Cloud

6/21/2018
10:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Report Shows Fraud on the Rise with Sharp Growth in US-Based Activity

DataVisor reports 900 million malicious activities and transactions in Q1 2018.

MOUNTAIN VIEW, CA -- (June 20, 2018) - DataVisor, the leading provider of fraud detection solutions using unsupervised machine learning, today released its DataVisor Fraud Index Report for Q1 2018, providing the latest insights into trends in global fraud activity and attack techniques. Last quarter, DataVisor uncovered a total of 900 million malicious activities and transactions. The report reveals dramatic growth in fraud infrastructure, with fraudulent accounts growing by 50 percent from Q4 2017 to Q1 2018.

North America Emerges as a Leading Source of Financial Crime

The proportion of fraud originating from North America doubled since the previous quarter. The United States in particular hosts more than 51 percent of fake accounts targeting online and financial services in North America and Europe, dwarfing countries in Southeast Asia and Eastern Europe that have historically been hotspots for fraud.

Bad Actors Continue to Migrate to the Cloud

Fraudsters are taking advantage of cloud service infrastructure, such as virtual servers and anonymous proxies, which allow them to easily orchestrate attacks at scale and hide behind legitimate networks. Approximately 27 percent of accounts associated with cloud service provider IP ranges appear to be fraudulent, with some data centers having more than 90 percent fraudulent activity.

Fraudsters Step up Device Spoofing to Evade Detection

Fraudsters are getting better at mimicking legitimate user activities, including using device platforms popular among real users. 28 percent of fraudulent accounts originated from Mac OS X devices this quarter, representing a 4-fold increase over last quarter. As Mac OS is associated with fewer fraud activities in the past, fraudsters are likely spoofing their user agent strings to avoid detection.

“Our research shows that fraudsters are not only scaling up their attacks, but also becoming more sophisticated,” said Ting-Fang Yen, director of research at DataVisor. “Fraudsters are evolving quickly and using the latest technologies to evade detection -- an example is the widespread practice of device and OS spoofing. Solutions that automatically adapt to ever-changing attacks will be critical for businesses looking to protect themselves against fraud and abuse.”

The DataVisor Fraud Index Report for Q1 2018 is based on attacks detected by the DataVisor UML Engine between January and March of 2018 from analyzing 40 billion application-level events and 680 million user accounts across some of the largest internet properties and financial services in the world.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17208
PUBLISHED: 2018-09-19
Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell me...
CVE-2018-17205
PUBLISHED: 2018-09-19
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not ex...
CVE-2018-17206
PUBLISHED: 2018-09-19
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
CVE-2018-17207
PUBLISHED: 2018-09-19
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
CVE-2017-2855
PUBLISHED: 2018-09-19
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HT...