New Report Examines Holiday Season Cyber Threat Trends in Retail and Hospitality

Vienna, VA (November 7, 2022) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today released its Holiday Season Cyber Threat Trends report, which examines the threat landscape facing the retail and hospitality sector during the holiday season, typically the busiest time of year for these industries.

According to the report, QakBot, Emotet, Agent Tesla, and Dridex are likely to continue as the most prevalent malware tools leveraged by threat actors for the 2022 holiday season. Additionally, phishing and fraud remain critical concerns, with return fraud and gift card fraud increasing dramatically in the current period. Organizations are seeing an increase in the prevalence of credential harvesting attempts, especially leveraging social engineering tactics.

The report includes perspectives from key subject matter experts at leading consumer-facing organizations who provided insights into their organization’s holiday season cybersecurity measures. The report also features an analysis of the threat trends reported by the RH-ISAC member community for the 2020 and 2021 holiday seasons to provide a historical perspective. Additionally, RH-ISAC associate member Flashpoint provides perspective on the current holiday season threat landscape based on their research and data.

Download a copy of the report here. This report is a TLP: White redacted version of the original report, which includes privileged information available to RH-ISAC members.