Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/5/2020
10:00 AM
Jane Lee
Jane Lee
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

3 Ways Data Breaches Accelerate the Fraud Supply Chain

The battle's just beginning as bad actors glean more personal information from victims and use that data to launch larger attacks.

While data breaches have become a nearly daily occurrence in news headlines — most recently, Drizly and the Ritz Hotel — it's important that businesses and security professionals understand the cascading effect these incidents have on the broader online landscape. Regardless of the size of the business reporting a breach or amount of consumer data exposed, all businesses are threatened by a "fraud supply chain" that feeds off these types of breaches. 

The fraud supply chain is an interconnected ecosystem that allows cybercriminals to use different attack vectors to steal from consumers and businesses, often through more complex ways than merely buying stolen credit cards to make large purchases. Therefore, fraudsters can feed off any type of data to provide both a bridge for gaining further personal information from existing victims and a springboard for executing larger attacks.

Related Content:

Attacker Dwell Time: Ransomware's Most Important Metric

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

New on The Edge: Securing Slack: 5 Tips for Safer Messaging, Collaboration

Even the Smallest Breaches Cause Ripple Effects
Data breaches are almost always a means to an end. For example, seemingly minor information such as usernames or passwords can arm fraudsters with enough to execute more sophisticated attacks. Often, bad actors will harvest user information obtained from various data breaches to develop complete user profiles. Additionally, typical consumer behaviors can often make this easier for fraudsters; studies have shown 65% of users repurpose their passwords across multiple platforms. Data breaches provide attackers with the credentials needed to execute more widespread attacks such as:

  • Accumulating More Personal Information Through Phishing Scams
    Often, a minor data breach is not enough for fraudsters to execute immediate attacks on an individual. However, simple credentials such as an email address offer a direct line of communication for fraudsters to initiate phishing schemes. Through this tactic, they'll often impersonate a trusted source to convince consumers to share further personal data such as credit card information, passwords, etc. While most people may think it's easy to recognize a phishing scheme, sophisticated fraudsters will use additional information garnered through previous data breaches to personalize content that demonstrates potential legitimacy.

    For security teams, email protection is critical and must lean on a layered approach. The foundation must be set with standards such as email authentication and domain-based message authentication, reporting and conformance (DMARC) to protect employees, stakeholders, and customers from unauthorized usage.

    Alongside these measures, secure email gateways (SEGs) and phishing awareness/training can help avoid external threats. For example, fraudsters often play to consumer emotions and fears, a reason why we've seen phishing attacks accelerate amid the pandemic. Recent phishing schemes have included cybercriminals impersonating health officials and agencies seeking consumer information to facilitate fake virus testing or contact-tracing initiatives.

  • Coordinating Account Takeovers With Compromised Credentials
    Once fraudsters have enough information, they'll use these credentials to access and take over victims' accounts. This opens the door to a variety of opportunities, including exposure to payment information, ability to open new accounts with similar credentials, and access to post fake or malicious content to victims' personal networks.

    There's little you can do about users falling victim to social engineering tactics outside of your platform. However, you can empower your team to act accordingly when these bad actors show up on your platform. Two-factor authentication (2FA) can address this by adding friction when someone is trying to gain unauthorized access into an account, and also notifying users when suspicious account access has been detected.

    There are also internal measures you can take for schemes in which a user has been tricked into willingly handing over their credentials to a bad actor. For example, businesses dealing with payments can leverage a holding period before funds can be transferred, and review transactions that seem anomalous (such as amounts outside of the user's normal activity or transfers into a new account).

    Lastly, you may also want to consider educational outreach (for example, a newsletter, FAQ, or help center) that informs users of common tactics. Let them know that your organization will never ask them to share a verification code, for instance.

  • Siphoning Money and Assets Through Payment Fraud Schemes
    Payment information is often the holy grail for fraudsters. Payment fraud typically begins with card testing through the purchase of typically low-value, low-effort items. If the purchase is successful, they know the payment information is valid. Funds can then be used to buy goods to keep or resell, or to buy more data on the Dark Web.

    While account and payment protection is paramount, users also demand seamless experiences. Therefore, security professionals should implement risk assessments based on user trustworthiness. This dynamic friction will help eliminate friction for trusted users, block risky interactions, and implement verification for suspicious activities.

Every business needs to face the repercussions of breaches, whether they are directly involved or not. Simply put, every data breach is every business's problem. That means fraud prevention needs to be an ecosystemwide effort, so that user data is rendered useless — thus breaking the most important link in the fraud supply chain.

Jane Lee is a Trust & Safety Architect at Sift, who specializes in malicious websites, spam, misinformation, account/content abuse, chargebacks, and payments risk. Prior to joining Sift, she was on fraud teams at Facebook and Square, and also spent some time as a private ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
Kelly Sheridan, Staff Editor, Dark Reading,  10/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27974
PUBLISHED: 2020-10-28
NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_BlockStart.php?code= XSS.
CVE-2020-27975
PUBLISHED: 2020-10-28
osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.
CVE-2020-27976
PUBLISHED: 2020-10-28
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.
CVE-2020-27978
PUBLISHED: 2020-10-28
Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session.
CVE-2020-22552
PUBLISHED: 2020-10-28
The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.