- News & Events
June 13, 2013
You know the old saying about old friends being the best friends? Evidently that also applies to new accounts. Web fraud data compiled from ThreatMetrix’s TrustDefender™ Cybercrime Prevention Platform and ThreatMetrix™ Global Trust Intelligence Network (The Network) shows new account registrations bring the greatest number of attacks. The data was collected from some 1,500 customers, 9,000 websites and more than 1.7 billion cyberevents, and includes new account registration fraud, payment fraud and account takeovers.
Cyberattacks have become as commonplace as fender-benders in rush hour. In fact unless an attack is carried out against a high profile target like Twitter or the Associated Press, it’s not even news. Therefore, it should come as no surprise that the total cost of cybercrime and attempts to prevent it have surpassed a staggering $1-trillion a year. And yes, that’s trillion with a “T”.
Data from The Network reveals that approximately one in ten registrations for new lines of credit, creating profiles on social networking or marketplace sites and enrolling in authentication schemes are originated by cybercriminals. In a recent six-month snapshot ending March 31, ThreatMetrix determined that attacks on new account registrations using spoofed and synthetic identities had the highest rate of attacks. These were followed by account logins and payment fraud.
New Account Registrations
“Account registrations saw the highest rate of attack among the key customer engagement use cases,” said Faulkner. “This isn’t surprising in light of large scale data breaches recently highlighted by Symantec in their Internet Security Threat Report 2013 and Verizon in its 2013 Data Breach Investigations Report. These breaches underscore the relative ease of obtaining a person’s full identity information sufficient enough to bypass most identity verification capabilities.”
Hiding behind stolen identities, human and bot-generated attacks go through proxies and virtual private networks (VPNs) to disguise their origins to bypass address-based filters (The downside of address-based filters is they often block legitimate customers.)
“The economic impact of these attacks varies by industry,” added Faulkner. “However, the common thread is that without automated visibility into the true device, persona, relationship and global behavior, the only alternative is additional verification roadblocks put in front of legitimate customers and extended review and hold-out periods.”
Payments fraud attempts, which include online credit card transactions and money transfers, increased from 3.1 percent to 6.4 percent over the six months ending in March 2013. According to Faulkner, several underlying trends help explain this dramatic increase:
• Sophisticated credit card cyber gangs adopting banking malware, normally used to hijack bank accounts, to steal full credit card information from customers as a fake verification step when attempting to log into a bank account
• Increase in percentage of digital goods sold by ThreatMetrix customers that historically have a higher incidence of attack
• Expansion of the ThreatMetrix customers in new geographies and the increase in global commerce as a whole
• The increased availability and adoption of free and commercial VPN services and the growing use of Platform-as-a-Service (PaaS) providers by cybercriminals to set up ad hoc tunneling protocols. VPNs are favored by cybercriminals because they are impervious to proxy piercing technologies and undetected by traditional IP proxy detection services.
Based on data taken from October 2012 through March 2013, ThreatMetrix customers saw account takeover attempts nearly double (168%). These types of attacks have traditionally focused on banking and brokerage sites, but have recently escalated across e-commerce sites that store credit card details and Software-as-a-Service (SaaS) companies that hold valuable customer data that do not yet have the heightened level of protection as banking sites.
ThreatMetrix has observed a rise in the sophistication of account takeover attempts using blended attacks to exploit companies that do not have an integrated solution for malware, device identification and bot protection. These include:
• Multi-stage malware exploits: Malware, typically using Man-in-the-Browser (MitB) Trojans, is used to extract login and setup verification credentials from a customer that is then used by a separate device or third party to avoid server-side MitB detection capabilities.
• Multi-stage scripted attack exploits: Automated bot attacks test previously breached credentials from third-party sites, exploiting that many people reuse user names and passwords. After checking account balances or verifying whether an account has a stored credit card, a second attack is launched, typically done manually, to avoid any server-side bot detection.
In today’s ever evolving threat environment, no business can stand alone in the fight against cybercrime. Using data pulled from The Network, ThreatMetrix provides businesses worldwide with a collective response to cybercrime.
To learn more, visit http://www.threatmetrix.com/technology/global-trus-intelligence-network/.
ThreatMetrix is the fastest-growing provider of integrated web fraud and cybersecurity solutions. The TrustDefender™ Cybercrime Protection Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,500 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, Bank Fraud, CNP fraud, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Device Detection, Device Fingerprint, Device Fingerprinting, Device ID, Device Identification, Fraud Prevention, Identity theft, Malware, Malware Protection, MitB, Mobile fraud, Online Fraud, ThreatMetrix, ThreatMetrix Cybercrime Index, ThreatMetrix Global Trust Intelligence Network, TrustDefender Cybercrime Protection Platform, Web Fraud