofstolencredentialstocompromisethesystem.

• Skimming.InadditiontoPOSmalware,skimmersplacedonPOSterminalswillremainaconsistentthreatin2018.Thesedevicesareabletoreadthecardnumberandpincodewhencustomerspaywithacreditordebitcard.

A Look Back at the 2017 Holiday Season Cyber Crime In2017,therewasasubstantialamountoffraudactivityassociatedwithholidayshopping.Accordingtoonecomputersecuritycompany,betweenThanksgivingDayandDecember31,2017,thenumberofe-commercetransactionsgrewby19percentcomparedtothesamedatesin2016,andfraudattemptsincreasedby22percent.xxvThecomputersecuritycompanyprovidedthefollowingdatainitsreport:

LookingGlass STRATISS: Confidential |

6

• ThanksgivingDayrankedhighestinfraudattempts,followedbyChristmasEve.Thecompanystressedthatthetrendsdrivingthesepeaksincludedshipmentcut-off,consumertraffic,andonlinepick-up-in-storetransactions.

o Toprovideperspective,thecompanysuppliedthefollowinginformationincomparison:In2017,oneoutofevery85transactionswasafraudulentattempt.In2016,oneoutofevery97transactionswasafraudulentattempt.In2015,oneoutofevery109transactionswasafraudulentattempt.

• TheaveragepriceofattemptedfraudtransactionsoverthecourseoftheentireholidayseasonwasUSD227.

• ThevolumeoftotalpurchasesrecordedduringtheJanuary-October2017period

increasedby14percent.Anothercomputersecuritycompany’sresearchwasconsistentwiththesefindings.Accordingtotheirresults,251millionfraudattemptswereobservedduringthefourthquarterof2017,a113percentincreasefromthepastyear.ThecompanyalsofoundthatasignificantportionofthisactivitycamefromRussia.xxviInthefirstquarterof2018,cyberfraudratesremainedalarminglyhighintothenewyear,totalingapproximatelyUSD150millionduringQ12018,anotable88percentincreaseoverthesameperiodthepreviousyear.xxviiWithregardstothefinancialsector,one2017studyfoundthatfinancialmalwareassociatedwithbreachesincreasedalmost25percent.Additionally,duringthe2016holidayseason,30typesofbankingTrojanswereinvolvedinactivityresultinginapproximatelyUSD6.9billioninonlinepaymentfrauds.xxviiiForsomebusinesses,“CyberMonday”isanextremelylucrativetimeforconsumerpatronage.Accordingtoonetechnologysource,2017CyberMondaygeneratedUSD2.2billioninsales.xxixHowever,perthesamesource,cybercrimekeptpacewiththebusyconsumerism.Phishinglinksincreased336percentoverThanksgiving,andmorethan30millionmaliciouslinksweretransmittedviasocialmediadaily.Perthesource’sfindings,themostcommonattacksduringthisperiodwere:

• Spearphishing.Hackerssentprofessional-lookinge-mailsand/orbuiltfakelandingpagestoenticevictimstoprovidetheirsensitiveinformationand/orcredentials.

• HashtagHijacking.Hackersusedtrendinghashtagstogainawideraudienceof

prospectivevictimstospreadmaliciouslinks,spam,etc.

• Clickbaiting.Hackerspostedanenticingheadlinelinkonasocialmediaaccount(e.g.,agooddeal)toenticevictimstoclickonit.

LookingGlass STRATISS: Confidential |

7

Accordingtoanothersourcethattrackse-commerce,onBlackFridayin2017,desktopfraudattacksincreasedataratetwotimesgreaterthansalesgrowth;therewasalsoa334percentincreaseinmobileappfraudattacksanda13percentincreaseinmobilebrowserfraudattacks.OnCyberMondayin2017,thesourcefounda36percentincreaseindesktopattacks(aratethreetimesgreaterthansalesgrowth),a301percentincreaseinmobileappfraudattacks,anda27percentincreaseinmobilebrowserfraudattacks.xxx

The Cyber Threat Actor Landscape ThecyberthreatactorlandscapeiscomposedofavarietyofhostileactorswithdiversemotivationsfortargetingtheUnitedStates’financialsector.States,hacktivists,terrorists,andcybercriminalsaretheprimaryactorsthathavetheintent,motivation,andmeanstoconductremotecyberattacksagainstentitiesinthefinancialsectorecosystem.Thefollowingactortypesmakeupthecyberthreatactorlandscape:

Figure1.ThreatActorsandMotivations

(source:https://www.belfercenter.org/publication/state-and-local-election-cybersecurity-playbook)

• CyberCriminals.Cybercriminalsrunthegamutofsophistication,rangingfrom

rudimentarytoverysophisticatedandmayworkindividuallyoringroupsofvarioussizes.Thespanofoperationsisasdiverseastheactorsthemselves,withtargetsrangingfromindividualstobusinessestohealthcareorganizationstofinancialinstitutions.Nooneisimmunefromtheseactors.

