ThreatMetrix Cybercrime Report: 90 Million Attempted Attacks Prevented, Reflecting 20% Growth in Q3 2015
Posted November 12, 2015
Quarterly Cybercrime Report examines cybercrime attacks detected by the ThreatMetrix Digital Identity Network, which analyzes more than a billion transactions monthly
SAN JOSE, California – November 12, 2015 – ThreatMetrix®, The Digital Identity Company™, today released its “ThreatMetrix® Cybercrime Report: Q3 2015,” which examines cybercrime attacks detected by the ThreatMetrix® Digital Identity Network (The Network) from July to September. These attacks were detected during real-time analysis and interdiction of fraudulent online payments, logins and new account registrations.
During this period, ThreatMetrix detected more than 90 million attempted attacks across industries, representing a 20 percent increase over the previous quarter. This increase in attacks can largely be attributed to the growing sophistication of cybercriminals and the amount of customer data available for interception. Fraudsters are using bots and botnets to run massive identity testing sessions in order to penetrate fraud defenses.
“Generally, this time of year is slower for businesses as they prepare for the holiday shopping season, but this year it yielded record numbers in attempted attacks,” said Vanita Pandey, senior director, strategy and product marketing at ThreatMetrix. “The majority of the attempts we saw were in the e-commerce space using low-and-slow bots that bypass traditional security defenses. Retailers must stay vigilant when it comes to protecting digital identities.”
E-Commerce and Holiday Shopping Season
During the second quarter of 2015, The Network detected more than 45 million e-commerce attacks, a 25 percent increase over the previous quarter as detailed in the latest Cybercrime Report. This signifies billions of dollars in potential financial loss, as well as potential damage to reputation and brand credibility that has been successfully avoided.
Given the recent EMV mandate in the U.S., brick-and-mortar retailers are updating POS systems to increase in-store security, leading cybercriminals to shift their attention to digital channels. E-commerce brands and retailers should be on high alert due to fraud making its way to the online space.
“Botnets are the new data breach threat, as opposed to Advanced Persistent Threats (APT), which attack the network from the inside out; botnet breaches are targeting the outside-in via digital identities,” said Pandey. “We see very high daily traffic at leading retailers due to low frequency attacks using botnets designed to evade rate and security control measures and thus detection.”
The National Retail Federation (NRF) found that the holiday season is when retailers see at least 20 percent of their annual revenue. This season, the NRF is predicting record numbers, foreseeing a six to eight percent increase in sales. It’s being tabbed as a “digital holiday,” in which the number of purchases being made on a tablet or smartphone will be the highest since the 2011 shopping season.
E-commerce transactions broken down consist of the following percentages and risks:
- 78 percent of transactions were account logins, with five percent high risk
- 21 percent of transactions were payments, with 3.2 percent high risk
- One percent of transactions were account creations, with nearly seven percent high risk
Financial Services Customers Demonstrate High Cross-Device Usage
In the financial services industry, attacks increased 30 percent over the previous quarter, with more than 15 million fraud attempts. As online lending and alternative payments providers represent significant financial gain for fraudsters, this segment is continuing to experience a very high volume of attacks.
As mobile usage continues to rise, consumers are more connected than ever before, creating new opportunities for fraudsters, who are making the online lending space a target for their attacks. Users are transacting more overseas and across time zones and PII is at risk of interception during these occurrences.
Financial services transactions broken down consist of the following percentages and risks:
- 85 percent of transactions were account logins, with 2.5 percent high risk
- 13 percent of transactions were payments, with three percent high risk
- Two percent of transactions were account creations, with two percent high risk
Media Industry Sees Highest Percentage of High-Risk Transactions
The Network detected nearly 20 million media industry attacks during Q3, a 25 percent increase from Q2. Many of the fraud attempts involved fake listings or fake reviews, an increasing trend that should be a top concern in the upcoming shopping months. Many top retailers are dealing with thousands of fake reviews on a daily basis.
ThreatMetrix analyzed online activity across social networks, content streaming channels, and online and mobile dating sites. Modest sign-up and authentication requirements along with user password sharing across sites lead to the media industry being a top target for cybercriminals.
“Businesses are beginning to crack down on fake listings and reviews because they damage brand credibility and lose customers’ trust,” said Pandey. “ThreatMetrix leverages global shared intelligence through its Digital Identity Network to detect and prevent fake reviews and other types of bogus user-generated content from making it onto retailers’ sites.”
Media industry transactions broken down consist of the following percentages and risks:
- 26 percent of transactions were account logins, with five percent high risk
- 54 percent of transactions were payments, with 3.5 percent high risk
- 20 percent of transactions were account creations, with three percent high risk
Mobile Usage Reaches an All-Time High
Mobile usage has continued to increase at a high rate in recent months – more than 50 percent from this time last year. This trend is expected to continue as devices become more widespread and businesses continue to transition into the digital world. Nearly a quarter of users are categorized as mobile only, which is expected to increase as well.
“Increased mobile use during holiday shopping means more avenues for cyber-attacks,” said Pandey. “Our main concern with a growing mobile dependency is being aware of your online persona – how much information you share online and where you share it. These are very important factors in determining a person’s identity.”
Top Digital Nations are Top Attack Originators
Cybercrime is a global phenomenon with fraudsters targeting businesses in countries that have the highest online and mobile penetration. The report notes that the top digital nations are the big attack originators. Three of the top five attack originators are from Western Europe – Germany, France and the United Kingdom – which also continues to be one of the most targeted attack destinations. The United States is one of the biggest players in cyber fraud origination, as well as a key target for attackers worldwide.
“This report comes just ahead of the 2015 holiday shopping season, which promises to be the biggest digital season,” said Pandey. “We live in a time when data breaches are an ever-present threat, and businesses must take the utmost care with their customers’ digital identities. If they don’t, cybercriminals can take fragments of these digital identities and piece together an entire persona from the smallest amount of information.”
To learn more, download the “ThreatMetrix Cybercrime Report: Q3 2015” eBook here.
- Share this news on Twitter: .@ThreatMetrix releases its latest cybercrime report, with key trends in #ecommerce and #financialservices: http://bit.ly/1WSKr82
- Video: ThreatMetrix®, The Digital Identity Company™
- Press Release: ThreatMetrix Unveils New Global Alliance Ecosystem
ThreatMetrix®, The Digital Identity Company™, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 15 billion annual transactions supporting 15,000 websites and 4,000 customers globally through the ThreatMetrix® Digital Identity Network, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain, and lower fraud and operational costs. The ThreatMetrix solution is deployed across a variety of industries, including financial services, e-commerce, payments and lending, media, government, and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.
Join the cybersecurity conversation by visiting the ThreatMetrix blog, Facebook, LinkedIn and Twitter pages.
© 2015 ThreatMetrix. All rights reserved. ThreatMetrix and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.
Walker Sands Communications