Digital fraud is a profitable ‘business’ which is growing exponentially. We estimate that the opportunities to create wealth in this ‘business’ have propelled a 10-fold increase in people taking up fraud as a career since 2019. Even a rookie fraudster can now expect to earn upward of $20,000 per month!
It has become easier to launch attacks at scale. Attackers can easily and cheaply get – and offer – criminal toolkits, resources, services, and 24x7 support in a thriving ecosystem of cybercrime. They share information and expertise, recommend attack tools and techniques, and offer guidance to rookie fraudsters. As a result, the learning curve for amateur attackers has flattened and they now don’t need to spend years learning the ropes to graduate into a Master Fraudster.
Automation is a key weapon in the attackers’ arsenal
Automation is an effective weapon that allows attackers to maximize profits with the least possible investments. In fact, availability in pre-configured bot scripts allows even amateur attackers to scale-up profitable attacks fast. These are not the bot attacks of 5 years ago. Advancements in bot technology have made bots more intelligent and sophisticated than ever before. These intelligent bots can copy human behavior fairly easily, which not only enables them to evade detection but also helps attackers devise new means to monetize attacks.
Bots continue to fuel the bulk of attacks. Our research reveals that in Q1 2022 bots powered 93% of all attacks compared to human-driven attacks that clocked 7%. During this quarter, bot attacks were 40% higher than the Q1 average over the past 3 years. Most of the bot-driven attacks were used for large-scale web scraping and low-and-slow account takeover attempts.
Bot attacks can overwhelm workflows with a single high-volume attack, up to 2.5x normal traffic volume at its peak. However, they are not just driving volumetric attacks but due to the advanced capabilities, their signatures are now three times more complex. This increasing complexity makes bot detection all the more challenging for fraud and security teams.
Human fraud farms are preferred for low-and-slow attacks
Attackers leverage human click farms to target platforms with low-and-slow attacks while staying under the radar. They generally use click farms to abuse chat channels, spam and scams, account takeovers, and in-game abuse. In Q1 2022, 90% of all human-led attacks targeted communication channels in gaming, dating, and tech. Human attacks constituted 35% of the attacks against the top targeted companies. For some of the metaverse companies, this figure was as high as 100% – on an average human-led attacks constituted 30% of the attacks on metaverse companies.
For certain industries such as dating, attackers launch hybrid attacks using a mix of bots and human fraud farms. These hybrid attacks are usually a hallmark of a persistent attacker who starts off an attack with bots and switches over to fraud farms when bots are deterred.
Regional attack trends vary according to the level of incentives
Attack trends also vary according to geographical regions. This difference is primarily due to disparities in wages, cost of labor, and comparative currency values that add up to create various levels of incentives. Our research into regional attack trends revealed interesting insights such as the top five attacking countries constituted more than 60% of all attacks in the quarter.
Once again Asia was the top attacking region contributing 40% of all attacks during the quarter. Attacks emanating from China and India rose a whopping 70% compared to Q4 of 2021. The top attacked industries were travel and technology platforms as two-thirds of attacks targeted these industries.
Europe and North America were the second and third most attacking geographies with 33% and 20% share, respectively. In North America more than one-third of attacks targeted logins, primarily in the gaming and retail sectors. North American attackers were 30% more likely to be human than the global average.
European attackers relied more on automation as attacks were 50% less likely to leverage fraud farms. Gaming was the favorite target with 40% attacks targeted towards this sector.
In South America, however, attacks were 5x more likely to be human-driven. The top targets in this region were chat channels and direct messaging in social media and gaming, with two-thirds of the attacks targeting them. Brazil, Venezuela, and Argentina were the top attacking countries.
Human farms were commonly deployed for scraping in Africa and two in every three attacks were fake account registrations. Egypt, Morocco, and Algeria were top fraud hotspots from Africa.
Get deeper insights to fend off volatile attacks
As attacks become more volatile and unpredictable, they can unexpectedly overwhelm servers and fraud and security teams. Therefore, there is a greater need for businesses to adapt to this moving target to be able to detect and mitigate them.
To prevent such volatile attacks, businesses will need deeper insight and intel into the evolving attack trends, attackers’ tactics, and their financial motivations. Arkose Labs’ latest research report provides this crucial intel to help businesses uncover the latest attack trends and the best approach to long-term fraud prevention. Get your copy of the report ‘2022 State of Fraud and Account Security: Q1 Insights’ now.