Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security

5/28/2019
07:55 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Mobile Fraud Is on the March, Finds New RSA Report

The RSA Quarterly Fraud Report observed several global fraud trends across attack vectors and digital channels, with attacks from rogue mobile applications up 300%.

The RSA Quarterly Fraud Reportis a new brand of report containing fraud attack and consumer fraud data and analysis from the RSA Fraud and Risk Intelligence team. They call it "a snapshot" of the cyber-fraud environment, hoping to provide actionable intelligence to consumer-facing organizations and effect a more effective digital risk management.

Starting January 1, 2019, and ending March 31, 2019, RSA observed several global fraud trends across attack vectors and digital channels.

One was that fraud attacks from rogue mobile applications increased 300%, from 10,390 rogue apps in Q4 to 41,313 in Q1.

Along with this, phishing accounted for 29% of all fraud attacks observed by RSA in Q1. While RSA says that overall phishing volume increased less than 1% quarter over quarter, in terms of overall fraud attacks, phishing decreased sharply due to what they called "the exponential growth of attacks launched by rogue mobile apps."

Forty-eight percent of all the fraud attacks observed in Q1 were phishing attacks, with Canada, the US, India and Brazil being the top countries targeted by phishing.

Canada as a prime target may seem incongruous at first look, but one must remember that Interac, the Canadian interbank network, underwent a relaunch in Q1. Cybercriminals looking to test their efforts against the new version of Interac may be accountable for the rise that was seen by RSA.

Fraud attacks that were involved in introducing financial malware to a system increased 56%, from 6,603 in Q4 to 10,331 in Q1. Let's not forget what powers Internet ecommerce, in all of this. A credit card is the tool used to grease that commerce machine. But the actual card’s presence is not needed for an ecommerce transaction. This disconnect can allow fraud.

RSA saw that Card-not-present (CNP) fraud transactions increased 17% in Q1, and 56% of those were seen by RSA to originate from the mobile channel. The average value of a CNP fraud transaction in the US was $403, nearly double that of an average genuine transaction which came in at $213.

And, of course, RSA would like it to be known that they recovered over 14.2 million unique compromised cards in Q1, which was a 33% increase from the previous quarter.

Now, it's much easier to conduct transactions through the mobile channel than on the web channel. This can be another factor in the spike that RSA has seen. The criminals that are drawn to it can transact as they go. Organizations are also starting to also add new functionality to mobile apps which may be of use to a cybercriminal. New account/new device combinations were found to be 32% of all fraudulent transactions. Fraudsters are seemingly turning to new, unused devices to enable their new profile frauds.

RSA also found the quarter has seen the rise of account checker studio programs. These open up the creation of account checkers-style automated attacks to the broader fraud community. RSA expects a growth in automated credential stuffing and account takeover attacks over the next few quarters as these studio creators gain in popularity.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34760
PUBLISHED: 2021-10-21
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the ...
CVE-2021-34789
PUBLISHED: 2021-10-21
A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate user...
CVE-2021-39126
PUBLISHED: 2021-10-21
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions ar...
CVE-2021-39127
PUBLISHED: 2021-10-21
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.
CVE-2021-40121
PUBLISHED: 2021-10-21
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this ad...