The Effect of Data Breaches on the Cybercrime Landscape in Asia Pacific
Posted May 24, 2018
If 2017 was dubbed as the “Year of the Data Breach”, it will be interesting to see what nickname is given to 2018, as this current year has already had its fair share of data breaches and appears to be on track to surpass its predecessor in terms of number, size and cost of attacks.
The New Reality
Every year, bigger and more high-profile breaches hit the headlines, arming fraudsters with a myriad of stolen credentials and fueling costly attacks that continue to grow quarter-on-quarter. Cybercriminals’ relentless pursuit for profit has already impacted a number of high-profile brands this year, and while the modus operandi differs from breach to breach, the payoff is the same – credentials. Under Armour, for example, saw emails, hashed passwords and user names compromised in a breach that affected an estimated 150 million users.
Unfortunately, attacks like this are no longer an isolated incident.
Data breaches have become something of a way of life. Cybercriminals are leveraging the borderless nature of the Internet to expand their criminal enterprises globally, with attacks no longer focused on the likes of the U.S. and the U.K.
Indeed, Asia Pacific increasingly finds itself in the crosshairs of cybercriminals. And that shouldn’t be a surprise as massive economic growth in the region is fueling rapid digital transformation, with more of the 4.5 billion people in Asia Pacific adopting smartphones and getting online. In fact, the region saw an estimated 1.25 billion smartphone users in 2017, with Asia Pacific accounting for more than half of the world’s Internet users and now representing the largest region globally in terms of eCommerce sales.
This growth is fueling an huge rise in transactions, with the ThreatMetrix Digital Identity Network® seeing tremendous growth in 2017. According to the APAC Cybercrime Report, overall transaction volume increased 62 percent over the previous year, with mobile making up 46 percent of overall transaction volume – an increase of 56 percent since 2015.
This trend has opened up a veritable treasure trove of credentials to cybercriminals, with attack levels growing significantly as fraudsters, armed with sophisticated crimeware tools, can now get their hands on complete identity information. The heightened risk landscape in the region equated to 260,000 daily attacks detected and stopped by ThreatMetrix in 2017 – that’s a 105-percent increase in daily attacks in just two years.
An Intelligent Enemy
Not only are cybercriminals ramping up their attacks, but by changing tactics and methods of attacks when targeting different regions in Asia Pacific, they are proving to be clever adversaries. For example, the biggest attack type in Australia and New Zealand is device spoofing, while in India, its identity spoofing. Southeast Asia, meanwhile, is particularly susceptible to phishing, mobile device exploitation (Man-in-the-Mobile), and mobile payment exploitation.
We have talked before about how we are now living in a post-data breach world, with the rising attack levels in Asia Pacific further bolstering that claim. Asia Pacific is in the middle of a perfect storm when it comes to cybercrime – rising mobile penetration, booming digital growth, multiple regions, and a lack of governance and cyber awareness existing alongside smarter and more sophisticated cybercriminals. This raises the all-important question – how do businesses protect themselves and their customers against these waves of attacks?
Global data breaches and new account origination fraud were rarely out of the headlines in 2017, with more than 700 million global cyberattacks reported. From the time a cyberattack occurs to when the attack is discovered, fraudsters have already tested, augmented and used validated identities in large-scale attacks. Every piece of stolen information is another piece in the identity jigsaw for fraudsters. An online identity can be knitted together with myriad pieces of stolen information from various data breaches, augmented by data for sale on the dark web.
With cybercriminals increasingly leveraging stolen identities to appear legitimate, it is becoming harder for organizations to distinguish between legitimate customers and fraudsters – but not impossible.
A Smarter Solution
Accurate recognition of a user’s digital identity (based on device, identity, location and threat intelligence and combined with behavioral analytics) ensures that businesses are able to effectively differentiate between trusted users and potential threats, flagging high-risk events in real time.
One company within the region has already seen how digital identity-based solutions can accurately detect and stop fraudsters that use stolen and spoofed identities while reducing friction, which allowed it to expand its product offerings.
Results like these offer hope for businesses in the region – hope that 2018 just might be known as the year of safer digital business.
To learn more about the cybercrime landscape in the Asia Pacific region, download the APAC Cybercrime Report.