Cyber Criminals Have Evolving Tactics

The financial world should be bracing itself for what is set to be a big year for cyber-crime, according to ThreatMetrix's new report.  

ThreatMetrix's new report has come up with several new insights from the last quarter including the evolution of bot tactics to avoid the traditional defences of lenders and banks.

Online lending has become a major target for cyber-criminals and ThreatMetrix have seen record levels of fraud and bot attacks over the just the last quarter.

The quarterly report compiles data from billions of transactions conducted through the ThreatMetrix Digital Identity Network. Over a three month period, ThreatMetrix detected 21 million fraud attacks and 45 million bot attacks.

SCMagazineUK.com spoke to Dr Stephen Topliss of ThreatMetrix. Bot attacks are one of the newer, scarier threats; they've evolved to evade traditional layered security methods, often raising no alarms to even the best protected of organisations.

Bots have already been around for a long time but “historically the financial institutions and e-commerce have always felt reasonably well protected against them”. Companies would merely put up firewalls and put in place upstream defences. But, Topliss told SC, “bots are starting to change how they work”, becoming far more sophisticated than their predecessors.

‘Low and Slow' attacks are becoming far more popular when it comes to bots, avoiding the traditional security controls which are expecting a full on assault, not reconnaissance. Bots are “manipulating themselves so they're coming from many places, they're only trying to access one account once and testing and moving on so that actually those defences that are currently in place aren't catching them.”

In the wake of any number of headline grabbing breaches last year, the details of millions of people around the world are now cheaply available online in bundles of hundreds of thousands. Cyber-criminals, instead of just using them, are first testing them against a wide range of companies, just to see what they can get. They're not trying to commit fraud initially, Topliss told SC, but “just trying to narrow it down to a thousand credentials” that they can use maliciously.

These tend to be precursors to actual fraud, testing what credentials work on what accounts before going for the kill. On the back of that, identity has become a far more valuable commodity than it might have once been and has meant login attacks have increased considerably.

The biggest payoffs for cyber-criminals were seen in new account origination. Using the great wealth of personal details available for low prices on the darker corners of the internet, cyber-criminals have managed to rack up the largest sums by creating accounts in other people's names. These lucrative assaults have increased in number by 155 percent since last year and have grown in scale by nearly 200 percent.

One continuing theme is the changing nature of finance as lending moves online.

The growth of unorthodox lenders, like payday loan companies and peer-to-peer lenders, has provided consumers and enterprises with new ways of borrowing money, often avoiding the traditional credit checks of banks. It also offers to cyber-criminals a fertile area from which to profit. New account creation proved a very successful tactic for the ill-intentioned here, especially when compared to attacks against traditional lenders.

Topliss says attack rates "are much higher" against  unorthodox lenders on account of the sector's circumvention of traditional identity checks, emphasis on speed and efficiency and heavy focus on online services.

But “traditional banks are providing more and more online services”. Often, one can now apply for credit cards and loans over an online banking portal and increasingly, Topliss told SC, “what we're seeing now is loans and credit cards being [fraudulently] applied for online from existing customer accounts”.

While fingers are often pointed towards China, Russia and Brazil as the most common origins of international cyber-fraud, Topliss told SC that many of the fraud attacks on UK institutions come from inside the UK.

“Predominately it's an in-country attack initially”, says Topliss because "cash outs are easier within the country where the banks are located”.

The report bears this out, listing not China, Russia and Brazil as the principle origins of attack, but Germany, France, the UK and the US.

SC Magazine: http://bit.ly/1UERGm6

« A Cashless Society? Be Careful What You Wish For
Cool Job: Professor of Intelligence Analysis Program at James Madison University »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Raytheon Technologies

Raytheon Technologies

Raytheon Intelligence & Space delivers solutions that protect every side of cyber for government agencies, businesses and nations.

Intelligent Waves

Intelligent Waves

Intelligent Waves holds and manages contracts to provide an array of intelligence, operational, communications and IT support to the USG in austere, forward-deployed, hazardous duty environments.

Guardsquare

Guardsquare

GuardSquare is the global reference in mobile application protection. We develop premium software for the protection of mobile applications against reverse engineering and hacking.

C2SEC

C2SEC

C2Sec provides an innovative analytics platform that assesses and quantifies cyber risks in financial terms based on combining patented big data, AI, and cybersecurity technologies.

Take Five

Take Five

Take Five is a national campaign offering straight-forward, impartial advice that helps prevent email, phone-based and online fraud – particularly where criminals impersonate trusted organisations.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

Secureframe

Secureframe

Companies from startups to enterprises use Secureframe to automate SOC 2 and ISO 27001 compliance, complete audits, and continuously monitor their security.

JaCIRT

JaCIRT

JaCIRT is the national Cyber Incident Response Team for Jamaica, established to deliver on the mandate outlined in the GoJ’s National Cyber Security Strategy.

Paradyn

Paradyn

Paradyn-managed security services can provide a holistic view of your business environment, no matter how simple or complex it is.

Ankura Consulting Group

Ankura Consulting Group

Ankura is a global expert services and advisory firm that delivers services and end-to-end solutions in a wide range of areas including cybersecurity and digital transformation.

Incognia

Incognia

Incognia have created a ubiquitous private identity based on location behavior, that enables a personalized frictionless experience with mobile apps and connected devices.

Testhouse Ltd

Testhouse Ltd

Testhouse is a thought leader in the Quality Assurance, software testing and DevOps space. Founded in the year 2000 in London, UK, with a mission to contribute towards a world of high-quality software

Tidelift

Tidelift

Tidelift provides the tools, data, and strategies that help organizations assess risk and improve the health, security, and resilience of the open source used in their applications.

TrueBees

TrueBees

TrueBees is the first deepfakes detector able to detect AI-generated portraits shared on social media and to prevent their diffusion across the web.

Tamnoon

Tamnoon

Tamnoon is the Managed Cloud Detection and Response platform that helps you turn CNAPP and CSPM alerts into action and fortify your cloud security posture.

Coalition for Secure AI (CoSAI)

Coalition for Secure AI (CoSAI)

CoSAI is an open ecosystem of AI and security experts from industry leading organizations dedicated to sharing best practices for secure AI deployment and collaborating on AI security research.