Menu
Close
- Fake accounts was the #1 attack vector, monetizing promos and free trials
- Bot traffic increased by 25% from Q4 2021
- 40% of attacks from Asia targeted tech companies
Q2 2022
Arkose Labs
Bankrupting the Business of Fraud
Introduction
One thing is certain: The ROI for cyberattacks is greater than ever in 2022. The digitalization of our lives and work means bad actors can attack companies and threaten consumer trust long before a transaction takes place.
Meanwhile, the automated fraud ecosystem grows daily as new tools and resources are created to reduce the barrier to entry for sophisticated bot attacks and abuse schemes.
Catching evolving attacks early requires deeper insight and intel into the tactics and financial motivations of cybercriminals.
Each quarter, Arkose Labs analyzes billions of sessions to uncover the latest attack patterns seen on the most targeted user touch points, across our global network.
This report reveals the top attack trends from Q1 2022.
2022 Attack Trend Highlights
Attack Probability
Up to 20% attack rate during peak weeks
Account Takeovers
4% of all logins (good or bad) are a credential stuffing attempt
Scraping
250% increase in scraping attacks QoQ
Fake Accounts
1 in 4 new accounts is fake
Mobile Attacks
2x increase in mobile-led attacks over Q4 2021
Q1 Industry Trends
- 1 out of 3 sessions on social media and dating sites was an attacker
- Human attacks grew 5x from Q4 2021
- This was the most targeted industry for attacks from Africa
- Bot attacks were 2.5x more likely in Q1 2022 than the previous quarter
- Scraping was the #1 attack vector, aimed at obtaining inventory info
- For every good user session, there was at least one bot session
- Gaming platforms were targeted with nearly 300% more fraud in Q1 2022, driven largely by bot attacks
- Fake account registrations increased 86% from Q4 2021
- Nearly 1 in 5 attacks was human-driven
- Fintech companies experienced 2.5x more attacks in Q1 this year than the 2 years prior
- 75% of attacks were ATO attempts
- 97% of attacks were driven by bots
- Retailers saw 30% more attacks in Q1 this year than the 2 years prior
- 65% increase in fake accounts over Q4 2021, primarily targeting coupon abuse
- 80% of attacks are ATO attempts
Top Attacking Countries
The top 5 attacking countries contributed over 60% of all attacks in Q1. Attack patterns differ in each region because of varying incentive levels due to differences in wages, cost of labor, and comparative currency values.
North America
- 1 in 5 attacks comes from North America
- More than ⅓ of attacks targeted logins, primarily in gaming and retail
- NA attackers are 30% more likely to be human than the global average
South America
- 2/3 of attacks targeted chat channels and direct messaging in social media and gaming
- Attacks are 5x more likely to be human-led
- Top attacking countries: Brazil, Venezuela, Argentina
Europe
- 1 in 3 attacks comes from Europe
- Attacks are 50% less likely to leverage fraud farms
- 40% of attacks in gaming came from European attackers
Africa
- 2/3 of attacks were fake account registrations
- Scraping was the most commonly deployed tactic by fraud farms from Africa
- Top attacking countries: Egypt, Morocco, Algeria
Asia
- 40% of attacks come from Asia
- 2/3 of attacks targeted tech and travel industries
- Attacks from China & India increased 70% from Q4
The Growing Cybercrime Workforce
It no longer takes years of mastery to be an effective cybercriminal. Since the pandemic, the cybercrime workforce has exploded, thanks to the vast information sharing on the dark web and ROI opportunity for Rookie Criminals and Master Fraudsters alike.
Skilled cybercriminals use marketplaces and messaging platforms to promote their own personal fraud business, recommend attack tools and techniques, and offer free step-by-step guides for rookie cybercriminals to quickly become masters at their game.
Profile: Rookie Fraudster
- Leverages the automated fraud ecosystem to make money fast
- Uses marketplaces and messaging platforms to purchase bots-as-a-service and execute attacks at scale
- Earns up to $20,000 per month
Profile: Master Fraudster
- Uses multi-pronged attack strategy with multiple tools scripted, together alongside click farm workers
- Continually invests in resources and development to bypass defenses
- Earns up to $600,000 per month
Estimated Cybercrime Workforce:
15 MILLION
“
We estimate there has been a 10-fold increase in people taking up fraud as a career since 2019 because of the wealth creating opportunities presented.
