Fraud Prevention

Fraudsters Are Increasingly Diversifying Their Attacks And Hijacking IPs

May 13, 20215 min Read

hijack IP

During the first quarter of 2021, fraudsters maneuvered their resources by diversifying attack types, hijacking IPs to take advantage of the ongoing efforts to revive global economies and move towards a new normal. While 2020 was dominated by account takeover and login-based attacks, there were more varied attacks during Q1 2021, according to Arkose Labs’ most recent fraud report

Fraudsters diversified their attacks during Q1 2021, targeting a number of digital customer touchpoints. There was a significant increase in bot attacks in Q1 2021, especially to disseminate spam, scrape information, in-game abuse on online gaming platforms, inventory hoarding, and API abuse, according to the Arkose Labs Q2 2021 Fraud and Abuse Report. There was also a marked increase in payment-related attacks and spam and abuse in the first quarter of 2021. Payments attacks rose 27.6% compared to Q4 2020, whereas there was a 36.1% increase in abuse. This was unlike many previous quarters where the majority of attacks were on logins and credential stuffing, although attacks on logins continued to remain high at 45% of all attacks and registration attacks constituted 26.2% of the attacks.

Hijacking trusted IPs

To expand their attack opportunities and execute attacks while avoiding detection, fraudsters also increasingly hijacked trusted IP addresses from regions such as North America that are not usually known for high fraudulent activity. This is made easy due to an increase in the number of new IPs associated with smart devices and Internet of Things (IoT), as the number of internet connected devices — including home security devices, virtual assistants, smart appliances — have multiplied in homes over the last several years. Attackers are hijacking these new IPs by compromising routing tables by rerouting Border Gateway Protocols (BGPs), the standard routing protocol of the internet.

Once these devices are compromised, fraudsters can use them to either launch DDoS (distributed denial of service) against websites or to appear as 'good' traffic that has previously been seen and verified by a particular digital platform. This enables them to launch a number of fraud attacks against a business or user. As a result, businesses that rely on IP reputations for fraud decisioning, cannot accurately identify bad actors from genuine users, because the signals from the incoming traffic increasingly fall in the 'gray' area and don't explicitly appear good or bad. Therefore, with IPs getting hijacked, these businesses can no longer rely on IPs for user verification and need secondary screening to accurately test potentially suspicious traffic. This will also enable them to ensure good users aren’t blocked and fraudsters are kept out.

Tech platforms are often victims of diversified attack types

When it comes to diversified attack types, technology platforms often experience a bit of everything. In Q1 2021, there was a noticeable spike in human-driven attacks on the new account sign up flow. Fraudsters usually sign up for fake new accounts on cloud storage and collaboration platforms to get free promotional server time, which is used to mine bitcoin or other cryptocurrencies. At a human attack rate of more than 40% in Q1 2021, technology platforms witnessed some of the highest ratios of human-driven attacks, which also reflects the intricate and varied ways that fraudsters target these platforms.

Protecting multiple touchpoints

The interaction between consumers and businesses continues to spread across numerous digital touchpoints. Fraudsters are exploiting this expanded attack surface with tools and tricks available in plenty and supplemented by a prolific increase in smart, internet-connected devices, as well as stolen data. They blend in with the good traffic and mimic genuine users, making it difficult for businesses to spot them.

Businesses are obliged to protect customer interactions from potential abuse and attacks. That said, protecting numerous touchpoints from complex and ever-evolving attack techniques can be a daunting task for any digital business and their traditional fraud mitigation approaches often fail them in their fight against fraud and abuse. They must, therefore, adopt a new trust and safety approach that allows them to analyze the increase in digital traffic and parse out suspicious from the non-suspicious, without disrupting user experience for good users.

Stop attackers, increase good user throughput

Arkose Labs enables digital businesses globally to accurately identify and stop suspicious users and increase good user throughput by shifting the attack surface from the business network to its own network. This allows the business to relieve the internal resources that can be used to focus on core business activities. Meanwhile, the Arkose Platform allows every incoming user to prove authenticity by solving a 3D challenge. Based on the real-time risk assessment of every user, the challenge-response mechanism presents a challenge to the user. Often, good users can easily pass the challenge, while bots and automated scripts fail. Malicious humans face continuous challenges that keep becoming more complex and time-consuming. This wastes the time, effort, and resources required to clear the challenges at scale, making the attack financially non-viable and forcing the attackers to abandon the attack.

Arkose Labs helps digital businesses to fortify their defense right at the entry gates so fraudsters can be prevented from entering the business network and monetizing their exploits, thereby helping create a safer internet for everyone.

To learn how Arkose Labs bankrupts the business model of fraud to enable long-term protection of businesses from diversified attack types, please book a demo now.