Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/14/2019
10:00 AM
Kevin Gosschalk
Kevin Gosschalk
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach

A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.

It's been about two months since one of the biggest data breaches in history was announced: A hacker gained access to more than 100 million Capital One customers' accounts and credit card applications.

The announcement made global headlines and left consumers and businesses reeling, but it did not come as a surprise to us. With the recent increase in attack volumes within the Arkose Labs network, we knew something of this magnitude had occurred. It was clear that fraudsters had gotten access to new, powerful information to weaponize.

When analyzing attack patterns, the impact of any breach is instantly visible, sometimes months and years before the breach is discovered and reported. The size and severity of the Capital One breach, the type of data that was compromised, and the customers that have been affected (subprime borrowers and small and midsize businesses [SMBs]) are having a significant impact on the increasingly complicated — and connected — cybercrime ecosystem.

A colleague of mine worked at Capital One for years and remarked how it was there that she learned the value of data and analytics, how it affects profitability and growth, and how it can help predict customer lifetime value and engagement. She and her colleagues would hold heated, data-driven debates on the best ways to engage with the subprime population and successfully use data to build out the digital acquisition channel to target small-business owners.

She made it clear that Capital One understood — and championed — the value of customer data.

And now the same data — data used by Capital One to strategically fuel growth, target businesses, and identify which consumers would provide the most long-term value — is exposed on the Dark Web. Here, it will continue to be used to strategically grow the business of fraud, putting SMBs, consumers, and even large enterprises at heightened risk of attack.

The grim reality is that in today's digital landscape, it wasn't a matter of if but when we would witness another breach with the impact akin to Equifax in 2017 — where the quality of data exposed paints a frighteningly accurate portrait of one's financial health and where the devastating ripple effects of fraud will be felt by end users even years later.

And now, it's more important than ever that businesses understand the role that each breach plays in advancing a criminal's intel and the larger fraud landscape.

The cybersecurity ecosystem is fueled by data, and there are whole enterprises on the Dark Web dedicated to buying and selling customer data and running identity farms. What companies don't understand is that it takes a village to launch a good attack, and cybercriminals have sophisticated and connected networks that give them easy access to a host of compromised credentials from various disconnected attacks. When combined, fraudsters have a significant amount of customer data at their fingertips — from financial and bankruptcy status to Social Security numbers to even beauty preferences and consumer biometrics, as exposed in the Sephora and Suprema breaches. Criminals have unprecedented levels of insight into customers, which can be weaponized for future cyberattacks.

The Capital One incident underscores the fact that there is an abundance of data available that criminals can — and will — exploit to commit sophisticated fraud attacks, such as account takeover attacks, credential stuffing, and single request attacks. It's also a scary reminder that data and digital identity are the two currencies that matter most in our digital economy.

As we head into the holiday season, it's clear that the Capital One breach will play a big role in holiday retail fraud. The retail industry is very susceptible to seasonal and human-driven fraud. In fact, our recent "Fraud and Abuse Report" uncovered more than half of attacks on retail companies were human-driven. Unlike bot traffic, inauthentic human traffic is harder to detect because human behavior is unpredictable and highly nuanced.

Inauthentic human fraud is also powered by data.

We know that fraudsters are preparing to launch large-scale attacks on vendors by validating and testing stolen identities, credentials, and credit card information compromised in recent breaches.

A company's uphill security battle is not between the company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem. Fraud is evolving, and the longstanding approach of removing a criminal's financial incentive to attack is the only solution.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Works of Art: Cybersecurity Inspires 6 Winning Ideas"

Kevin Gosschalk is the CEO and Cofounder of Arkose Labs, where he leads a team of people focused on telling computers and humans apart on the Internet. Before Arkose Labs, Kevin worked on gaming hardware for the intellectually disabled at the Endeavour Foundation and built a ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17330
PUBLISHED: 2019-11-12
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO So...
CVE-2019-17331
PUBLISHED: 2019-11-12
The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and includin...
CVE-2019-17332
PUBLISHED: 2019-11-12
The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and ...
CVE-2010-2488
PUBLISHED: 2019-11-12
NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections.
CVE-2010-3438
PUBLISHED: 2019-11-12
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.