As the holiday season draws near, cybercriminals are making lists and checking them twice, according to a new study by Arkose Labs. The Q4 Fraud and Abuse Report,” published Nov. 5, 2019, cited a 70 percent increase in bot-driven account fraud. Researchers analyzed over 1.3 billion financial service, ecommerce, travel, social media, gaming and entertainment transactions between July 1 and Sept. 30, and found one in five account openings were fraudulent.
Kevin Gosschalk, CEO of Arkose Labs, said the report shows evolving patterns in global cybercrime, which has become broader and more complex in nature, making incentives and victims more difficult to detect.
“One thing is clear: the way fraudsters are weaponizing compromised data from recent high-profile breaches highlights the deep connectivity of the global cybercrime ecosystem that goes way beyond selling stolen data or knowledge sharing,” Gosschalk stated. “One attack is a precursor to another attack, and they can be in two different industries, across two different geographies.”
Vanita Pandey, vice president of strategy at Arkose Labs, noted that massive security breaches have flooded the market with identity credentials, which fraudsters use in increasingly sophisticated ways.
“Identity is the new global currency, which explains why fraudsters are prioritizing valuable resources to test and validate identities across disparate industries,” she said. “As we enter the next stage of the post-breach era, when identities have been compromised en masse, and fraudsters have access to behavioral information on consumers through hacked accounts, it has never been more difficult to validate digital identity. Intelligent step-up challenges can be the missing link to clarify whether an online identity has been corrupted by fraudster or is being exploited by organized sweatshop activity.”
Increasing human-driven fraud highlights why businesses need to rethink the role of friction within their authentication strategy, Pandey stated. The payments industry has been focusing on acceptance rates, but adding a little friction is not bad if it helps retailers protect attack surfaces while giving consumers a simple way to prove they are legitimate.
Report data also revealed an increase in human-driven fraud, as criminals weaponize identity credentials during the holiday shopping season. She advised brick-and-mortar and ecommerce retailers to be especially vigilant to new account openings throughout the high-peak retail period.
Researchers found that more than half of human-driven cyberattacks originate in China and Russia. The report’s New Attack Incentive Index measured financial motivations by country, blending regional economic indicators with proprietary data on known attack vectors. The higher the incentive, the more resources they will likely deploy to preserve ROI, they noted.
“The variability of human-driven attacks continues to be visible, driven primarily by the ‘office hours’ the fraudsters keep and the traffic patterns of the businesses they are trying to attack,” researchers wrote.
The New Attack Incentive Index’s highest ratings were assigned to Russia, the Phillipines and Indonesia, where the U.S. dollar outperforms native currencies, researchers noted.
“Philippines is the top attack originator; fraudsters are driven by the low purchasing power of the region, meaning that there are big gains to be won in defrauding western countries,” they wrote. “Global cybercrime networks leverage currency valuations in various regions to their advantage, making it imperative for business owners to understand varying global economic factors that incentivize fraud.
Businesses must protect attack surfaces by understanding varying global economic factors that contribute to cyberfraud, Gosschalk stated. “The best defense in today’s fraud landscape is a strategy rooted in prevention, which removes the economic incentive for fraudsters to attack,” he said.
Please read the original article, here.