tis the season to be hacking- Forecast for Cybercrime activities during the holidays

Cytegic DyTA intelligence platform gathers, processes and analyses hundreds of thousands of intelligence feeds on a month basis, to allow a quick and understandable cyber-trend analysis. DyTA enables cyber-intelligence analysts and CISOs to understand and analyze the threat level of each attacker and attack method relevant to their organization, according to their geo-political region, industry sector and corporate assets.

The following post represents the most interesting and active cyber-trends that DyTA analyzed before and during previous holiday seasons in USA and a forecast for the coming holiday season.

For your complementray copy of the complete report please contact us at info@cytegic.com


The most noticeable trend we observed is that hackers focuses in the holidays on the special sale days throughout the network such as “Black-Friday”, Cyber-Monday, “New Year sales” and etc.

2014 analysis of attackers types by weeks

2014 analysis of attackers types by weeks- will history repeat itself?


  • The most active cyber-attackers during the holiday season against US retailers are financially-motivated attackers, followed by politically-motivated ones. In 2014’s holiday season, financial hackers accounted for more than a third of the overall attacks and we forecast them to be more than half of this season’s threat landscape.
  • The top TTPs in the holiday season are forecasted to be Malware, Email Social-Engineering, Denial of Service and Terminal Malware, similar to previous years when financial hackers targeted large retailers in order to steal payment card information and client data.
  • The most targeted assets in this period are forecasted to be Payment Card information, Client Data, Cash and Financial Transactions.
  • Attacks against retailers usually take place a few days before a major holiday, with the week before Christmas being the most threatened time in this period
  • Retailers, and in that sense any company who processes payments and financial transactions, should be on the highest alert level during the coming weeks and prepare in advance towards the specific attack methods which are going to targeted their assets, as mentioned above
Comparison between 2014 and 2015 attacker types

Comparison between 2014 and 2015 attacker types


Danger looms:

From the analysis we made using our DyTA Intelligence Platform, we identified the following trends and patterns:

  • The top attackers in this timeframe are financial hackers (38.2% of all attacks), which matches the information we gathered mentioned above.
  • Attacks against retailers usually take place a few days before a holiday (the peaks in the graphs below).
  • An important note about the 2014 chart is that the high numbers of attacks of political cyber-warrior (36.2% of all attacks) in the middle of December 2014 can be attributed to the “cyber war” between North-Korea and Sony Pictures Entertainment[1] which started at the end of November and continued throughout December[2].
  • From observing the charts below of 2014 and 2015 with the forecast, we can see that the two main types of attackers – Financial Hackers and Politically-motivated attackers – stay on top, and seem to be the most threatening concern this season as well. The week before Christmas is when retailers should be on their most heightened alert level, with Thanksgiving coming in second.

[1] http://blogs.cfr.org/cyber/2014/12/19/cyber-week-in-review-december-19-2014/

[2] https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/

Leave a Reply

Your email address will not be published. Required fields are marked *