Cybercrime Patterns from Across the Globe

Posted September 20, 2018

In this episode Frank is joined by Rebekah Moody, Director of Fraud and Identity at ThreatMetrix. They discuss insights from the latest Cybercrime Report.


Frank:   Hey everybody, welcome to another edition of Digital Identity 360. Our really honored podcast guest today is Rebekah Moody from ThreatMetrix. She’s the Director of Fraud and Identity, and Rebekah and her team are responsible for one of our best industry productions, our Cybercrime Reports. Rebekah, thanks. Good to have you today.

Rebekah:   Thanks very much, Frank, it’s great to be here.

Frank:   Thank you. One of the things, Rebekah, that’s very interesting as I looked at this report, and we’ve just released it just a couple days ago, and congratulations, it’s fantastic.

Rebekah:   Thank you.

Frank:   But one of the interesting things is to look at how identity spoofing continues to be a growing trend, and coupled with device. I mean, those two things continue to be a plague, if you will, to our customers. Maybe speak a little bit to those trends and what you’re seeing.

Rebekah:   Yeah, I think the identity spoofing one is a really interesting one. I mean, I think one of the things we see, particularly in the report, which is shown mainly in the Identity Abuse Index is this kind of relentless attack using stolen identity data, and our Identity Abuse Index is showing the percentage of attacks per day across our entire network. And what we’re seeing is these huge set of spikes and attacks, which when we’re kind of comparing it to some of these news stories that we hear about, about big data breaches, we actually see a kind of direct correlation between the spikes that we see in the network and these kind of big data breaches. And what’s then happening is this kind of stolen identity data is then kind of trickling its way down to all corners of the globe, it seems, and is then being used in kind of large-scale attacks, whether it’s automated bot attacks, whether it’s more targeted attacks. It’s a really kind of pernicious kind of currency if you like for fraudsters that is certainly becoming a bigger problem for us.

Frank:   It’s so interesting you said that. The spikes in attacks, the spikes to our network in the corollary to the attacks, what strikes me is the velocity, how quickly that happens. Maybe speak to how quickly those attempted attacks happen.

Rebekah:   Yeah, absolutely, and in the report we distinguish between sort of really high velocity, high volume bot attacks, which yeah, we can kind of pick up as kind of huge spikes in attack rates and also these kind of slower, more deliberate attacks where we actually see more profiling data when those attacks come in. And some of the bot activity that we see is really interesting, so we’ve started to see some big bot attacks from countries like China, from Vietnam, from Malaysia, from Brazil. So whereas in the past we might have had big attacks from say the biggest economies of the globe, the US, and the UK, and some of the big European countries, what we’re seeing now is this kind of trickling down, like I said, of this identity data, which is really fueling these attacks from these smaller economies, and actually they are then becoming kind of quite big players on the cybercrime world stage, because they’re kind of producing these kind of huge, large-volume attacks.

Frank:   It’s interesting, it’s almost like a safe haven, right?

Rebekah:   Yeah.

Frank:   Where these little countries that are really not thought of very much as the attack vector suddenly became the attack vector.

Rebekah:   And I think that’s actually one of the things that surprised me. I’ve been working on the report for about three years now, and one of the things I find most surprising is this kind of move really from the biggest economies being the biggest attackers to suddenly so in the report we have a map which shows that the top five attackers and what we’re starting to see now, kind of quarter on quarter, is countries like Brazil are appearing on that top attacker list. Countries like China, like Vietnam, and I find that fascinating. Vietnam is in the top five attacker list last quarter for example, this quarter it’s China, and so it feels like cybercrime is becoming much more global, much more organized, much more networked than we’ve ever seen it before.

Frank:   Yeah it’s interesting, the organization piece in the network is fascinating because you’re gonna go where it’s easy, right?

Rebekah:   Yeah, absolutely.

Frank:   And I think as those targets harden, and as countries get better at tracking this stuff they start to move. One of the interesting regional aspects of this report that I found fascinating was just North America in general, Canada in particular, we have some guests speaking today from Canada at the summit, and while overall attacks against financial institutions are lower than global, they’re double year over year within Canada. So even within a country that controls it well you can see those opportunities to attack. Maybe speak to some of those trends.

