Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/14/2019
10:00 AM
Kevin Gosschalk
Kevin Gosschalk
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach

A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.

It's been about two months since one of the biggest data breaches in history was announced: A hacker gained access to more than 100 million Capital One customers' accounts and credit card applications.

The announcement made global headlines and left consumers and businesses reeling, but it did not come as a surprise to us. With the recent increase in attack volumes within the Arkose Labs network, we knew something of this magnitude had occurred. It was clear that fraudsters had gotten access to new, powerful information to weaponize.

When analyzing attack patterns, the impact of any breach is instantly visible, sometimes months and years before the breach is discovered and reported. The size and severity of the Capital One breach, the type of data that was compromised, and the customers that have been affected (subprime borrowers and small and midsize businesses [SMBs]) are having a significant impact on the increasingly complicated — and connected — cybercrime ecosystem.

A colleague of mine worked at Capital One for years and remarked how it was there that she learned the value of data and analytics, how it affects profitability and growth, and how it can help predict customer lifetime value and engagement. She and her colleagues would hold heated, data-driven debates on the best ways to engage with the subprime population and successfully use data to build out the digital acquisition channel to target small-business owners.

She made it clear that Capital One understood — and championed — the value of customer data.

And now the same data — data used by Capital One to strategically fuel growth, target businesses, and identify which consumers would provide the most long-term value — is exposed on the Dark Web. Here, it will continue to be used to strategically grow the business of fraud, putting SMBs, consumers, and even large enterprises at heightened risk of attack.

The grim reality is that in today's digital landscape, it wasn't a matter of if but when we would witness another breach with the impact akin to Equifax in 2017 — where the quality of data exposed paints a frighteningly accurate portrait of one's financial health and where the devastating ripple effects of fraud will be felt by end users even years later.

And now, it's more important than ever that businesses understand the role that each breach plays in advancing a criminal's intel and the larger fraud landscape.

The cybersecurity ecosystem is fueled by data, and there are whole enterprises on the Dark Web dedicated to buying and selling customer data and running identity farms. What companies don't understand is that it takes a village to launch a good attack, and cybercriminals have sophisticated and connected networks that give them easy access to a host of compromised credentials from various disconnected attacks. When combined, fraudsters have a significant amount of customer data at their fingertips — from financial and bankruptcy status to Social Security numbers to even beauty preferences and consumer biometrics, as exposed in the Sephora and Suprema breaches. Criminals have unprecedented levels of insight into customers, which can be weaponized for future cyberattacks.

The Capital One incident underscores the fact that there is an abundance of data available that criminals can — and will — exploit to commit sophisticated fraud attacks, such as account takeover attacks, credential stuffing, and single request attacks. It's also a scary reminder that data and digital identity are the two currencies that matter most in our digital economy.

As we head into the holiday season, it's clear that the Capital One breach will play a big role in holiday retail fraud. The retail industry is very susceptible to seasonal and human-driven fraud. In fact, our recent "Fraud and Abuse Report" uncovered more than half of attacks on retail companies were human-driven. Unlike bot traffic, inauthentic human traffic is harder to detect because human behavior is unpredictable and highly nuanced.

Inauthentic human fraud is also powered by data.

We know that fraudsters are preparing to launch large-scale attacks on vendors by validating and testing stolen identities, credentials, and credit card information compromised in recent breaches.

A company's uphill security battle is not between the company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem. Fraud is evolving, and the longstanding approach of removing a criminal's financial incentive to attack is the only solution.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Works of Art: Cybersecurity Inspires 6 Winning Ideas"

Kevin Gosschalk is the CEO and Cofounder of Arkose Labs, where he leads a team of people focused on telling computers and humans apart on the Internet. Before Arkose Labs, Kevin worked on gaming hardware for the intellectually disabled at the Endeavour Foundation and built a ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We are really excited about our new two tone authentication system!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29440
PUBLISHED: 2020-11-30
Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoof...
CVE-2020-29441
PUBLISHED: 2020-11-30
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronou...
CVE-2020-4127
PUBLISHED: 2020-11-30
HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user's system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 F...
CVE-2020-11867
PUBLISHED: 2020-11-30
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.
CVE-2020-16849
PUBLISHED: 2020-11-30
An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.