Report Examines Cyber Threat Trends Facing Retail and Hospitality This Holiday Season

Phishing and fraud remain critical concerns for the consumer-facing industry, with return fraud and gift card fraud increasing dramatically during the holidays.
Holiday Season Cyber Threat Trends

Vienna, VA (November 7, 2023) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today released its 2023 Holiday Season Cyber Threat Trends report, which examines the threat landscape facing the retail and hospitality sectors during the holiday season, typically the busiest time of year for consumer-facing industries.

According to the report, phishing and fraud remain critical concerns, with return fraud and gift card fraud increasing dramatically in the current period. Organizations are seeing an increase in the prevalence of imposter domains, in-store theft, and credential harvesting attempts, especially leveraging social engineering tactics and multifactor authentication (MFA) bypass.

In assessing the threat landscape, the report predicts that for the 2023 period, credential harvesting, phishing, and imposter domains are likely to remain key threats. Malware trends may fluctuate slightly, and major zero-day vulnerabilities that emerged throughout 2023 (and those that have yet to emerge) are also likely to rank among key threats to retail and hospitality holiday operations.

“This year’s holiday report sheds light on the evolving threat landscape, offering valuable insights to empower retailers and consumer-facing organizations to safeguard their operations and protect their customers,” said Suzie Squier, president of RH-ISAC.

The report also features an analysis of the ransomware threat trends reported by the RH-ISAC member community for 2022 and so far in 2023. In 2022, members shared intelligence related to ransomware a total of 200 times, whereas from January to September alone in 2023, members shared intelligence on ransomware 419 times, which represents a 109.5% increase in reporting.

Additionally, in the report, RH-ISAC associate member Akamai provides analysis of bot traffic, audience hijacking, and Magecart-style web skimming attacks.

Download a copy of the full report here.


More Recent Press Releases