Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security

5/28/2019
07:55 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Mobile Fraud Is on the March, Finds New RSA Report

The RSA Quarterly Fraud Report observed several global fraud trends across attack vectors and digital channels, with attacks from rogue mobile applications up 300%.

The RSA Quarterly Fraud Reportis a new brand of report containing fraud attack and consumer fraud data and analysis from the RSA Fraud and Risk Intelligence team. They call it "a snapshot" of the cyber-fraud environment, hoping to provide actionable intelligence to consumer-facing organizations and effect a more effective digital risk management.

Starting January 1, 2019, and ending March 31, 2019, RSA observed several global fraud trends across attack vectors and digital channels.

One was that fraud attacks from rogue mobile applications increased 300%, from 10,390 rogue apps in Q4 to 41,313 in Q1.

Along with this, phishing accounted for 29% of all fraud attacks observed by RSA in Q1. While RSA says that overall phishing volume increased less than 1% quarter over quarter, in terms of overall fraud attacks, phishing decreased sharply due to what they called "the exponential growth of attacks launched by rogue mobile apps."

Forty-eight percent of all the fraud attacks observed in Q1 were phishing attacks, with Canada, the US, India and Brazil being the top countries targeted by phishing.

Canada as a prime target may seem incongruous at first look, but one must remember that Interac, the Canadian interbank network, underwent a relaunch in Q1. Cybercriminals looking to test their efforts against the new version of Interac may be accountable for the rise that was seen by RSA.

Fraud attacks that were involved in introducing financial malware to a system increased 56%, from 6,603 in Q4 to 10,331 in Q1. Let's not forget what powers Internet ecommerce, in all of this. A credit card is the tool used to grease that commerce machine. But the actual card’s presence is not needed for an ecommerce transaction. This disconnect can allow fraud.

RSA saw that Card-not-present (CNP) fraud transactions increased 17% in Q1, and 56% of those were seen by RSA to originate from the mobile channel. The average value of a CNP fraud transaction in the US was $403, nearly double that of an average genuine transaction which came in at $213.

And, of course, RSA would like it to be known that they recovered over 14.2 million unique compromised cards in Q1, which was a 33% increase from the previous quarter.

Now, it's much easier to conduct transactions through the mobile channel than on the web channel. This can be another factor in the spike that RSA has seen. The criminals that are drawn to it can transact as they go. Organizations are also starting to also add new functionality to mobile apps which may be of use to a cybercriminal. New account/new device combinations were found to be 32% of all fraudulent transactions. Fraudsters are seemingly turning to new, unused devices to enable their new profile frauds.

RSA also found the quarter has seen the rise of account checker studio programs. These open up the creation of account checkers-style automated attacks to the broader fraud community. RSA expects a growth in automated credential stuffing and account takeover attacks over the next few quarters as these studio creators gain in popularity.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35419
PUBLISHED: 2021-04-14
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
CVE-2021-28060
PUBLISHED: 2021-04-14
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.
CVE-2021-28825
PUBLISHED: 2021-04-14
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with l...
CVE-2021-28826
PUBLISHED: 2021-04-14
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker wi...
CVE-2021-28855
PUBLISHED: 2021-04-14
In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).