It’s been another headline-grabbing 12 months for cybersecurity. There were many large and damaging compromises affecting retailers, airlines and credit rating companies, to name just a few. Thousands of organizations weren’t prepared and had sensitive data stolen, suffered downtime of key systems or were affected in some other way. Are you ready?

This issue of the Rapid7 Quarterly Threat Report takes a deep dive into the threat landscape for 2018 Q4 and looks more broadly at 2018 as a whole. We provide an assessment of threat events by organization size and industry, and examine threat incident patterns identified through guidance from security specialists. We also further explore inbound activity to our honeypot network to identify trends and patterns that reveal rising new threats, such as Android Debug Bridge (ADB) activity, the persistence of old threats such as EternalBlue, and the vulnerability posed by non-novel credentials as revealed to publicly exposed systems. The report concludes with five steps you can take to bolster your organization’s security posture in 2019 and beyond, based on our findings.

From the report, “It should be another momentous year for mobile security, with cyber attacks growing rapidly in sophistication and distribution. This report will cover the key mobile security trends that emerged last year as well as summarize thoughts for the mobile threat landscape for the year ahead.”

This report takes a deep dive into examining the types of fraud that occur in the travel industry.

The State of Manual Reviews: 2018 Report, brought to you by Kount and Paladin Group, provides survey results about manual review trends and best practices in the card-not-present (CNP) payments environment. It includes key performance indicators (KPIs) and demographic details related to participating merchants. In addition, participants in the survey shared insights about the tools, services, and solutions they employ for their manual review process.

From the report, “The 2018 Mobile Payments and Fraud Survey marks the sixth consecutive year of this study. This year’s report, with nearly 600 merchant respondents, is focused on understanding the growth, challenges and developments in the mobile channel. The report also set out to provide a better understanding of how the mobile market has evolved since the inaugural survey report in 2013.”

From the report, “Partnering with retailers for over a decade to detect and prevent online fraud has unearthed many insights about eCommerce criminals. One insight is that while detecting and preventing fraudster attacks is good, it is even better to catch and prosecute. But gathering evidence and building a case can be complex. Kount asked Skip Myers and Chad Evans to share best practices and firsthand success stories with building, submitting cases and engaging with law enforcement to not only catch fraudsters, but to bring them to justice.”

Retailers can’t get paid if their payment processing doesn’t work. And if a transaction proves fraudulent, a retailer not only loses the value of the sale and the merchandise, but also risks losing the loyalty of a customer who was billed incorrectly for the purchase. Here’s a look at the essential components of payment processing that every online retailer should consider—no matter their size— in order to provide both a positive customer experience and to successfully collect payment.

Scott Adams has been at the front lines fighting fraud in the world of online games as former Vice-Chair Merchant Board at Payments Ed Forum, and former Director of Fraud and Risk Management at Riot Games. For nearly four years, he led his group to greatly reduce fraud and increase account security for the millions of people who play League of Legends worldwide. Scott’s experience and expertise includes Payment Processing, Anti-Fraud/Chargeback Management, and Connecting the Marketing/Business Departments with Customer Service and Information Technology Departments (Cross-Departmental Communications). Kount asked him to share his industry expertise and insights for combating card-not-present (CNP) fraud in the Online Games market.

This report takes a closer look at the threat of friendly fraud, by first explaining the spectrum of friendly fraud and exploring whether merchants and issuers are in fact “training” cardholders to initiate disputes. It also examines the balancing act that merchants and issuers must navigate while trying to reduce friendly fraud, while also preserving important customer relationships. Lastly, it details how two companies are addressing the problem, and then outlines six best practices for controlling the damage.

This report offers the latest trends and insights into securing digital identities and transactions.

From the report, “Forter and PYMNTS.com have partnered to track, analyze and report on the important trends happening in the world of fraud as it relates to payments and commerce online. Every quarter, we are monitoring fraud attempts, reflected as a percent of U.S. sales transactions , on U.S. merchant websites. How big is the storm? Where is it? How is it changing? Read on to find out. For each of the Index editions in 2016, we are using the fraud rates observed in 2015 as a benchmark for comparing the state of fraud each quarter.” Read on to find out more.

From the report, “Overall, 2016 saw a steady rise in online fraud attack rate, which increased 8.9% over the course of the year. The frightening “tsunami” of fraud attempts that many merchants experienced at the end of 2015 was not repeated, but the moderate rate of increase was sustained. For several industries, primarily apparel, digital goods and travel, 2016 was a year of dramatic fluctuations, affected by numerous fraudsters who were looking for new vulnerabilities they can exploit.” Read on to find out more.

This is a handy guide that provides information useful for understanding online fraud.

This report takes a look at the threat intelligence of organizations surveyed in 2018. Among the key findings of the report are that organizations are leveraging threat intelligence data for a number of use cases, and many rate themselves fairly competent in their use of threat intelligence to identify and remediate cyber threats.

This helpful guide provides insight into the settings you should maintain on all of the major social networks. Read on to learn more.

This White Paper attempts to paint a comprehensive picture of the file-borne threat crisis facing health insurance companies due to the tight connection with medical institutions and the immense number of files shared and transferred between the two sectors, as well as explain why current security systems and industry regulations fail to adequately meet this sophisticated threat, and what measures can be taken to guard against it without investing in security infrastructure.

Online Journey Hijacking, a client-side phenomenon where unauthorized ads are injected into consumer browsers, is a growing yet invisible problem for eCommerce sites. This issue is widespread across the web — yet the eCommerce industry has only been made aware of its existence in recent years.

From the report, “Technology has dramatically changed the online experience for consumers — and along with this their expectations. Be it for business or pleasure, digital platforms continue reshaping the way consumers interact and engage with each other, as well as with online brands. This new reality has made capturing consumer business and loyalty a bigger challenge than ever for eCommerce brands. With mobile usage higher than ever, today’s shoppers are constantly juggling their eCommerce experience with other activities. To better understand the state of contemporary consumers, we asked more than 1,300 online shoppers about their shopping habits, what online and offline distractions are competing for their attention, and what factors most influence them to embrace — or abandon — their online shopping experience. As a technology company with the mission of preserving a distraction-free online customer journey, we hope these insights help eCommerce businesses identify how to better optimize their customers’ online experience.” Read on to find out more.

From the report, “As the dust settles after the 2018 holiday shopping season, online retailers and eCommerce businesses will be diving deep into the results to measure just how effectively their online promotional campaigns capitalized on the opportunity - and translated increased traffic into more revenue and improved conversion rates. Just what type of impact did the holiday season have on eCommerce brands in 2018? What days stood out amongst the pack when it came to traffic, orders, and conversion rates? Which verticals saw their KPIs rise the most? To uncover top holiday season eCommerce insights, Namogoo analyzed hundreds of millions of web sessions across regions, devices, and verticals.”

From the report, “To put the relentlessness of attacks and the attackers perpetrating them into perspective, it has been reported that the global cybercrime economy generates an annual profit of $1.5 trillion or roughly the same as Russia’s GDP. To use an old cybersecurity adage, attackers only need to succeed once to compromise your network, defenders need to succeed every time. These facts and the events of Q1 2018 reinforce the reality that threat actors have no intention of scaling back their attacks. It is important not to be distracted by coverage given to one attack vector or class of attack – distraction has been a powerful tool in the arsenals of attackers for centuries… just think about why malware trojans are so named.”