ThreatMetrix®, The Digital Identity Company®, today revealed that 2017 was a record-setting year in the fight against cybercrime. Based on analysis of real world cybercrime attacks—as seen across its global network, which analyses 100 million transactions a day— the ThreatMetrix Cybercrime Report 2017: A Year in Review confirmed a 100 percent increase in volume of attacks over the last two years. The good news is that record numbers of these attacks are thwarted by organisations investing in innovative, digital-first strategies to protect consumers facing downstream attacks from large-scale data breaches.
Tweet now: From breaches to bots, insights from 700M thwarted cyberattacks show how the fight against #cybercrime has intensified. Read more from the @ThreatMetrix Cybercrime Report. http://bit.ly/2CVYzLm
Fraudsters are no longer looking to make a quick buck from stolen credit cards. Instead, they are targeting more ambitious attacks that produce long-term profits, leveraging sets of stolen identity data. This is demonstrated by a highly elevated attack rate on account creations—the most vulnerable activity. In fact, more than one in nine of all new accounts opened in 2017 were fraudulent.
ThreatMetrix Cybercrime Report 2017 data also revealed bot activity levels which account for up to 90 percent of traffic on some retail sites. Even consumers who aren’t directly affected suffer, as they experience lengthier identity verification by many businesses attempting to separate legitimate activity from fraud. Consumers Targeted Immediately in the Wake of High-Profile Breaches Cyberattack levels hit more extreme spikes in 2017 than ever before. These spikes, when aggregated across thousands of organisations, point to major data breaches—often even before they have hit the headlines. For example, the ThreatMetrix Digital Identity Network® detected unprecedented spikes in irregular behaviour immediately after Equifax fell victim to major incidents. Every organisation is a target of serious security breaches, putting the onus on downstream protections across all websites and applications to stop leaked data from being effectively used for fraud.
“As attacks intensify, so does the need for investment in advanced technologies to protect consumers, including individuals with breached identity and financial credentials,” said Vanita Pandey, vice president of product marketing and strategy at ThreatMetrix. “Analysing transactions based on true digital identity is the most effective way to instantly differentiate between legitimate users and cybercriminals. We leave traces of our identity everywhere, and by mapping the ever-changing associations between people, their devices, accounts, locations and addresses, across the businesses with which they interact, trusted behaviour for an individual becomes apparent.”
Changing Consumer Behaviour and Shifts in Cybercrime Trends Go Hand-in-Hand Trends in consumer behaviour influenced cybercriminals’ increasingly complex attack patterns. Examples of both, as identified by the ThreatMetrix Cybercrime Report 2017, include:
● The volume of mobile transactions grew by nearly 83 percent as consumers embrace multi-device behaviour, with mobile overtaking desktop-based transactions for the first time in 2017.
● Account takeovers attacks increased 170 percent, now taking place once every 10 seconds.
● 83 million fraudulent new accounts were attempted between 2015 and 2017. Fraudsters create complete identities and open new accounts by quilting together identity data, harvested from breaches and the dark web.
● Fraudulent payments increased 100 percent over the last two years. Fraudsters use a stolen credit card, or hack into a victim’s bank account, to transfer money to a new beneficiary.
● Emerging industries - particularly ridesharing and gift card trading sites -- are particularly susceptible to fraud, as cybercriminals exploit new platforms for doing business.
● Hackers are getting even craftier. The Cybercrime Report 2017 confirms that hackers are layering their efforts to make them harder for the individual to detect. For example, social engineering attacks convince consumers they’ve been defrauded, and persuade them to “secure their account,” through steps that actually give fraudsters access.
“With the volume and complexity of attacks increasing daily, businesses need to accurately differentiate customers from criminals in real time, without impacting transaction speeds or introducing unnecessary friction,” continued Pandey. “By looking beyond static data—and drilling down to the dynamic intricacies of how people transact online—companies can continue to grow their digital businesses with confidence.”
To access the Cybercrime Report 2017 click here.
About the ThreatMetrix Cybercrime Report
Cybercrime Report 2017: A Year in Review is based upon actual cybercrime attacks, detected and blocked during real-time analysis and interdiction of fraudulent online payments, logins and new account applications on the ThreatMetrix Digital Identity Network® between January and December 2017.
About ThreatMetrix ThreatMetrix®, The Digital Identity Company®, empowers the global economy to grow profitably and securely without compromise. With deep insight into 1.4 billion anonymized user identities, ThreatMetrix ID™ delivers the intelligence behind 100 million daily authentication and trust decisions to differentiate legitimate customers from fraudsters in real time.
Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.
Cybersecurity Insights - Attack
No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?
Cybersecurity Insights - People
Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.