Security Experts:

Growth in Cyber Fraud Attacks Outpacing Growth of Transactions: Report

Cybercrime in 2017

The United States is the world's primary target for cyber fraud attacks. Europe has emerged as the major source of attacks, now accounting for 50% more attacks than the US. The growth in attacks is outpacing the growth of transactions; and in a 90-day period, 130 million fraud attacks were detected.

These details come from the ThreatMetrix Cybercrime Report Q1 2017 (PDF). The report shows that strong economies tend to attack other strong economies, with the USA primarily targeting the USA, Canada and the UK; Germany targeting the USA, the UK and Germany; and the UK targeting the USA, the UK and Ireland. The UK is now one of the world's largest attack originators.

While this concentration on North America and Europe is partly driven by the expectation of richer targets, it is probably also affected by attackers concentrating on areas where they already understand the local banking and finance methodologies.

The figures come from ThreatMetrix's analysis of 'high-risk' transactions found among the nearly 2 billion transactions it monitors every month. It shows a growth in mobile transactions, a growth in the sophistication of attacks, and an increase of around 23% in the figures from the same period in 2016.

"The complexity and speed of evolving attack vectors continues to take us by surprise," commented Vanita Pandey, vice president of product marketing at ThreatMetrix. "Fraudsters are operating within a much broader cybercrime landscape; one that shares knowledge, tools and exploits; trades information, tests and refines and constantly analyzes the market for new opportunities."

Partly this is being driven by the availability of huge volumes of user credentials stolen over the last few years and now readily available on the internet. Although breached organizations are quick to claim that their stolen data was encrypted or hashed, "what is clear," says the report, "is that identity data is the critical currency in global cybercrime, as fraudsters piece together full and convincing identities which are then used to perpetrate large-scale attacks."

"Cybercrime," it adds, "is becoming increasingly automated, sophisticated and is scaling exponentially through well organized crime rings with access to large-scale networks of infected devices available at their disposal to inundate online systems with large volumes of fraudulent transactions. They also use scripts (often in conjunction with bots) to perpetrate such transactions."

Fintech, unsurprisingly, is a major target. This is set against a background of increasing mobility, digital wallets and online remittances. Digital wallet transactions grew by 80% year-on-year, with a 180% increase in associated bot attacks. "Loan stacking and bustout scenarios are common attack vectors," explains ThreatMetrix, "where fraudsters capitalize on time delays inherent in reporting loan agreements to credit bureaus. Stolen identity credentials and device spoofing techniques allow cybercriminals to bypass even complex application procedures."

The company warns that attackers have a wide range of attack vectors and tools at their disposal. "Fraudsters have a gamut of threat vectors at their disposal to perpetrate fraud, including Malware, remote access Trojans (RATs), Man-in-the-Middle attacks and automated bot attacks. These are often used in combination to perform mass identity testing attacks (via an advanced bot), and then take over a trusted user account via a Man-in-the-Middle attack and/or RAT."

Pandey comments, "We saw a number of high-profile global breaches over the last year. Identities are being bought, sold, traded and augmented by criminals seeking to improve the success of their increasingly complex attacks. All of this points to one thing: Identities are the critical currency in cybercrime this year and it is up to businesses to look beyond static data to check that users are who they say they are."

ThreatMetrix has raised more than $90 million in funding, including $20 million in Series E funding in March 2014, and $30 million in growth funding from Silicon Valley Bank in October 2016.

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.