LookingGlass STRATISS: Confidential |

8

• Hacktivists.Theseactors/groupsareoftenmotivatedbypolitical,ideological,nationalistic,economic,social,orreligiousmotivations.TypicalhacktivistoperationshaveincludedDDoSattacks,webpagedefacements,doxing,andtheftofsensitiveinformation.

• NationStates/State-SponsoredActors.Theseactorsreceivedirection,funding,or

technicalassistancefromanation-statetoadvancethatnation’sparticularinterests.InthewakeofsuspectedNorthKoreaninvolvementintargetingglobalbanksandcryptocurrencyexchanges,it’simportantnottodiscountstateactivityduringtheholidayseasonagainstthefinancialsector.Additionally,suspectedstateactorsmayhavebeenresponsiblefortheOperationAbabilDDoSattacksthattranspiredin2012targetingU.S.financialinstitutions.

Conclusion Everyyear,theHolidaySeasondrawsconsiderableattentionfromcybercriminalsthattargetindividualsandorganizationsinordertostealmoneyand/orfinancialinformation.Whileretailentitiesarehigh-valueforthesefinancially-motivatedactors,anyentitythatprocessesfinancialtransactionsissusceptibletoexploitationattempts.Duetothenatureofitsoperations,LookingGlassanalystsbelievethatthefinancialsectorisapotentialtargetduringthe2018HolidaySeasonaswell.Whilecybercriminalsremaintheprimaryactorthreat,cyberespionage-relatedgroupsandhacktivistscanalsoleveragethedistractionoftheholidaystoconducttheiroperations.Withcybercriminalsgarneringthemajorityoftheattentionduringthisperiod,cyberespionageactorsmaytakethetimetoconductmoresurreptitiousexploitationeffortsagainsttheirtargets.Hacktivists–largelydrivenbytheirpolitical/ideological/religious/economic/nationalisticagendas–canusetheholidaystolaunchdisruptiveattackstodrawattentiontotheircauses.InformationCut-offDate:October25,2018

LookingGlass STRATISS: Confidential |

9

Traffic-Light Protocol for Information Dissemination Color WhenShouldItBeUsed? HowMayItBeShared

RED

SourcesmayuseTLP:REDwheninformationcannotbeeffectivelyacteduponbyadditionalparties,andcouldleadtoimpactsonaparty’sprivacy,reputation,oroperationsifmisused.

RecipientsmaynotshareTLP:REDwithanypartiesoutsideofthespecificexchange,meeting,orconversationinwhichitisoriginallydisclosed.

AMBER

SourcesmayusetheTLP:AMBERwheninformationrequiressupporttobeeffectivelyacteduponbutcarriestheriskstoprivacy,reputation,oroperationsifsharedoutsideoftheorganizationsinvolved.

RecipientsmayonlyshareTLP:AMBERinformationwithmembersoftheirownorganization,andonlyaswidelyasnecessarytoactonthatinformation.

GREEN

SourcesmayuseTLP:GREENwheninformationisusefulfortheawarenessofallparticipatingorganizationsaswellaswithpeerswithinthebroadercommunityorsector.

RecipientsmayshareTLP:GREENinformationwithpeersandpartnerorganizationswithintheirsectororcommunity,butnotviapubliclyaccessiblechannels.

WHITE

SourcesmayuseTLP:WHITEwheninformationcarriesminimalornoriskofmisuse,inaccordancewithapplicablerulesandproceduresforpublicrelease.

TLP:WHITEinformationmaybedistributedwithoutrestriction,subjecttocopyrightcontrols.

LookingGlass STRATISS: Confidential |

10

A Note on Estimative Language Estimativelanguageisusedinordertoconveyanassessedlikelihoodorprobabilityofanevent,aswellasthelevelofconfidenceascribedtoajudgment.Assessmentsarebasedoncollectedinformation(whichisoftenincomplete),aswellaslogic,argumentation,andprecedents.Confidencelevelsprovideassessmentsofthequalityandquantityofthesourceinformationthatsupportsjudgments. None Low Moderate High Complete0-10% 11-49% 50-79% 80-99% 100%

• Complete:Totallyreliableandcorroboratedinformationwithnoassumptionsandclear,undisputedreasoning.

• High:Wellcorroboratedinformationfrommultipleprovensources,extensive

databases,and/oradeephistoricalunderstandingoftheissue.Thereareminimalassumptionspresent.Theanalyticreasoningisdominatedbylogicalinferencesdevelopedthroughestablishedmethodologyormultipleanalytictechniques.Highconfidencedoesnotimplyanassessmentisfactoracertainty.

• Moderate:Partiallycorroboratedinformationfromsufficientqualitysources(amix

ofprovenandunprovensources)withsomedatabasesand/orhistoricalunderstandingoftheissue.Thereareassumptionspresent,ofwhichsomeshouldbecrucialtotheanalysis.Reasoningisamixtureofstrongandweakinferencesdevelopedthroughsimpleanalytictechniquesoranestablishedmethodology.

