Exclusive Q&A on H2 2018 Cybercrime Report with Rebekah Moody, ThreatMetrix

ThreatMetrix has recently launched the H2 2018 Cybercrime Report. Could you please share with us the main findings?

There were a number of facts that surprised us this period. Interestingly, the overall attack levels dropped slightly, mainly due to the fact that we saw an overall reduction in ecommerce attacks. However, we saw some pockets of really interesting activity within specific industries.

One of the main highlights is the strong growth in bot attack volumes in ecommerce year-on-year – fraudsters are harnessing the speed and convenience of automated bots to mass test stolen identity credentials in order to perform successful account takeovers. These bots originate from dispersed global geographies, but the Network saw especially high volumes of bot traffic coming from Malaysia, Indonesia, Vietnam, Japan, South Korea, Russia, India and Brazil this period. This is a sign that cybercrime is potentially becoming a significant industry in many growths and emerging economies.

We have also seen a clear growth in account takeovers on the mobile channel in financial services (53% YOY) with fraudsters starting to shift their focus towards mobile attacks in line with the move from desktop-based banking towards mobile banking.
The third industry I would highlight is the media industry, where media companies are a key test bed for stolen identity credentials, which are used to open new accounts, either to build up a trusted reputation online or to commit further fraud. This is perhaps due to their lower barriers to entry and more modest security requirements.

What is the state of fraud in the ecommerce sector? Are hacking bots still a major issue, or have new threats emerged in the environment?

It is interesting that human initiated attacks have dropped slightly in ecommerce, but given the huge bot volumes targeting ecommerce merchants this period – 2.1 billion (142% growth YOY) – the risk landscape remains high, just with a slightly different focus. One of the challenges for merchants is how to detect and block this bot traffic without impacting their ability to process good customer transactions.

What main fraud patterns have you detected during Cyber Monday, Black Friday and holiday season?

In terms of the holiday season, the key finding in this case surrounded bot traffic. Fraudsters see the holiday period as an opportunity to hide beneath high transaction volumes and they attempted to further overwhelm ecommerce merchants with high velocity automated traffic. For one particular payments platform, these bots were originating in the US and Vietnam, likely testing stolen credit card data potentially for use in a further attack during the holiday period.

If we look at financial services, what are the major risks in this space and what makes this sector vulnerable even to this day?

The risk we see in financial services comes from the evolving mobile attack vectors. Although we see that mobile transactions remain safer than desktop, mobile attacks in financial services grew 35 percent year-on-year, with the biggest risk coming from mobile account takeovers. This could indicate the fact that fraudsters are shifting focus to mobile in line with the continued growth in mobile banking.

In addition, fraudsters using social engineering in combination with remote access software is a key risk for financial institutions because it can be very hard to differentiate a fraudster from a good customer if the fraudster is piggy backing an authenticated login session. The key here is to be able to pick out high-risk behavioural anomalies – changes of details and unusual behaviour that does not correspond with what the good customer has done before. Again, we have started to see this pattern of fraud on mobile as well as desktop.

Looking back at 2017, how did 2018 compare in terms of technical evolution and fraud?

We are starting to see instances of more networked cybercrime, where the same fraud network operates across multiple organizations both within the same industry, and across industries and geographies. This implies that cybercrime is becoming more global, better organized, and more networked than we have seen in the past. In addition, we have seen an evolution of mobile attack threats. Modus Operandi that we previously saw predominantly on desktop are shifting across to the mobile channel, for example, remote access attacks targeting financial institutions.

About Rebekah Moody

Rebekah Moody has been part of the ThreatMetrix Fraud and Identity team for nearly four years, helping develop product strategy and market positioning to better understand and solve for the complex fraud, identity and authentication challenges of the company’s varied customer base. Rebekah works with the sales team, prospects, customers and analysts to better understand the current and emerging threat landscape, developing thought leadership articles as well as showcasing customer success stories. Rebekah has been involved in the development of the ThreatMetrix Cybercrime Report for over 3 years, tracking the ever-evolving cybercrime landscape by looking at transaction and attack patterns and trends across industries and global geographies. Rebekah brings over 12 years of marketing and strategy expertise to ThreatMetrix following time at two large London agencies.

About ThreatMetrix

ThreatMetrix, A LexisNexis Risk Solutions Company, empowers the global economy to grow profitably and securely without compromise. With deep insight into hundreds of millions of anonymized digital identities, ThreatMetrix ID delivers the intelligence behind 110 million daily authentication and trust decisions, to differentiate legitimate customers from fraudsters in real time.