Brett Johnson
Chief Criminal Officer
Arkose Labs
Bot vs Human Attack Trends
93%of attacks are bot-driven
Bot Attacks are Becoming More Intelligent & Efficient
- Q1 saw consistently higher bot-oriented attacks than the average across 2021, driven by large-scale scraping and credential stuffing attempts.
- Bot attack signatures are 3x more complicated today than in years prior, creating greater detection complexity for businesses.
- Cybercrime-as-a-Service (CaaS) is on the rise, with marketplaces enabling amateur criminals to attack at scale.
7%of attacks are human-driven
Cybercriminals Leverage Click Farms to Abuse Chat Channels
- 90% of human attacks in 2022 have targeted communication channels in gaming, dating, and tech.
- Top targeted companies can see up to 35% of traffic coming from human attackers.
- Bad actors leverage click farms mostly for in-game abuse, spam, scams, and account takeovers.
- Cybercriminals sabotage cost savings for the business and diminish ROI
The Bot vs Human Attack Mix
Bot attacks can overwhelm workflows with a single high volume attack, with peak attack periods being up to 2.5x normal traffic volume across the global network.
Human-led attacks are low-and-slow, allowing attackers to consistently target a platform while staying under the radar.
Hybrid attacks are increasingly common for persistent attackers. They start with intelligent bots, then switch to click farms when bots are deterred.
Top Threats to Trust and Account Security
Q1 Key Trends
- Automated ATOs were 30% higher in Q1 than the average over the past 2 years
- 1 in 4 accounts created was fake
- 250% increase in scraping attacks from Q4 2021 to Q1 2022
Top Attack Types
- Credential stuffing
- Phishing
- Mass fake accounts
- Scraping
Top Signals of Fraud
- Distributing traffic via proxies, hosting, or VPN services
- IP masking
- Short-term velocity spikes
- Traffic coming from fraud farm countries
The Downstream Effect of Account-Based Fraud
As reported by IC3, many of the most costly cybercrimes start with credentials being stolen or a fake account being created. The growing prevalence of fake account attacks reflects the lucrative nature of romance scams, while account takeovers continue to be an attacker favorite for the multitude of ways they can be used for profit. Protecting consumers and preventing fraud losses requires stronger security technology that can detect malicious activity where it originates—on login and registration workflows. Implementing such technology can lead to significant cost savings and improved ROI, allowing businesses to maintain security while also optimizing their operations.
Fintech Reduces ATOs by 70% with Arkose Labs
The Customer
A major US fintech company experienced 20x growth in one year. This massive popularity attracted cybercriminals, who began attacking on multiple fronts.
The Problem
Attackers were executing ATOs at scale and creating fake new accounts to then send phishing messages to users. This caused poor user experience and customer financial losses, and overwhelmed fraud and security teams.
The Solution
Arkose Detect was implemented on the customer’s web and mobile flows to classify traffic risk and determine the appropriate response. Arkose Labs shared detection data with the customer to enhance their internal models.
Results
- Credential stuffing attacks stopped completely
- 6.4 million token replay attacks stopped
- No impact to good user throughput
- Improved ROI and long-term cost savings
Trends to Watch
Accounts are Increasingly Lucrative
85 %
increase in login and registration attacks in 2021
Attack trends in 2021 revealed the critical need for stronger security at the account level. ATOs and fake accounts can be profitable on their own, while also creating high monetization potential for downstream spam and abuse.
Intelligent Bot Revolution
3 x
more complexity in attack signatures
Bots are increasingly sophisticated, able to mimic human behavior with a high degree of accuracy. The number of data points that need to be collected, reviewed, and correlated to form a single attack signature makes it harder to detect them.
Volatile Attacks are the New Norm
80 %
percentage of traffic consumed by a single attack
Businesses need to be adaptable to detect and mitigate high-velocity attacks in and out of peak season that can unexpectedly overwhelm servers and security teams. Having an effective and robust cybersecurity strategy in place can help reduce costs associated with downtime and lost business, while also improving ROI for the business. With the right technology and processes in place, enterprises today can stay one step ahead of malicious actors and ensure their systems remain secure.
Preparing for the Metaverse
40 %
increase in attacks targeting metaverse pioneers over Q4 2021
Attackers are going to great lengths to abuse metaverse communication channels, leveraging click farms to feign legitimacy. Insights from our global network show that scams, microtransaction abuse, and unfair play are threats to monitor as the metaverse develops.