2020 was a year like no other. Nearly everything we do as individuals has found its way into the digital world. Millions of people are forced to work from home. According to new benchmark data from ACI Worldwide, November 2020 saw a 21% increase in eCommerce transactions globally compared to November 2019.
Increases in the wide demographic of new internet users place a greater disruption on methods to differentiate between the good and bad users. Especially with more of our global population being first time users in the digital economy, they are most vulnerable to cybercrime attacks. According to Stanford news, nearly 42% of the U.S. labor force is working from home and about 33% are not working. By these sheer numbers, the digital economy is growing greater than it has ever been.
Digital identity intelligence has emerged as a method to compile dynamic data to differentiate between trusted and malicious activity to ensure a smooth user experience for legitimate users. However, this attack and abuse ecosystem has become more advanced over time in masking their identity to bypass these systems. According to ZDNet, as a result of COVID-19, cyberattacks against banks saw a 238% surge in the first half of 2020. This rapid burst in digital attacks makes past prevention methods even more difficult to implement as the increasingly advanced attack toolkits get detailed data insights to improve techniques.
Who is a trusted user?
In a survey conducted by Arkose Labs of cybersecurity professionals on 2020 attack patterns in the wake of the COVID-19 pandemic, participants shared that the rapidly changing consumer traffic patterns make it harder to identify what the new “normal” online behavior is. In a world where face to face transactions are decreasing and online transactions are evolving, the concept of identity has changed fundamentally. Your digital identity is not based on human characteristics or physical identification documents. Application security teams rely purely on data to differentiate between trusted and malicious activity. 2020 has been particularly challenging for this as the sudden shift in the digital behavior of good customers, made it even harder for businesses to tell them apart from bad actors masquerading as good users.
Businesses now play a constant cat and mouse game with cybercriminals that are equipped with new tools that undermine accurate data insights to determine true online identities. According to JD Supra, over 164 million consumer records containing personally identifiable information were affected in the US in 2019. This data security incident amounted to nearly $17 billion in fraudulent identity losses.
It has never been easier for cybercriminals to masquerade as a trusted digital identity and cloak their true intent. To cut down on data breaches and the increasing identity theft, a US bipartisan group of House lawmakers introduced the “Improving Digital Identity Act of 2020” bill in September which will set up a task force across federal, state and local governments to create a new “standard-based architecture” for digital identity services.
In the recent Arkose Labs webinar on the “Top 7 Fraud Trends: 2021 and Beyond”, Kevin Gosschalk, Founder & CEO of Arkose Labs and Johnny Ayers, Founder & CEO of Socure debate their 2021 predictions in the identity fraud space. The conversation speaks on the impacts of the Digital Identity Act of 2020 bill. This may actually result in positive regulatory changes that will spurn innovation that will solve the issues of digital identities at scale. With more restrictions, comes more work for fraudsters to break through and commit cybercrimes that have affected nearly every industry.
Cybercriminals create and weaponize digital identities for identity fraud schemes
Through the years of major data breaches, records of digital identities have been exposed so frequently that people have become desensitized to the risk. The problem is when users reuse passwords for multiple accounts, making it easy for attackers to create and access thousands of digital identities through the dark web. The techniques deployed by bad actors to create a fake online identity and take over an account are successful in 3 major steps:
- Credential harvesting: Credentials are typically stolen using various schemes ranging from phishing attacks, malware attacks, and by exploiting various security vulnerabilities a company may have to extract the data.
- Credential checking: Groups that specialize in validating accounts will buy the harvested list and replay it against multiple target websites. As a result, the attack will extract a refined list of credentials that have been verified to achieve the highest value in ROI for the respective targeted attack.
- Account takeover: The verified and refined lists of accounts are typically put up for sale on the public or dark internet and can be sold multiple times over several years until the value of each list depreciates over time.
The Ultimate Guide to Account Takeover Fraud
Compromised digital identities en masse in action
Backed and armed with accurate knowledge of attack detection parameters used to detect online abuse, malicious actors use their tool kits to attack and convince businesses that they are trusted customers. Here are a few methods used to mask their digital identities:
- Stolen identity credentials
Major corporate data breaches have been making headlines for years. Not long ago in April 2020, Facebook profile details of over 267 million users were stolen and sold on the dark web. Wholesale identity farms are working around the clock to systematically check and verify stolen credentials that are eventually sold on the dark web. Synthetic identities are then stitched together using a combination of legitimate data and fabricated information. This opens a large window of opportunity for cybercriminals to monetize the digital identity data.
- Device intelligence
Consumer devices have been long used as a means for identity in the digital world. Activity from a device previously associated with trusted user activity is typically automatically identified as a trusted user with no further inspection. Attackers take advantage of this. With new data available, they purchase cloned fingerprints of trusted devices. Alternatively, they leverage random device characteristics to appear as a new device.
- IP addresses and location
To complicate location spoofing and proxy piercing technologies, attackers are leveraging tools that let them appear online from a trusted residential IP address. Location spoofing tools have become increasingly sophisticated as transactions can appear from a known or trusted location.
- Behavior analytics
Bad actors have developed a skill to fool behavioral biometric solutions by using sophisticated bots that mimic human activity.Behavioral analytics examines trends, patterns and activities among users and applications to create profiles for each user. With successful attacks increasing, lone attackers utilize this insight to continue targeting individuals.
From reCAPTCHA to Arkose Labs: Companies that Switched and Won
A new reality of digital identity
Businesses today depend on data-driven decision engines that look for clear signals of ‘trust’ or ‘mistrust’. The rise in digitization across all industries has changed faster than ever before and the increase in digital crime will soon follow this upward trend. In the new digital economy, many struggle with the new reality of cyberattack where digital identities are corrupted. There is a growing gray area of unpredictable behavior from good customers and sophisticated spoofing. A long-term approach is needed to disrupt the business of cybercrime and end large-scale attacks.
Accurate attack decisioning must take into account that digital identifies and device information have been hacked and can’t be easily trusted as key identifiers. A robust approach to attack detection is one that combines risk-based decisioning with intelligent step-up to clarify whether or not a good customer’s digital footprint has been compromised. Such a natively combined approach allows the attack decisioning engine to learn about the changing user behavior much faster than a siloed approach.
The Arkose Bot Manager platform includes a dynamic risk engine that analyzes data from user sessions and their interactions with technology. Unearthing behavioral patterns across devices and networks in real-time for accurate behavioral analysis and anomaly detection.
To read more about how to protect your business in a world where digital identifiers can no longer be trusted, download the Beyond Digital Identity eBook.