Early last year, we published a blog outlining the events of 2017 that were most likely to attract the attention of malicious actors who would present potential risks to your organizations. Unsurprisingly, many of the usual suspects were active at significant points in the year, such as tax deadline day, the German elections, and Black Friday.

We are doing this again this year and want to make sure that you have these key events on your radar. When assessing the key events of 2018, we need to look at the activities of cybercriminals, hacktivists and nation-state affiliated actors.

Date Event Actor Affected Geographies Targets
6 February G20 summit Nation State; Hacktivism Argentina Government
9 February Winter Olympics Nation State; Hacktivism; Cybercrime South Korea Event Sponsors, Consumers, Retailers; Hospitality
13 February Tibetan Independence Day Nation State; Hacktivism Tibet; China; India Government
4 March Italian Elections Nation State Italy Government
18 March Russian Presidential Election


Nation State Russia Government
17 April Tax Deadline Day Cybercriminal United States Consumers
14 June FIFA World Cup Cybercriminal; Nation State; Hacktivism; Russia Event Sponsors, Consumers, Retailers; Hospitality
14 August Pakistan Independence Day Nation State India; Pakistan Unknown
9 September Swedish Elections Nation State Sweden Government
18 September Anniversary of the Mukden Incident Hacktivism Japan Unknown
November Irish Presidential Election Nation State Ireland Retail, Consumers
5 November OpVendetta Hacktivism All Finance
23 November Black Friday Cybercriminal United States Retail, Consumers
26 November Cyber Monday Cybercriminal United States Retail, Consumers
25 December Christmas Day Hacktivism All Online Gaming


With an ever-increasing amount of money spent online, there are more opportunities for card not present fraud (fraud that can occur with transactions that are conducted online or over the phone). Just as we discovered in our “Retail Risks” whitepaper, these are risks that exist throughout the year. During Black Friday and Cyber Monday, criminal efforts tend to increase to take advantage of the increased number of transactions being made. Similarly, as we approach 17th April (that’s two days later than normal), we’re likely to see new techniques around tax return fraud emerge as criminals look to bypass IRS antifraud measures.

There are other events that are likely to provide rich-pickings for cybercriminals. Two years ago, wrote about the risks to the Rio Olympics for retailers, sponsors, and consumers. Similarly, the Winter Olympics and the FIFA World Cup are expected to attract cybercriminals seeking to exploit card-wielding tourists.



Despite the predictability of some reoccurring online protests, the significance of hacktivist campaigns is often difficult to anticipate. One example of such reoccurring campaigns is OpVendetta, which occurs each year on November 5. We monitor the levels of participation and organization to assess the likely impact of the campaign, as seen recently with the OpCatalunya operation that targets companies operating in Spain.

Of course, hacktivist campaigns are not always as they appear; Anonymous Poland, for example, have previously demonstrated characteristics of a nation-state proxy. We will have to wait and see whether more hacktivist groups demonstrate techniques beyond the typical denial of service attacks and website defacements.


Nation-State/Nation-State Affiliated

Since the 2016 U.S. Presidential Election, election season has become a common time of the year for nation states and their affiliated groups to develop online campaigns. There are a range of tools and techniques widely available to actors who seek to influence elections. We’ll be keeping an eye on a host of elections coming up in 2018, but the key ones will be the Russian, Swedish, and Italian elections.


While this is by no means a definitive list of 2018 hot spots, outlining these events at the beginning of the year provides us with areas of focus. With this focus, we can monitor for the key drivers and assess the likely impact of a particular campaign or event. To stay up to date with the latest key events, threat intelligence, and research, subscribe to our email list here.

Photon logo small