Cyber Criminals Have Evolving Tactics

Uploaded on 2016-03-08 in FREE TO VIEW, GOVERNMENT-Law Enforcement, NEWS-Cybersecurity News

The financial world should be bracing itself for what is set to be a big year for cyber-crime, according to ThreatMetrix's new report.  

ThreatMetrix's new report has come up with several new insights from the last quarter including the evolution of bot tactics to avoid the traditional defences of lenders and banks.

Online lending has become a major target for cyber-criminals and ThreatMetrix have seen record levels of fraud and bot attacks over the just the last quarter.

The quarterly report compiles data from billions of transactions conducted through the ThreatMetrix Digital Identity Network. Over a three month period, ThreatMetrix detected 21 million fraud attacks and 45 million bot attacks.

SCMagazineUK.com spoke to Dr Stephen Topliss of ThreatMetrix. Bot attacks are one of the newer, scarier threats; they've evolved to evade traditional layered security methods, often raising no alarms to even the best protected of organisations.

Bots have already been around for a long time but “historically the financial institutions and e-commerce have always felt reasonably well protected against them”. Companies would merely put up firewalls and put in place upstream defences. But, Topliss told SC, “bots are starting to change how they work”, becoming far more sophisticated than their predecessors.

‘Low and Slow' attacks are becoming far more popular when it comes to bots, avoiding the traditional security controls which are expecting a full on assault, not reconnaissance. Bots are “manipulating themselves so they're coming from many places, they're only trying to access one account once and testing and moving on so that actually those defences that are currently in place aren't catching them.”

In the wake of any number of headline grabbing breaches last year, the details of millions of people around the world are now cheaply available online in bundles of hundreds of thousands. Cyber-criminals, instead of just using them, are first testing them against a wide range of companies, just to see what they can get. They're not trying to commit fraud initially, Topliss told SC, but “just trying to narrow it down to a thousand credentials” that they can use maliciously.

These tend to be precursors to actual fraud, testing what credentials work on what accounts before going for the kill. On the back of that, identity has become a far more valuable commodity than it might have once been and has meant login attacks have increased considerably.

The biggest payoffs for cyber-criminals were seen in new account origination. Using the great wealth of personal details available for low prices on the darker corners of the internet, cyber-criminals have managed to rack up the largest sums by creating accounts in other people's names. These lucrative assaults have increased in number by 155 percent since last year and have grown in scale by nearly 200 percent.

One continuing theme is the changing nature of finance as lending moves online.

The growth of unorthodox lenders, like payday loan companies and peer-to-peer lenders, has provided consumers and enterprises with new ways of borrowing money, often avoiding the traditional credit checks of banks. It also offers to cyber-criminals a fertile area from which to profit. New account creation proved a very successful tactic for the ill-intentioned here, especially when compared to attacks against traditional lenders.

Topliss says attack rates "are much higher" against  unorthodox lenders on account of the sector's circumvention of traditional identity checks, emphasis on speed and efficiency and heavy focus on online services.

But “traditional banks are providing more and more online services”. Often, one can now apply for credit cards and loans over an online banking portal and increasingly, Topliss told SC, “what we're seeing now is loans and credit cards being [fraudulently] applied for online from existing customer accounts”.

While fingers are often pointed towards China, Russia and Brazil as the most common origins of international cyber-fraud, Topliss told SC that many of the fraud attacks on UK institutions come from inside the UK.

“Predominately it's an in-country attack initially”, says Topliss because "cash outs are easier within the country where the banks are located”.

The report bears this out, listing not China, Russia and Brazil as the principle origins of attack, but Germany, France, the UK and the US.

SC Magazine: http://bit.ly/1UERGm6

« A Cashless Society? Be Careful What You Wish For
Cool Job: Professor of Intelligence Analysis Program at James Madison University »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

SBS CyberSecurity

SBS CyberSecurity

SBS CyberSecurity is a premier cybersecurity consulting and audit firm.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Corvus Insurance

Corvus Insurance

Corvus' mission is to create a safer, more productive world through technology-enabled commercial insurance.

Armis

Armis

Armis offers the markets leading asset intelligence platform designed to address the new threat landscape that connected devices create.

Secure Blockchain Technologies (SBT)

Secure Blockchain Technologies (SBT)

SBT is a team of Enterprise IT Security Professionals weaving security and Blockchain Technology into our customer’s operational fabric.

EVOKE

EVOKE

EVOKE is an award-winning Digital Transformation company that partners with its clients to build digital workplace solutions for organizational challenges.

Evolution Equity Partners

Evolution Equity Partners

Evolution Equity Partners is an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies.

Lunio

Lunio

Lunio makes the internet a safer and more reliable place for everyone trying to grow their business by automatically getting rid of fake clicks, traffic, and leads on all ad platforms.

Institute for Pervasive Cybersecurity - Boise State University

Institute for Pervasive Cybersecurity - Boise State University

Boise State University’s Institute for Pervasive Cybersecurity is a leader of innovative cybersecurity research and advancement in Idaho and the region.

Conseal Security

Conseal Security

Mobile app security testing done well. Conseal Security are specialists in mobile app penetration testing. Our expert-led security analysis quickly finds security vulnerabilities in your apps.

Apono

Apono

Apono enables DevOps and security teams to manage access to sensitive cloud assets and data repositories in a frictionless and compliant way.

AFRY

AFRY

AFRY is a world leading engineering company, trusted as a supplier of services and solutions within the industry, energy, and infrastructure sectors as well as for authorities.

Colt Technology Services

Colt Technology Services

Colt Technology Services (Colt) is a global digital infrastructure company which creates extraordinary connections to help businesses succeed.

BlackSignal Technologies

BlackSignal Technologies

BlackSignal Technologies provides cybersecurity, digital signal processing and electronic warfare products to help DOD and IC agency customers counter near-peer threats and security challenges.