Cyber Criminals Have Evolving Tactics

The financial world should be bracing itself for what is set to be a big year for cyber-crime, according to ThreatMetrix's new report.  

ThreatMetrix's new report has come up with several new insights from the last quarter including the evolution of bot tactics to avoid the traditional defences of lenders and banks.

Online lending has become a major target for cyber-criminals and ThreatMetrix have seen record levels of fraud and bot attacks over the just the last quarter.

The quarterly report compiles data from billions of transactions conducted through the ThreatMetrix Digital Identity Network. Over a three month period, ThreatMetrix detected 21 million fraud attacks and 45 million bot attacks.

SCMagazineUK.com spoke to Dr Stephen Topliss of ThreatMetrix. Bot attacks are one of the newer, scarier threats; they've evolved to evade traditional layered security methods, often raising no alarms to even the best protected of organisations.

Bots have already been around for a long time but “historically the financial institutions and e-commerce have always felt reasonably well protected against them”. Companies would merely put up firewalls and put in place upstream defences. But, Topliss told SC, “bots are starting to change how they work”, becoming far more sophisticated than their predecessors.

‘Low and Slow' attacks are becoming far more popular when it comes to bots, avoiding the traditional security controls which are expecting a full on assault, not reconnaissance. Bots are “manipulating themselves so they're coming from many places, they're only trying to access one account once and testing and moving on so that actually those defences that are currently in place aren't catching them.”

In the wake of any number of headline grabbing breaches last year, the details of millions of people around the world are now cheaply available online in bundles of hundreds of thousands. Cyber-criminals, instead of just using them, are first testing them against a wide range of companies, just to see what they can get. They're not trying to commit fraud initially, Topliss told SC, but “just trying to narrow it down to a thousand credentials” that they can use maliciously.

These tend to be precursors to actual fraud, testing what credentials work on what accounts before going for the kill. On the back of that, identity has become a far more valuable commodity than it might have once been and has meant login attacks have increased considerably.

The biggest payoffs for cyber-criminals were seen in new account origination. Using the great wealth of personal details available for low prices on the darker corners of the internet, cyber-criminals have managed to rack up the largest sums by creating accounts in other people's names. These lucrative assaults have increased in number by 155 percent since last year and have grown in scale by nearly 200 percent.

One continuing theme is the changing nature of finance as lending moves online.

The growth of unorthodox lenders, like payday loan companies and peer-to-peer lenders, has provided consumers and enterprises with new ways of borrowing money, often avoiding the traditional credit checks of banks. It also offers to cyber-criminals a fertile area from which to profit. New account creation proved a very successful tactic for the ill-intentioned here, especially when compared to attacks against traditional lenders.

Topliss says attack rates "are much higher" against  unorthodox lenders on account of the sector's circumvention of traditional identity checks, emphasis on speed and efficiency and heavy focus on online services.

But “traditional banks are providing more and more online services”. Often, one can now apply for credit cards and loans over an online banking portal and increasingly, Topliss told SC, “what we're seeing now is loans and credit cards being [fraudulently] applied for online from existing customer accounts”.

While fingers are often pointed towards China, Russia and Brazil as the most common origins of international cyber-fraud, Topliss told SC that many of the fraud attacks on UK institutions come from inside the UK.

“Predominately it's an in-country attack initially”, says Topliss because "cash outs are easier within the country where the banks are located”.

The report bears this out, listing not China, Russia and Brazil as the principle origins of attack, but Germany, France, the UK and the US.

SC Magazine: http://bit.ly/1UERGm6

« A Cashless Society? Be Careful What You Wish For
Cool Job: Professor of Intelligence Analysis Program at James Madison University »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Hotlava Systems

Hotlava Systems

HotLava network adapters enable today's powerful servers and workstations to deliver more productivity by reducing congestion at the network interface.

LexisNexis Risk Solutions

LexisNexis Risk Solutions

LexisNexis Risk Solutions provides technology solutions for Anti-Money Laundering, Fraud Mitigation, Anti-Bribery and Corruption, Identity Management, Tracing and Investigation.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

SIGA

SIGA

SIGA provides cyber security solutions for Industrial Control Systems SCADA systems used in critical infrastructures and industrial processes.

Precise Biometrics

Precise Biometrics

Precise Biometrics develop and sell fingerprint software for convenient and secure authentication of people’s identity in mobile devices, smart cards and other products with fingerprint sensors.

Pentagon Group

Pentagon Group

Pentagon Group is a provider of security services in high-risk environments, remote areas and emerging markets in support of land-based, aviation, maritime and cyber operations.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub is a non-profit network organization focused on cooperation, information sharing, research and implementation of cutting-edge technologies in cybersecurity.

MagiQ Technologies

MagiQ Technologies

MagiQ produced the world’s first commercial quantum cryptography product that delivered advanced, future-proof network security.

Altospam

Altospam

Altospam is a full service corporate email protection, integrating multiple security levels for your emails.

Assured Clarity

Assured Clarity

Assured Clarity are a global consultancy, specialising in Risk Management and Data Privacy, through Education, Awareness and Training, throughout an organisation.

Phriendly Phishing

Phriendly Phishing

Phriendly Phishing offers phishing awareness training programs designed to ward off potential security threats and minimise the impact of cyber attacks.

Cool Waters Cyber

Cool Waters Cyber

Cool Waters Cyber manage cyber security governance, risk and compliance.

Ever Nimble

Ever Nimble

Ever Nimble are award-winning experts in IT support, cybersecurity, and cloud technology. Our proactive approach will enhance your security and protect you from cyber security threats.

SecureAck

SecureAck

From our A-Op SaaS automation platform to Managed Automation-as-a-Service (MAaaS), SecureAck offer powerful security automation the way that best suits your organisation's needs.

Hakai Security

Hakai Security

Hakai is a consulting firm specializing in information security that offers customized services and products to meet the needs and goals of each business.

Atumcell

Atumcell

Atumcell’s targeted risk assessment exposes emerging threats before they cause harm.