Cyber Criminals Have Evolving Tactics

The financial world should be bracing itself for what is set to be a big year for cyber-crime, according to ThreatMetrix's new report.  

ThreatMetrix's new report has come up with several new insights from the last quarter including the evolution of bot tactics to avoid the traditional defences of lenders and banks.

Online lending has become a major target for cyber-criminals and ThreatMetrix have seen record levels of fraud and bot attacks over the just the last quarter.

The quarterly report compiles data from billions of transactions conducted through the ThreatMetrix Digital Identity Network. Over a three month period, ThreatMetrix detected 21 million fraud attacks and 45 million bot attacks.

SCMagazineUK.com spoke to Dr Stephen Topliss of ThreatMetrix. Bot attacks are one of the newer, scarier threats; they've evolved to evade traditional layered security methods, often raising no alarms to even the best protected of organisations.

Bots have already been around for a long time but “historically the financial institutions and e-commerce have always felt reasonably well protected against them”. Companies would merely put up firewalls and put in place upstream defences. But, Topliss told SC, “bots are starting to change how they work”, becoming far more sophisticated than their predecessors.

‘Low and Slow' attacks are becoming far more popular when it comes to bots, avoiding the traditional security controls which are expecting a full on assault, not reconnaissance. Bots are “manipulating themselves so they're coming from many places, they're only trying to access one account once and testing and moving on so that actually those defences that are currently in place aren't catching them.”

In the wake of any number of headline grabbing breaches last year, the details of millions of people around the world are now cheaply available online in bundles of hundreds of thousands. Cyber-criminals, instead of just using them, are first testing them against a wide range of companies, just to see what they can get. They're not trying to commit fraud initially, Topliss told SC, but “just trying to narrow it down to a thousand credentials” that they can use maliciously.

These tend to be precursors to actual fraud, testing what credentials work on what accounts before going for the kill. On the back of that, identity has become a far more valuable commodity than it might have once been and has meant login attacks have increased considerably.

The biggest payoffs for cyber-criminals were seen in new account origination. Using the great wealth of personal details available for low prices on the darker corners of the internet, cyber-criminals have managed to rack up the largest sums by creating accounts in other people's names. These lucrative assaults have increased in number by 155 percent since last year and have grown in scale by nearly 200 percent.

One continuing theme is the changing nature of finance as lending moves online.

The growth of unorthodox lenders, like payday loan companies and peer-to-peer lenders, has provided consumers and enterprises with new ways of borrowing money, often avoiding the traditional credit checks of banks. It also offers to cyber-criminals a fertile area from which to profit. New account creation proved a very successful tactic for the ill-intentioned here, especially when compared to attacks against traditional lenders.

Topliss says attack rates "are much higher" against  unorthodox lenders on account of the sector's circumvention of traditional identity checks, emphasis on speed and efficiency and heavy focus on online services.

But “traditional banks are providing more and more online services”. Often, one can now apply for credit cards and loans over an online banking portal and increasingly, Topliss told SC, “what we're seeing now is loans and credit cards being [fraudulently] applied for online from existing customer accounts”.

While fingers are often pointed towards China, Russia and Brazil as the most common origins of international cyber-fraud, Topliss told SC that many of the fraud attacks on UK institutions come from inside the UK.

“Predominately it's an in-country attack initially”, says Topliss because "cash outs are easier within the country where the banks are located”.

The report bears this out, listing not China, Russia and Brazil as the principle origins of attack, but Germany, France, the UK and the US.

SC Magazine: http://bit.ly/1UERGm6

« A Cashless Society? Be Careful What You Wish For
Cool Job: Professor of Intelligence Analysis Program at James Madison University »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Kore Telematics

Kore Telematics

Kore is a leading managed service provider for IoT and M2M applications.

TrustInSoft

TrustInSoft

TrustInSoft develops solutions that validate mission-critical software and eliminate attack vectors.

Labs/02

Labs/02

Labs/02 is a seed-stage incubator with a mission to advance cutting-edge technology in innovative areas including AI, deep learning, autonomous transportation, and smart cities.

Police CyberAlarm

Police CyberAlarm

Police CyberAlarm is a free tool to help members understand and monitor malicious cyber activity. This service is made up of two parts; monitoring and vulnerability scanning.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Nisos

Nisos

Nisos provides unrivaled protection of your reputation and assets through the practice of Active Defense.

Deeper Network

Deeper Network

Deeper Network represents the world's first decentralized blockchain network for building a truly private, secure and fair Internet.

Silent Quadrant

Silent Quadrant

Silent Quadrant delivers incomparable cybersecurity consulting, digital transformation, and risk management within our purpose-driven clients - empowering them to be the most resilient entities.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

Bluewave

Bluewave

Bluewave are a strategic IT advisory company that offers businesses a simple and comprehensive way to purchase information technology solutions.

PolySwarm

PolySwarm

PolySwarm is a crowdsourced threat intelligence marketplace that provides a more effective way to detect, analyze and respond to the latest threats.

Quantum Security Services

Quantum Security Services

Quantum Security Services is a specialist information security firm providing a range of risk, compliance and technical security services.

Stack Identity

Stack Identity

Stack Identity protects access to cloud data by prioritizing identity and access vulnerabilities via a live data attack map.

Francisco Partners

Francisco Partners

Francisco Partners provide capital, expertise, and support for growth-aspiring technology companies.

VT Group (VTG)

VT Group (VTG)

VTG delivers force modernization and digital transformation solutions that expand America’s competitive advantage in the modern battlespace.

NST Cyber

NST Cyber

NST Cyber provides comprehensive Threat Exposure Management to Global banks and Forbes 2000 companies.