Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security

07:55 AM
Larry Loeb
Larry Loeb
Larry Loeb

Mobile Fraud Is on the March, Finds New RSA Report

The RSA Quarterly Fraud Report observed several global fraud trends across attack vectors and digital channels, with attacks from rogue mobile applications up 300%.

The RSA Quarterly Fraud Reportis a new brand of report containing fraud attack and consumer fraud data and analysis from the RSA Fraud and Risk Intelligence team. They call it "a snapshot" of the cyber-fraud environment, hoping to provide actionable intelligence to consumer-facing organizations and effect a more effective digital risk management.

Starting January 1, 2019, and ending March 31, 2019, RSA observed several global fraud trends across attack vectors and digital channels.

One was that fraud attacks from rogue mobile applications increased 300%, from 10,390 rogue apps in Q4 to 41,313 in Q1.

Along with this, phishing accounted for 29% of all fraud attacks observed by RSA in Q1. While RSA says that overall phishing volume increased less than 1% quarter over quarter, in terms of overall fraud attacks, phishing decreased sharply due to what they called "the exponential growth of attacks launched by rogue mobile apps."

Forty-eight percent of all the fraud attacks observed in Q1 were phishing attacks, with Canada, the US, India and Brazil being the top countries targeted by phishing.

Canada as a prime target may seem incongruous at first look, but one must remember that Interac, the Canadian interbank network, underwent a relaunch in Q1. Cybercriminals looking to test their efforts against the new version of Interac may be accountable for the rise that was seen by RSA.

Fraud attacks that were involved in introducing financial malware to a system increased 56%, from 6,603 in Q4 to 10,331 in Q1. Let's not forget what powers Internet ecommerce, in all of this. A credit card is the tool used to grease that commerce machine. But the actual card’s presence is not needed for an ecommerce transaction. This disconnect can allow fraud.

RSA saw that Card-not-present (CNP) fraud transactions increased 17% in Q1, and 56% of those were seen by RSA to originate from the mobile channel. The average value of a CNP fraud transaction in the US was $403, nearly double that of an average genuine transaction which came in at $213.

And, of course, RSA would like it to be known that they recovered over 14.2 million unique compromised cards in Q1, which was a 33% increase from the previous quarter.

Now, it's much easier to conduct transactions through the mobile channel than on the web channel. This can be another factor in the spike that RSA has seen. The criminals that are drawn to it can transact as they go. Organizations are also starting to also add new functionality to mobile apps which may be of use to a cybercriminal. New account/new device combinations were found to be 32% of all fraudulent transactions. Fraudsters are seemingly turning to new, unused devices to enable their new profile frauds.

RSA also found the quarter has seen the rise of account checker studio programs. These open up the creation of account checkers-style automated attacks to the broader fraud community. RSA expects a growth in automated credential stuffing and account takeover attacks over the next few quarters as these studio creators gain in popularity.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.