Fraudsters have moved from making a fast buck to crafting more ambitious, targeted attacks that produce long-term profits, according to an extensive analysis of real-world cybercrime attacks.
Cybercriminals have switched from stealing individual credit cards to leveraging entire sets of leaked identity data from large breaches, such as the Equifax incident, according to digital identity experts.
In a recent cybercrime report, ThreatMetrix confirms the volume of attacks has doubled over the last two years.
“This is demonstrated by a highly elevated attack rate on account creations—the most vulnerable activity,” according to the firm.
The data shows that, out of nine new accounts opened in 2017, at least one was fraudulent. And bot activity levels account for up to 90 percent of traffic on some retail sites.
In 2018, any organization could become the target of security breaches, the report notes. Not surprisingly, 2018 is also the year that the General Data Protection Regulation takes effect.
Contributing substantially to this shift in cybercrime trends is consumer behavior, and how it has changed in the last few years. For example, mobile overtook desktop-based transactions for the first time in 2017 (mobile transactions grew by 83 percent).
Other key findings from the ThreatMetrix report include:
- An account takeover occurs on average once every ten seconds
- Fraudsters create complete identities and open new accounts by quilting together identity data harvested from data from breaches leaked on the dark web
- Fraudulent payments – where criminals use a stolen credit card to transfer money to a new beneficiary – doubled over the last two years
- Ridesharing and gift card trading sites are becoming increasingly susceptible to fraud
- Hackers increasingly rely on social engineering to “layer” their efforts and avoid detection
According to the latest Breach Level Index (BLI) Report by Gemalto, the biggest cyber security issues in the first half of 2017 (from a data breach standpoint) were "identity theft" and "poor internal security practices."
The first six months of 2017 saw 918 data breaches that compromised a staggering 1.9 billion data records worldwide – a 164 percent increase compared to the first half of 2016.