Rebekah:   Yeah, and I think financial service is a really interesting one, and I think, obviously I’m from the UK and the UK banks are kind of quite advanced in say for example development of mobile banking apps, sort of full-service mobile banking apps, and actually what we’re seeing in the US and Canada is some of the larger banks kind of coming on board with those and becoming sort of more full service providers of banking services across websites. And you’re right, although the overall attack volume’s not necessarily as high as for other financial service institutions like Fintechs for example, we are seeing this growth, and I think one of the things that we totally notice in the trends is that fraudsters are going for the kind of lowest common denominator. And the other thing that they’re doing is they’re looking for the newest trends. So as customers are kind of migrating over to mobile, as people are really embracing full-service mobile apps, they need to be targeting those as well because that’s where they’re going to kind of have the most success. So again, one of the things I’m finding interesting and it’s a trend that I’m really sort of watching is how do the mobile attack rates in banking change and evolve year over year, because we’re certainly seeing some kind of interesting attack vectors in the network. So one example I could give you is remote access attacks. So we’ve been seeing remote access attacks on desktop for a number of months and even years, and actually we’re starting to see those cross over into mobile now, which is really interesting, because fraudsters are kind of picking up that eventually consumers are gonna be doing most of their transacting on a mobile device. So actually, they need to follow that pattern as well. So yeah, it’s an interesting one. And one of the other trends that we saw in the report this quarter was an increase in attacks in logins and financial services, and I think that again is quite an interesting one for me, because historically the new account origination has always been the kind of key point of vulnerability, particularly on mobile apps. But actually we’re also seeing this really strong drive towards account takeover in financial service as well, so I think that will be one to watch for next year.

Frank:   I think, Rebekah, what happens is consumers are fatigued, and breach after breach after breach they change their password credentials maybe, and then they forget. So I think there’s an opportunity to harvest those again, and they come back and do it. Another fascinating thing that came out of the summit yesterday, Alisdair, our Chief Identity Officer, was talking about it and it was this idea that sometimes you’ll protect the web experience, and not apply that same digital identity protection to your app.

Rebekah:   Yeah, absolutely.

Frank:   And fraudsters are now probing both, they’re saying well look, if the web interface is protected, let me try the app.

Rebekah:   Yeah, absolutely.

Frank:   And compromise the app, and unbeknownst to then me as a consumer, I have an experience where my credential through the web channels, through browser channels is secure, but I’m being compromised through the application. So I think your point that fraudsters, nefarious actors, are sophisticated in following the market is absolutely true.

Rebekah:   Yeah. And I think the other interesting point there is I wonder whether there’s a bit of a kind of trend where businesses have been lulled into this false sense of security with mobile transacting, because it is generally perceived as being safer. You’ve got biometrics on your phone, you’ve got password protection on your phone. It has historically been harder to attack a mobile transaction in comparison to a web one. And obviously we do still see that in the numbers in the report, so mobile attacks only currently make up about a third of our total attack volume. But actually, what I think is interesting like we were talking about is that fraudsters are starting to target the mobile channel. So again we’re seeing mobile bot attacks, for example, and we’re also seeing quite a lot of clever social engineering around mobile, so fraudsters kind of targeting customers maybe say when they’re upgrading their phone or when they’re registering for a new channel, and they’re using that point to kind of intercept, pretend that they’re coming from the bank, and really kind of social engineer that particular moment with the customer. So I do think it’s gonna be a really kind of key one to watch, yeah, as we go into 2019.

Frank:   It’s interesting, Rebekah, just the move to mobile within our own network but also globally as we’re seeing our customers move there quickly, 1.6 billion bot attacks this last quarter, you start to put a third of those attacks into context. The mobile channel certainly is under attack, and I think one of the things that’s interesting about consumer behavior is there is I think an unwarranted degree of trust that the mobile is more secure. That the app is more secure. Right? And as you just said, the fraudsters are I think taking care of that and monopolizing it to some degree and monetizing it, I should say.

Rebekah:   Absolutely, and I think customers are generally becoming more aware of kind of social engineering based attacks, but there is, it’s sometimes so hard to detect. I’ve certainly had text messages and well, emails, obviously, and sometimes they’re so pitch perfect, it’s even for someone who works in the industry it can still be really hard to pick up. So yeah, I totally agree with you.

Frank:   Just imagine enclosing an email that comes from your CEO that says, “Here’s your comp plan for next year.” 90% of people are gonna click on that email. Right, it’s the CEO of the company. I think there’s a degree of diligence required on the part of the consumer. I think the takeaway from the first day of our summit yesterday is the imperative on the part of companies to know these, know who your consumer is. Is this real, is it synthesized, is it an attack? Really understand that. I want to commend you and the team on a fantastic report.

Rebekah:   Thank you very much. Thank you.

Frank:   It’s become an industry leading report, often quoted and cited by other global organizations, so congratulations.

Rebekah:   Thank you very much Frank, it’s been great to talk to you.

Frank:   Thank you Rebekah, pleasure, thank you.

close btn