March 15, 2019
Australia & New Zealand: Cyberattacks Against Financial Services Spike 138%
Posted November 1, 2018
Cybercrime is having a seismic impact on the financial services industry throughout the Australia & New Zealand region, as revealed in our latest regional Cybercrime Report.
According to the head of the Australian Cyber Security Centre, Alastair MacGibbon, one in four Australians were hit by cybercrime last year, which equates to over 6 million Australians. The impact of fraud can be potentially catastrophic for the individuals who fall victims, worrying about the potential financial implications and being prevented from carrying out other legitimate transactions.
It is therefore imperative that ANZ businesses go above and beyond to protect their consumers who are transacting and banking on their websites and apps from the rising tide of cybercrime.
Locating ANZ Cybercrime Trends
Latest analysis from the ThreatMetrix Digital Identity Network shows that this market is quickly becoming an epicenter of both inbound and outbound cybercrime. This data was captured from real cyberattacks originating to and from ANZ from April through June 2018.
Out of 81 million ANZ transactions analyzed within the ThreatMetrix Digital Identity Network during the second quarter, 2.9 million fraud attacks were detected and stopped. Additionally, more than 16 million automated bot attacks occurred within the region, representing a 33% increase in just 90 days.
A particular area of concern was a 138% growth in attack rates on financial services transactions coming from ANZ (from Q1 to Q2 2018) which was a higher jump than in any other region.
Australia has appeared on the list of top 10 countries of origin for cyberattacks nine times in the last 14 quarters between 2015 and Q2 2018. And it also appears to be a prime target for attacks coming from outside its own borders, appearing among the top 5 most targeted nations by malicious actors in the US, UK and China.
This demonstrates the increasingly globalized nature of cybercrime; with increasingly sophisticated ways to spoof locations and with stolen identity data disseminating rapidly across the globe on the Dark Web, attackers will increasingly seek targets in far-away locations to expand their reach and evade law enforcement.
But that’s not the whole story. During the Q2 period, ThreatMetrix was able to flag nearly 600 sanctions violations, whereby actors from countries on the UN sanctions list used a proxy IP to pretend to be from Australia or New Zealand.
Whether for detecting cross-border fraud attacks or sanctions violators, a crucial tool for our customers is the most powerful proxy-piercing technology on the market that can flag users that are looking to mask their true whereabouts for malicious purposes.
Targeting Achilles’ Heel
As the nature and volume of attacks on individuals and businesses in ANZ indicate, criminals are bypassing the hardened defenses most financial institutions have in place by targeting the weakest link in these organizations’ cybersecurity: customers.
When an individual’s or a business’ identity can be successfully spoofed, malicious actors gain access to systems needed to hijack bank accounts, apply for fraudulent loans, make illegal purchases, launder money and more.
Beyond direct losses, the aftershocks can be just as devastating. In the event an attack results in a data breach, financial institutions can expect to face an average loss of $12 million, according to the 2018 Cost of a Data Breach Study from Ponemon Institute. Seven in ten customers won’t think twice about leaving a bank if cybercriminals gain access to customer data. And the negative publicity generated by these events can dampen customer acquisition and retention for months.
Factor in the regulatory fines associated with a growing number of consumer privacy and anti-money laundering (AML) laws in markets around the world, and it’s easy to see why cybercrime has the ground shifting under the industry’s feet.
In the face of all of this, many FIs are looking for ways to beef up their existing user authentication mechanisms, sometimes with biometrics, step-ups and more.
Others are augmenting these and other security technologies with modern, digital identity-based user verification and assessment solutions that help defend against cybercriminals wielding stolen identity credentials. The challenge here is gaining access to global threat intelligence like that generated by the ThreatMetrix network, which draws real-time intel from thousands of companies spanning numerous industries worldwide.
Firms that have deployed such solutions report dramatic reductions in successful cyberattacks that leverage stolen identity data. What’s more, the same technologies virtually eliminate the need for out-of-band authentication, helping deliver a slick, seamless user experience to legitimate customers.
Right about now, anything that absorbs some of the shock of cybercriminal attacks can be a very wise investment.
For more about cybercrime trends in the ANZ region, download a copy of the Q2 2018 ANZ Cybercrime Report.