Account registrations see the highest rate of online attacks

According to the Cybercrime Index released by ThreatMetrix, a US provider of integrated cybercrime prevention solutions, almost one in ten registrations for online services originate from a cybercriminal. New account registrations include applying for new lines of credit, creating a profile on a social networking website or marketplace and enrolling in an authentication scheme.

According to Alisdair Faulkner, chief products officer ThreatMetrix, the most common form of stolen identities is by human or bot-generated fraud attacks directed through proxies and Virtual Private Networks (VPNs) intended to disguise the true origin of the attacker. These bypass IP address-based geo filter blacklists that also have the downside of unknowingly blocking legitimate visitors.

Research also shows that payments fraud attempts, which include online credit card transactions and money transfers, have increased from 3.1 percent to 6.4 percent during the period under review. Faulkner mentions that the substantial growth can be attributed to certain trends including:
• Sophisticated credit card cyber gangs adopting banking malware, normally used to hijack bank accounts, to steal full credit card information from customers as a fake verification step when attempting to log into a bank account;
• Increase in percentage of digital goods sold by ThreatMetrix customers that historically have a higher incidence of attack;
• Expansion of the ThreatMetrix customers in new geographies and the increase in global commerce as a whole;
• The increased availability and adoption of free and commercial VPN services and the growing use of Platform-as-a-Service (PaaS) providers by cybercriminals to set up ad hoc tunneling protocols. VPNs are favored by cybercriminals because they are impervious to proxy piercing technologies and undetected by traditional IP proxy detection services.

With regard to account takeover, findings point out that attempts have almost doubled (168 percent). These types of attacks have traditionally focused on banking and brokerage websites, but have recently escalated across e-commerce websites that store credit card details and Software-as-a-Service (SaaS) companies that hold valuable customer data that do not yet have the heightened level of protection as banking websites.

ThreatMetrix Cybercrime Index unveils a rise in the sophistication of account takeover attempts using blended attacks to exploit companies that do not have an integrated solution for malware, device identification and bot protection. These include:
• Multi-stage malware exploits - Malware, typically using Man-in-the-Browser (MitB) Trojans, is used to extract login and setup verification credentials from a customer that is then used by a separate device or third party to avoid server-side MitB detection capabilities;
• Multi-stage scripted attack exploits - Automated bot attacks test previously breached credentials from third-party websites, exploiting that many people reuse user names and passwords. After checking account balances or verifying whether an account has a stored credit card, a second attack is launched, typically done manually, to avoid any server-side bot detection.

ThreatMetrix Cybercrime Index consists of a series of web fraud data compiled from customers using its TrustDefender Cybercrime Prevention Platform that leverages the ThreatMetrix Global Trust Intelligence Network (The Network). The Index provides insight into the prevalence of web fraud attacks across the entire customer life-cycle from new account registration, authentication and payment transactions.ThreatMetrix Cybercrime Index data was aggregated from 1,500 customers, 9,000 websites and more than 1.7 billion cyber events.