Attacks/Breaches

5/8/2018
09:45 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

South America Emerges as New Hotbed of Identity Fraud: ThreatMetrix Report

SAN JOSE, California – (May 3, 2018) – ThreatMetrix®, A LexisNexis® Risk Solutions Company, today announced new data revealing the morphing nature of global cybercrime, triggered by the expanding worldwide circulation of breached identity information.

In Latin America, this is fueling an outbreak of new account creation fraud. According to the ThreatMetrix Q1 2018 Cybercrime Report, one quarter of all account registrations from this region are rejected as fraudulent. Stolen and synthesized identities are leveraged to attack the growing LATAM eCommerce market, as well as major global American retail corporations. Another key tactic in the LATAM region for monetizing stolen identities is to create fake new accounts using free trials and reselling these for profit.

Global cybercrime expansion is being driven by developing economies recently emerging as major perpetrators of fraud, creating new epicenters of cybercrime off the back of attacks that extend beyond their own borders into the surrounding region. Attacks from Brazil feature in the top five global nations perpetrating cybercrime, with activity targeting neighboring countries such as Argentina and Columbia – as well as leading digital economies in United States and United Kingdom. Vietnam retained its position on the top five list with attacks targeting Japan, Singapore and Australia.

Overall, organized bot attacks continue to proliferate, with a record 1 billion bot attacks seen on the ThreatMetrix® Digital Identity Network® this quarter. This is fueled by a rise in attacks originating from new and emerging economies such as Egypt, South Korea, Ecuador, Ukraine and Vietnam.

“Billions of online users are generating huge swathes of data and unfortunately it is becoming easier and easier for cybercriminals to steal and monetize this, wherever they are in the world,” said Vanita Pandey, Vice President of Product Marketing and Strategy at ThreatMetrix. “Stolen data gives cybercrime a fraudulent mask, as they highjack identities to open new accounts, takeover legitimate user accounts or perform fraudulent transactions. To combat this, digital businesses must embrace 360-degree identity insights that stitch together both offline and online attributes to confirm that users really are who they say they are.”

Identity Abuse Makes Global eCommerce Transactions Ten Times More Risky

Even amidst the traditional post-holiday lull, the overall attack levels for eCommerce remained high in Q1 with almost 150 million rejected transactions. This represents an 88 percent increase in fraud attacks over the previous year. eCommerce sites were also hit with 820 million bot attacks, and on average attack rates are ten times as high compared to financial services transactions.

These attacks continue to be focused on identity abuse and testing. As a result, the overall attack rates for account logins and new account creations have steadily grown in the eCommerce sector, with fraudsters targeting account takeovers to access sensitive personal credentials and saved credit cards.

Specifically, fraudulent new account registrations increased more than 30 percent over the previous year, as fraudsters used the relatively modest sign up requirements of eCommerce vendors as a breeding ground to test stolen identity credentials. And these tests often serve as a gateway to further attacks in other industries.

Digital commerce presents retailers with compelling new revenue streams and customer engagement opportunities. But with the ever-increasing presence of cybercrime, retailers are in a precarious position. They want to provide customers with a frictionless environment, which makes for an easy test bed for fraudsters, who are executing high scale attacks and testing accounts with stolen credit cards.

Payment Processors in the Crosshairs

Advances in technology and shifting consumer behavior are transforming payment processing, offering faster, more convenient ways to pay for purchases and, ultimately, rendering cash obsolete.

Transaction volume among payment processors in the ThreatMetrix Digital Identity Network has grown steadily each quarter, reaching 361 million this past quarter, with 43 percent of these transactions coming from mobile devices. However, payment processor transactions are seeing above-average attack rates and mobile attacks are on the rise.

Over 50 percent of transactions among payment processors are cross-border, which is significantly higher than the 30 percent cross-industry average. Among these cross-border payments attacks rates are 30 percent higher compared with domestic.

Other key highlights from Q1 2018 Cybercrime Report include:

  • 210 million attacks detected and stopped in real time; a 62 percent year-on-year increase
  • Attack growth outpaced transactions by 83 percent in comparison to Q1 2016
  • 58 percent of all account creations are now done on a mobile device, and attacks on mobile account creations grew 150% since the start of 2017
  • A record 1 billion bot attacks seen in the Digital Identity Network this quarter, 100 million of which were from mobile devices.
  • 51 percent of transactions come from mobile devices (55 percent for financial institutions), a 200 percent increase compared to Q1 2015.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11321
PUBLISHED: 2018-05-22
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
CVE-2018-11322
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
CVE-2018-11323
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
CVE-2018-11324
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.
CVE-2018-11325
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.