March 15, 2019
Cybercrime Report Trends: Mobile Cyberattacks on the Rise
Posted March 7, 2019
Our new report on cyberattack patterns in the second half of 2018 suggests online businesses will face a rapidly-evolving threat landscape in the year ahead.
According to the H2 2018 Cybercrime Report from ThreatMetrix there were 244 million cyberattacks worldwide from July 1 through December 31, along with 3 billion bot attacks. While this represents a welcome drop in the percentage of human-initiated cyberattacks, bot attacks are on the rise as cybercriminal organizations grow evermore inventive in the ways they attack specific industries.
The report, based on actual cyberattacks detected within the ThreatMetrix Digital Identity Network, is seen as a reliable proxy for cybercrime patterns worldwide. It finds that cyberthieves are rapidly adapting their tactics for an increasingly important mobile channel—while they are emerging, networked attack patterns are sending shockwaves through digital businesses worldwide. Here’s a look at some of the report’s key findings:
Mobile Makes Big Moves
Mobile transaction volume and penetration rates continue to climb as consumers increasingly favor mobile for most use cases across all global geographies. In fact, 6 in 10 digital transactions now originate from mobile devices worldwide.
Financial services in particular seems to be thriving in a mobile-first world. Sixty-eight percent of all transactions in the sector now come through the mobile channel, as do 67% of all account creations and 62% of logins. A rare exception to mobile’s mojo: eCommerce. Yes, there was a blockbuster 2018 holiday shopping season that saw mobile payments surge 20%, accounting for 59% of all online sales. But while consumers are more than happy to open accounts or make payments by mobile device, they prefer to browse goods and services on the larger screen of the desktop in 69% of overall transactions.
Mobile’s importance cannot be overstated in most regions worldwide, including emerging economies that continue to see booming growth in penetration. In Greater China, mobile adoption is up 105% year-on-year. In South America, it’s up 34%. For under- and unbanked populations in these and other regions, mobile is proving key to financial inclusion, enabling traditionally underserved consumers to transfer money to relatives abroad, take out microloans, access online banking services, and more.
Networked Fraud Patterns Fuel Attacks
The ThreatMetrix Digital Identity Network is detecting a growing footprint for cross-organizational and cross-industry fraud, illustrating the global nature and increasingly interconnected world of cybercrime.
This emerging networked fraud pattern is seen when the same stolen identity credentials become associated with confirmed fraud attempts against more than one organization. This can happen within the same industry, with attacks on multiple organizations within a specific sector such as banking, lending, retail, or gaming/gambling. A typical example: networked fraud rings are increasingly leveraging numerous mule accounts spanning multiple financial institutions worldwide in order to cash out laundered proceeds from their crimes.
There are also strong patterns emerging for shared digital identities used in fraud attempts spanning different industry groups. So far, the strongest correlations to emerge include shared fraud occurring between banks and cryptocurrencies, as well between media streaming and retail organizations.
eCommerce Besieged by Bots
While attacks in retail eCommerce actually dropped in the second half of 2018, the pernicious and widespread impact of high-volume, automated bot traffic continues to disrupt business in this industry. During the second half of 2018, more than 2.1 billion bot attacks (more than 2/3 of all such attacks) targeted eCommerce merchants alone—up 142% compared to the same period last year.
In fact, these credential-testing bots can often make up considerably more of an eCommerce merchant’s daily transaction volume than legitimate traffic, making a low-friction online experience for trusted customers all the more challenging for merchants scrambling to stomp out costly fraud.
Financial Services Face Surge in Mobile Threats
Fraudsters always follow the money. So while mobile is still a safer way to transact in comparison to desktop, financial services organizations are experiencing heightened risk in the mobile channel, particularly in the US, Brazil, Canada and Italy which see strong attack growth. In North America, ATO attacks on the mobile channel have surged 211% year-on-year, while Japan has seen them skyrocket by 326% since the first half of 2018.
Yet while ATOs account for the lion’s share of attacks, fraudulent account creations are growing increasingly treacherous in this industry, as cyberthieves eye an opportunity to launder money or take out multiple loans. In Southeast Asia, fraudulent account creations have risen 78% year-on-year overall, and up 106% in mobile. In South America, a region vulnerable to online and mobile fraud, account creation attacks are up 130%.
Forecast: More Complexity Ahead
As 2019 progresses, the trends seen in the latter half of 2018 continue to evolve. And they’re being joined by other concerns—including everything from “master keys” that defeat biometric scanners, to AI-driven chatbots that dupe customers into divulging personal information, to the continuing wave of privacy and security regulations wreaking havoc for organizations around the globe.
No single-point solution will be enough to counter this. According to organizations that have achieved it, the only reliable approach to overcoming these increasingly complex threats is a layered defense that unites globally-networked digital identity intelligence with the fraud detection, identity verification, and authentication capabilities needed to streamline and secure the entire digital customer experience.
With cybercrime expected to top $5 trillion in global losses by 2021, it’s a safe bet other organizations will seek to achieve the same thing this year—or risk watching customers defect to those that can.
For more on global cybercrime trends and how a digital identity-based approach to online fraud prevention can benefit your organization, download the H2 2018 Cybercrime Report from ThreatMetrix