Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/14/2019
10:00 AM
Kevin Gosschalk
Kevin Gosschalk
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach

A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.

It's been about two months since one of the biggest data breaches in history was announced: A hacker gained access to more than 100 million Capital One customers' accounts and credit card applications.

The announcement made global headlines and left consumers and businesses reeling, but it did not come as a surprise to us. With the recent increase in attack volumes within the Arkose Labs network, we knew something of this magnitude had occurred. It was clear that fraudsters had gotten access to new, powerful information to weaponize.

When analyzing attack patterns, the impact of any breach is instantly visible, sometimes months and years before the breach is discovered and reported. The size and severity of the Capital One breach, the type of data that was compromised, and the customers that have been affected (subprime borrowers and small and midsize businesses [SMBs]) are having a significant impact on the increasingly complicated — and connected — cybercrime ecosystem.

A colleague of mine worked at Capital One for years and remarked how it was there that she learned the value of data and analytics, how it affects profitability and growth, and how it can help predict customer lifetime value and engagement. She and her colleagues would hold heated, data-driven debates on the best ways to engage with the subprime population and successfully use data to build out the digital acquisition channel to target small-business owners.

She made it clear that Capital One understood — and championed — the value of customer data.

And now the same data — data used by Capital One to strategically fuel growth, target businesses, and identify which consumers would provide the most long-term value — is exposed on the Dark Web. Here, it will continue to be used to strategically grow the business of fraud, putting SMBs, consumers, and even large enterprises at heightened risk of attack.

The grim reality is that in today's digital landscape, it wasn't a matter of if but when we would witness another breach with the impact akin to Equifax in 2017 — where the quality of data exposed paints a frighteningly accurate portrait of one's financial health and where the devastating ripple effects of fraud will be felt by end users even years later.

And now, it's more important than ever that businesses understand the role that each breach plays in advancing a criminal's intel and the larger fraud landscape.

The cybersecurity ecosystem is fueled by data, and there are whole enterprises on the Dark Web dedicated to buying and selling customer data and running identity farms. What companies don't understand is that it takes a village to launch a good attack, and cybercriminals have sophisticated and connected networks that give them easy access to a host of compromised credentials from various disconnected attacks. When combined, fraudsters have a significant amount of customer data at their fingertips — from financial and bankruptcy status to Social Security numbers to even beauty preferences and consumer biometrics, as exposed in the Sephora and Suprema breaches. Criminals have unprecedented levels of insight into customers, which can be weaponized for future cyberattacks.

The Capital One incident underscores the fact that there is an abundance of data available that criminals can — and will — exploit to commit sophisticated fraud attacks, such as account takeover attacks, credential stuffing, and single request attacks. It's also a scary reminder that data and digital identity are the two currencies that matter most in our digital economy.

As we head into the holiday season, it's clear that the Capital One breach will play a big role in holiday retail fraud. The retail industry is very susceptible to seasonal and human-driven fraud. In fact, our recent "Fraud and Abuse Report" uncovered more than half of attacks on retail companies were human-driven. Unlike bot traffic, inauthentic human traffic is harder to detect because human behavior is unpredictable and highly nuanced.

Inauthentic human fraud is also powered by data.

We know that fraudsters are preparing to launch large-scale attacks on vendors by validating and testing stolen identities, credentials, and credit card information compromised in recent breaches.

A company's uphill security battle is not between the company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem. Fraud is evolving, and the longstanding approach of removing a criminal's financial incentive to attack is the only solution.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Works of Art: Cybersecurity Inspires 6 Winning Ideas"

Kevin Gosschalk is the CEO and Cofounder of Arkose Labs, where he leads a team of people focused on telling computers and humans apart on the Internet. Before Arkose Labs, Kevin worked on gaming hardware for the intellectually disabled at the Endeavour Foundation and built a ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8225
PUBLISHED: 2020-09-18
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVE-2020-8237
PUBLISHED: 2020-09-18
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
CVE-2020-8245
PUBLISHED: 2020-09-18
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11....
CVE-2020-8246
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...
CVE-2020-8247
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...