October 20, 2017
October 16, 2017
Posted September 21, 2015
Cybercriminals are attacking the UK more than any other country out there right now.
One of the most interesting cybercrime trends in Q2 was the UK’s emergence as the preferred destination for attackers across the world; with Nigeria, Germany, U.S. and Mexico leading the way in attacking the UK. The UK also features as the second highest originator of cyber attacks, after the United States – so we’re giving as good as we get!
These attacks range from cybercriminals using stolen credentials to create new accounts, masking their true location and identity, as well as using crimeware tools to attack businesses. UK e-commerce and media sites were particularly badly hit.
There are several reasons why the UK has become such a high profile target for global fraudsters.
Here are just a few:
So we have the perfect storm of a global business and financial hub and local consumers forcing a rapid evolution towards digital and mobile services. These go some way to explaining why UK businesses were attacked 50% more frequently than their counterparts in the US.
Who was doing the attacking? Like most countries globally, over 70% of attacks could be said to have been launched from within the target nation. This is because although fraud gangs operate internationally, they’ll usually need some bodies on the ground in the local country to act as – for example – money mules, to receive money from a bank account takeover and send it on to another account or offshore. It’s the same in France, where the top country attacking businesses in the Republic was ‘France’ – nearly five times the volume of the next biggest attack source: the US.
When looking at cross-border attacks there is another practical consideration, which goes some way to explaining why the UK is such a hub for fraudsters. To commit online fraud in a country you have to have the correct language skills. As most cybercrime gangs in Europe are more likely to have English language skills they’ll therefore find it easier to launch attacks into the UK and the US than other possible locations.
The big picture
All of this comes in the context of rising global fraud. Especially badly hit in Q2 was e-commerce, which saw a rise in fraud attacks of 20% to reach 36 million. Account creation fraud was the highest risk, with nearly 7% of transactions blocked by us. Account log-ins (3.6% blocked) were lower risk but represented nearly 80% of all transactions, so there was still a significant account takeover risk for online shoppers during Q2.
This continued rise in fraud can be explained by several factors.
The huge and ever-growing volume of breached data exchanged on the Darknet enables much of this fraud. As does the use of cloaking tools and crimeware designed to fool device fingerprinting technology – enabling the cybercriminal to stay hidden – and automate the whole process for maximum efficiency. The surging use of mobile, which now accounts for 31% of online transactions – also offers fraudsters new opportunities to circumvent first generation tools.
Keeping attacks at bay
In light of the rising fraud rates and the amount of pressure the UK in particular is under, organisations transacting online must find a way to block malicious activity more accurately without affecting revenue from genuine paying customers.
The secret is taking a layered approach which authenticates the individual’s digital identity using the full context of their device, credentials and online behaviour. In Q2 alone the ThreatMetrix Digital Network blocked 75 million fraud attacks, saving customers an estimated $2b in losses. Leveraging anonymised shared intelligence on global transactions to determine digital identities is proving to be a vital strategy in the defence of UK businesses from soaring online fraud.
To read more about fraud patterns in ThreatMetrix Cybercrime Report: Click Here