ThreatMetrix Cybercrime Index Finds New Account Registrations Represent Highest Rate of Online Attacks Due to Large-Scale Data Breaches
Posted June 13, 2013
Network Data Also Finds That Account Takeover Attempts and Credit Card Fraud Have Nearly Doubled Over a Six-Month Period
San Jose, CA – June 13, 2013 – ThreatMetrix™, the fastest-growing provider of integrated cybercrime prevention solutions, today announced the ThreatMetrix™ Cybercrime Index, a series of Web fraud data compiled from customers using its Platform that leverages the ThreatMetrix Digital Identity Network. ThreatMetrix Cybercrime Index data was aggregated from 1,500 customers, 9,000 websites and more than 1.7 billion cyber events, and is an industry first that provides insight into the prevalence of Web fraud attacks across the entire customer life-cycle from new account registration, authentication and payment transactions.
“Nearly one in every ten new accounts opened online is done using a spoofed identity, and the incidence of account takeover attempts and online payments fraud have both doubled in a six-month period,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “Data breaches are imminent and given the increased sophistication of malware, organizations should assume that a material percentage of their customers and user accounts are either compromised or criminal and invest accordingly.”
The total cost of cybercrime and efforts to prevent attacks has surpassed $1 trillion annually. Recent high profile attacks include Twitter hacks on LivingSocial and The Associated Press and Chinese hacker attacks on U.S. targets. As these attacks become more common, the ThreatMetrix Cybercrime Index outlines several statistics around new account registration fraud, payments fraud and account takeover.
New Account Registration Fraud
In a recent six-month snapshot ending March 31, ThreatMetrix determined that attacks on new account registrations using spoofed and synthetic identities saw the highest rate of attacks followed by account logins and payment fraud. According to The Network data, nearly one in ten registrations for online services originates from a cybercriminal. New account registrations include applying for new lines of credit, creating a profile on a social networking site or marketplace and enrolling in an authentication scheme.
“Account registrations saw the highest rate of attack among the key customer engagement use cases,” said Faulkner. “This isn’t surprising in light of large scale data breaches recently highlighted by Symantec in their Internet Security Threat Report 2013 and Verizon in its 2013 Data Breach Investigations Report. These breaches underscore the relative ease of obtaining a person’s full identity information sufficient enough to bypass most identity verification capabilities.”
According to Faulkner, the most common form of stolen identities is by human or bot-generated fraud attacks directed through proxies and Virtual Private Networks (VPNs) intended to disguise the true origin of the attacker. These bypass IP address-based geo filter blacklists that also have the downside of unknowingly blocking legitimate visitors.
“The economic impact of these attacks varies by industry,” added Faulkner. “However, the common thread is that without automated visibility into the true device, persona, relationship and global behavior, the only alternative is additional verification roadblocks put in front of legitimate customers and extended review and hold-out periods.”
Payments fraud attempts, which include online credit card transactions and money transfers, increased from 3.1 percent to 6.4 percent over the six months ending in March 2013. According to Faulkner, several underlying trends help explain this dramatic increase:
• Sophisticated credit card cyber gangs adopting banking malware, normally used to hijack bank accounts, to steal full credit card information from customers as a fake verification step when attempting to log into a bank account
• Increase in percentage of digital goods sold by ThreatMetrix customers that historically have a higher incidence of attack
• Expansion of the ThreatMetrix customers in new geographies and the increase in global commerce as a whole
• The increased availability and adoption of free and commercial VPN services and the growing use of Platform-as-a-Service (PaaS) providers by cybercriminals to set up ad hoc tunneling protocols. VPNs are favored by cybercriminals because they are impervious to proxy piercing technologies and undetected by traditional IP proxy detection services.
Based on data taken from October 2012 through March 2013, ThreatMetrix customers saw account takeover attempts nearly double (168%). These types of attacks have traditionally focused on banking and brokerage sites, but have recently escalated across e-commerce sites that store credit card details and Software-as-a-Service (SaaS) companies that hold valuable customer data that do not yet have the heightened level of protection as banking sites.
ThreatMetrix has observed a rise in the sophistication of account takeover attempts using blended attacks to exploit companies that do not have an integrated solution for malware, device identification and bot protection. These include:
• Multi-stage malware exploits: Malware, typically using Man-in-the-Browser (MitB) Trojans, is used to extract login and setup verification credentials from a customer that is then used by a separate device or third party to avoid server-side MitB detection capabilities.
• Multi-stage scripted attack exploits: Automated bot attacks test previously breached credentials from third-party sites, exploiting that many people reuse user names and passwords. After checking account balances or verifying whether an account has a stored credit card, a second attack is launched, typically done manually, to avoid any server-side bot detection.
In today’s ever evolving threat environment, no business can stand alone in the fight against cybercrime. Using data pulled from The Network, ThreatMetrix provides businesses worldwide with a collective response to cybercrime.
To learn more, visit https://www.threatmetrix.com/cyber-security-software/digital-identity-network/.
ThreatMetrix is the fastest-growing provider of integrated web fraud and cybersecurity solutions. The ThreatMetrix Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,500 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.
© 2013 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.