• Low:Uncorroboratedinformationfromgoodormarginalsources(mixofsemi-

provenandunprovensources)withminimaldatabaseorhistoricalunderstandingoftheissue.Therearemanyassumptionscriticaltotheanalysis.Reasoningisdominatedbyweakinferencesthroughfewanalytictechniques.

• None:Thereisnodirectinformationorpartiallycorroboratedinformationto

supportanalyticassessmentsorjudgments,oritisexploratoryanalysis.

LookingGlass STRATISS: Confidential |

11

Source and Information Reliability Source Rating DescriptionA Reliable Nodoubtaboutthesource'sauthenticity,trustworthiness,or

competency.Historyofcompletereliability.B UsuallyReliable Minordoubts.Historyofmostlyvalidinformation.C FairlyReliable Doubts.Providedvalidinformationinthepast.D NotUsuallyReliable Significantdoubts.Providedvalidinformationinthepast.E Unreliable Lacksauthenticity,trustworthiness,andcompetency.Historyof

invalidinformation.F Can’tBeJudged Insufficientinformationtoevaluatereliability.Mayormaynotbe

reliable.Information Rating Description1 Confirmed Logical,consistentwithotherrelevantinformation,confirmedby

independentsources.2 ProbablyTrue Logical,consistentwithotherrelevantinformation,notconfirmed

byindependentsources.3 PossiblyTrue Reasonablylogical,agreeswithsomerelevantinformation,not

confirmed.4 DoubtfullyTrue Notlogicalbutpossible,nootherinformationonthesubject,not

confirmed.5 Improbable Notlogical,contradictedbyotherrelevantinformation.6 Can’tBeJudged Thevalidityoftheinformationcannotbedetermined.

LookingGlass STRATISS: Confidential |

12

ihttps://www.darkreading.com/vulnerabilities---threats/retail-fraud-spikes-ahead-of-the-holidays/d/d-id/1333130iiIbid.iiihttps://www.calyptix.com/top-threats/top-causes-of-data-breaches-by-industry-2018-verizon-dbir/ivhttps://www.security.neustar/blog/-tis-the-season-for-ddos-attacksvhttps://www.itproportal.com/features/the-four-most-popular-methods-hackers-use-to-spread-ransomware/vihttps://www.lanner-america.com/blog/5-cyber-threats-currently-faced-financial-sector/viiIbid.viiihttps://www.finance-monthly.com/2018/05/banking-finance-were-the-most-vulnerable-web-applications-in-2017/ixIbid.xhttps://www.businesstimes.com.sg/technology/study-finds-rise-in-web-malware-attacks-merchants-more-vulnerable-during-holiday-seasonxihttps://www.securitynow.com/author.asp?section_id=715&doc_id=745218xiihttps://www.proofpoint.com/us/threat-insight/post/zeus-panda-banking-trojan-targets-online-holiday-shoppersxiiihttps://www.f5.com/labs/articles/threat-intelligence/ramnit-goes-on-a-holiday-shopping-spree-targeting-retailers-and-banksxivhttp://www.paymentsjournal.com/payments-and-cybersecurity-why-automating-threat-breach-response-is-critical/xvhttps://www.afponline.org/trends-topics/topics/articles/Details/afp-survey-payments-fraud-hits-record-high-of-78xvihttps://www.aciworldwide.com/insights/expert-view/2018/april/12-biggest-security-threats-to-paymentsxviixviihttps://www.retaildive.com/news/tis-the-season-for-retail-security-threats/510084/xviiihttps://www.forbes.com/sites/forbestechcouncil/2017/09/27/the-vulnerabilities-of-a-pos-system/#3f6dfd384b58xixhttps://digitalguardian.com/blog/what-point-sale-pos-malware-how-it-works-and-how-protect-your-pos-systemxxhttps://threatpost.com/square-paypal-pos-hardware-open-to-multiple-attack-vectors/138681/xxihttps://www.threatmetrix.com/digital-identity-blog/cybercrime/cybercrime-report-five-predictions-holiday-2017/xxiihttps://www.adweek.com/digital/mobile-shopping-is-on-the-rise-but-remains-split-between-the-mobile-web-and-apps/xxiiiIbid.xxivhttps://www.calyptix.com/top-threats/top-causes-of-data-breaches-by-industry-2018-verizon-dbir/xxvhttps://www.securitymagazine.com/articles/88637-online-fraud-increases-22-during-holiday-seasonxxvihttps://www.cutimes.com/2018/02/08/e-commerce-cyberattacks-grow-during-2017-holiday-s/xxviihttps://www.threatmetrix.com/digital-identity-blog/cybercrime/cybercrime-report-reveals-surge-in-ecommerce-fraud-attacks/xxviiihttp://www.myteltek.com/blog/2018/10/protecting-your-business-from-cyber-security-issues-during-the-holidays/xxixhttps://www.zerofox.com/blog/cyber-monday-breeds-cyber-crime-infographic/xxxhttps://www.kount.com/blog-against-fraud/comparing-2016-and-2017-holidays-trends-in-naughty-and-nice