An alarming 21% of all traffic in 2021 was an attack
SAN FRANCISCO and LONDON – February 8, 2022 – Arkose Labs, the global leader in fraud deterrence and account security, today released new data on the latest online fraud trends, revealing record increases in attacks across multiple sectors. The company’s 2022 State of Fraud and Account Security report reveals the top six fraud-fighting trends from 2021 and provides data that emphasizes no digital business is immune from attack. Bots, human attacks and the rise of “Master Fraudsters’ have created a disruptive and vulnerable environment, making online fraud deterrence even more critical for businesses.
“The increase in frequency and severity of fraud last year was higher in 2021 than any other year we’ve monitored, which is especially jarring considering how extraordinary 2020’s numbers were,” said Vanita Pandey, chief marketing officer for Arkose Labs. “ The Arkose Labs Global Network’s most recent threat intelligence shows an eye-opening 21% of all online traffic was an attack, with nearly every industry seeing stark increases in every type of attack across nearly every industry. As fraudsters become more sophisticated, we must outpace their efforts and continue to provide the best-in-class solutions to keep our customers’ accounts secure.”
Highlights from the report include:
- Account security became paramount in 2021 – Attackers jumped at the opportunity to monetize their efforts by targeting login and registration points at scale. Login and fake account attacks increased 85% year-over-year and every fifth login attempt was an account takeover (ATO). Additionally, one in four new account registrations was fake, with fake accounts more than doubling (2.5x) in 2021 compared to the year prior. Credential stuffing also saw a sharp increase in 2021, accounting for 4% of traffic and 80% of login attacks.
- Attackers followed consumer engagement across industries – As industries continued to embrace a new digital norm, attackers capitalized on areas of high consumer engagement. Five out of the six industries Arkose Labs analyzed experienced increased attack probability in 2021, with travel and entertainment websites seeing the biggest impacts. Attackers specifically preyed on the resurgence in travel with scraping attacks, compromising a massive 45% of traffic on travel sites. The report further details industry-specific trends for gaming, media and entertainment, financial services, tech, travel, and retail.
- Attacks are more volatile than ever –A single attack can consume nearly 80% of traffic, and in 2021, credential stuffing spikes hit up to 76 million per week. Attack rates doubled during peak season in November, making it the most dangerous month in 2021. Bots were used almost exclusively during this time period, which is increasingly known as “Black November,” due to its unparalleled volume of cyberattacks. Still, these high-velocity attacks overwhelm servers and fraud and security teams, regardless of season, and businesses must be adaptable to mitigate damages.
- The intelligent bot revolution is in full play – Bots mimic human behavior with a high degree of accuracy, accounting for 86% of all attacks. Automated attack and evasion orchestration includes combinations of sophisticated measures including stolen and synthetic credentials, CAPTCHA solving, human fraud farms, device spoofing, IP spoofing, and hijacking, and attack scripts. Today’s bot signatures are three times more complex than signatures of previous years, challenging fraud and security teams with triple the values to analyze in an average bot signature. This level of intelligent planning makes it more difficult to assess risk and make accurate decisions. Businesses require even more sophisticated analysis to detect anomalies and prevent loss.
- Metaverse companies are more likely to be targeted by “Master Fraudsters” – –The rise of virtual worlds creates new attack opportunities for bad actors. Insights from the Arkose Labs’ Global Network show scams, microtransaction abuse, and unfair play are top threats in a metaverse world. These companies experienced 80% more bot attacks and 40% more human attacks than other businesses. “Master Fraudsters” attack their targets by scripting together multiple tools with intense persistence. They combine bots and fraud farms, and invest large amounts of capital, creating virulent attacks. “Master Frauders” top attack patterns to disrupt fair commerce include microtransaction fraud, spam, and scams.
- Asia leads the world in perpetrating attacks – In prior years, Russia consistently topped the list of attacking countries. While attacks out of Russia are still prevalent, attackers from Asia took the top spot in 2021, with 40% of all attacks coming from this region. More specifically, one of every two Asian attacks originated in China. Leveraging an ecosystem of tools and low-cost resources, two-thirds of Chinese attacks targeted registration, primarily driven by abusing free trials for crypto mining.
The report highlights the need for companies to have increased awareness and diligence when it comes to thwarting cybercrime. Today, Arkose Labs provides support for some of the world’s most recognized brands and platforms, including Honey, LinkedIn, Microsoft, PayPal, Pitney Bowes, Roblox, Venmo, and Zilch, covering industries such as financial services, fintech, gaming, retail, technology, and social media, representing more than 1 billion social media users, 60% of online video gamers, and 40% of all retail volume.
“From the earliest days of online information to the rapid evolution of today’s metaverses, the internet has come a long way,” said Pandey. “It’s imperative that companies online protect their platforms and their customers from malicious activities.” She concluded, “We have the ability to do this today, and our approach is making it more difficult and less lucrative for attackers to conduct fraudulent activity.”
About the Report
The 2022 Arkose Labs Fraud and Account Security Report is based on actual user sessions and attack patterns analyzed by the Arkose Labs Fraud Deterrence Prevention Platform from January through December 2021. These sessions, spanning account registrations, logins, and payments from financial services, eCommerce, travel, social media, gaming, and entertainment, were analyzed in real-time to provide insights into the evolving fraud and risk landscape. The report focuses on attacks from fraud outlets that combine state-of-the-art technology with stolen identity credentials and human efforts.
About Arkose Labs
Arkose Labs’ mission is to create an online environment where all consumers are protected from malicious activity. Recognized by Gartner as a “Cool Vendor in Fraud and Authentication,” the company offers the world’s first $1 million credential stuffing warranty. Its AI-powered platform combines powerful risk assessments with dynamic attack response that undermines the ROI behind attacks while improving good user throughput. Headquartered in San Francisco, CA with offices in Brisbane and Sydney, Australia, Tokyo, Japan, and London, UK, the company debuted as the 83rd fastest-growing company in North America on the 2021 Deloitte Fast500 ranking.
Jean Creech Avent
Global Head of Communications and Brand