Security News

Attack on Mobile Account Logins Have Risen 107% in 6 Months: Cyber Crime Report

Threat Metrix has recently released its H2 2018 Cybercrime Report on global cybercrime which says there is a  shift toward cross-organizational fraud, as well as a change in fraudsters’ tactics toward attacks on mobile. This latter trend is particularly prevalent in financial services, where attacks on mobile account logins have risen 107 % in just six months.

The report is based on 17 billion digital transactions on the ThreatMetrix Digital Identity Network during the second half of 2018, with 61 % of digital transactions originating from a mobile device.

Key Findings from the ThreatMetrix H2 2018 Cybercrime Report

  • ThreatMetrix recorded 244 million human-initiated attacks in H2 2018, along with 3 billion bot (automated) attacks.
  • New account creations still have the highest attack rate of all use cases analyzed by ThreatMetrix, with approximately 1 in every 8 new accounts rejected as fraudulent.
  • Across sectors, ThreatMetrix recorded 189 million mobile bot attacks, a 12% growth compared to H1 2018, highlighting the ongoing evolution of mobile fraud.

“Fraudsters are master manipulators, with constantly shifting tactics,” says Alisdair Faulkner, Chief Identity Officer, LexisNexis Risk Solutions. “They adapt their attack patterns and modus operandi to take advantage of shifting customer trends, evolving regulations and technological changes, always attempting to stay one pace ahead of businesses. We see this through the way in which attack patterns evolve and morph over time. Businesses must be able to piece together digital identity intelligence on a per-user basis so that departures from trusted customer behavior can be identified in near real-time, before a transaction is processed and before fraudsters can operationalize new attack methods.”

Financial services: A rise in mobile risk

Key findings:

  • The most noticeable growth in mobile attacks is on account logins, as fraudsters attempt to infiltrate user accounts by brute force (using mobile bots) or stealth (using mobile remote access attacks). This contributes to the 107 % growth in mobile account takeovers in comparison to H1 2018, despite the fact that overall attack rates are low.
  • In some regions, fraudsters are shifting focus from desktop to mobile attacks. North American financial services firms saw a 48 % year-over-year growth in attack rates, and a 116% increase in mobile transactions, with a 35% increase in mobile attacks.

Customers are increasingly opting to bank online and there is a preference for full-service mobile banking apps over desktop sessions in many regions. As a result, financial services organizations must continue to ensure that integrated and low-friction digital authentication capabilities form an inextricable part of the customer experience. This way, the sector will be able to align security with the online experience customers expect.

E-commerce: The target for global bot attacks

Key findings:

  • ThreatMetrix detected and stopped 2.1 billion bot attacks on e-commerce merchants, a 142 % growth compared to the same period last year
  • Account logins in e-commerce are much more desktop based, with 69 % of logins via desktop.

In the e-commerce sector, although sophisticated attacks have actually dropped during H2 2018, the impact of high-volume automated bot traffic continues to disrupt the industry. Identity-testing bot attacks often make up considerably more of an e-commerce merchant’s daily transaction volume than good traffic, making a low-friction online experience for trusted customers all the more challenging for merchants to provide.

One of the key challenges for e-commerce merchants, particularly during busy holiday shopping days such as Black Friday and Cyber Monday, is balancing optimized customer experience and low-friction authentication, while also maintaining effective fraud control. At times, this might mean accepting a higher percentage of fraud to accept more genuine orders from good customers.

Media: Lower barriers lead to account creation attacks

Key findings:

  • In H2 2018, the media industry was hit by 211 million bot attacks, a 16 percent growth compared to H1 2018
  • In keeping with the mobile trend, media sees a growth of 7% in mobile new account creation attacks year-on-year, as well as a growth of 24% on mobile payments transactions year-on-year.

The media industry, which includes social networks, content streaming, gaming and gambling, still sees the highest penetration of new account creation attacks of all industries. Approximately one in every six new media account creation transactions were found to be fraudulent. This is in part due to the low barriers of account access and creation and less-stringent security measures, which means that media accounts have become prime targets for testing identities. Media companies must remain vigilant against fraudulent attacks to ensure that they do not jeopardize customer trust.

“With each Cybercrime Report that we develop, we gain important new insights into global transaction and attack patterns and the ever-growing, networked footprint of cybercrime,” says Thomas C. Brown, Senior Vice President, U.S. commercial Markets and Global market development, LexisNexis Risk Solutions. “Businesses that can harness the power of a global digital identity network that provides near real-time intelligence into the trustworthiness of an online user have a leg up on the competition. A layered defense of fraud, identity and authentication capabilities, including both digital and physical data, across the entire customer journey, is crucial to preventing fraudsters from succeeding.”

(Image Courtesy: www.2-spyware.com)

Leave a Comment

Your email address will not be published.

You may also like