A rise in consumer digital traffic has corresponded with a rise in fraud attacks, Arkose Labs reveals. As the year progresses and more people than ever are online, historically ‘normal’ online behavioral patterns are no longer applicable and holiday levels of digital traffic continue to occur on a near daily basis.

Fraudsters are exploiting old fraud modeling frameworks that fail to take today’s realities into account, attempting to blend in with trusted traffic and carry out attacks undetected.

“As the world becomes increasingly digital as a result of COVID-19, fraudsters are deploying an alarming volume of attacks, and continually devising new and more sophisticated ways of carrying out their attacks,” said Vanita Pandey, VP of Marketing and Strategy at Arkose Labs.

“The high fraud levels that accompany high traffic volumes are likely here to stay, even after the pandemic ends. It’s crucial that businesses are aware of the top attack trends so that they can be more vigilant than ever to successfully identify and stop fraud over the long-term.”

Bot attacks and credential stuffing skyrocket

Q3 of 2020 saw its highest ever levels of bot attacks. 1.3 billion attacks were detected in total, with 64% occurring on logins and 85% emanating from desktop computers.

Due to the widespread availability of usernames, email addresses and passwords from years of data breaches, as well as easy access to automated tools to carry out attacks at scale, credential stuffing emerged as a main driver of attack traffic. 770 million automated credential stuffing attacks were detected and stopped by Arkose Labs in Q3.

For ecommerce, every day is Black Friday

The rise in digital traffic for most of 2020 means businesses have been dealing with holiday season levels of traffic since March. With every day now resembling Black Friday, some retailers are better equipped to handle the onslaught of holiday season traffic and fraud.

However, it remains to be seen if a holiday sales bump will occur this year, given already record high traffic levels for many ecommerce businesses.

While much of 2019 saw a marked shift from automated attacks to human sweatshop-driven attacks, automated attacks dominated much of 2020, with Q3 seeing a particularly high spike. This trend is likely to revert back to more targeted attacks in Q4, as during the holiday shopping season fraudsters typically employ low-cost attackers to commit attacks that require human nuance and intelligence.

Europe emerges as the top attacking region

Nearly half of all attacks in Q3 of 2020 originated from Europe, with over 10 million sweatshop attacks coming from Russia and 7 million coming from the United Kingdom.

Many European countries, such as the United Kingdom, France, Italy and Germany, are among those whose GDP shrunk the most since the global pandemic began. A surge in attacks from nations suffering the biggest dips in economic output highlights the economic drivers that spur fraud.

Pandey said, “COVID-19 has sent the world into turmoil, upending digital traffic patterns and introducing long-lasting consequences. Habits formed during 2020 – namely conducting commerce, school, work and even socializing entirely online – will be difficult to let go of, so fraud teams must be capable of quickly cutting through digital traffic noise and spotting even the most subtle signs of attacks. In particular, using targeted friction to deter malicious activity will be key in the months and years ahead.”

Source: helpnetsecurity

A recent survey from the Financial Services Information Sharing and Analysis Center (FS-ISAC), highlighted that rapidly evolving ransomware attacks have become a primary security concern for most financial organizations. In its latest report, “The Rise and Rise of Ransomware,” the FS-ISAC stated that, “While financial institutions remain resilient to ransomware attacks, they are not immune. Ransomware is a rapidly evolving threat that financial institutions globally and in the APAC region need to be vigilant against.”

The research indicated that ransomware operators have openly claimed successful attacks against eight financial institutions globally in 2020, three of which were banks. It was found that attackers targeted third-party vendors and suppliers used by firms in Asia. The FS-ISAC suggested that even organizations with robust cybersecurity defenses are still vulnerable to ransomware threats, especially through their third-party providers.

Ransomware: A Multi-Business Model

Hackers diversified ransomware attacks by incorporating new revenue streams like:

• Extorting victims by threatening to publicly name them and publish sensitive data online.
• Auctioning off victims’ data to other criminals on the dark web.
• Ransomware-as-a-service, where less technical criminals can buy sophisticated ransomware kits

Top Ransomware Variants

According to the report, the top five ransomware variants in the last 12 months include, Ryuk, Maze, WastedLocker, Troledesh, and Sodinokibi.

“FS-ISAC members regularly report on phishing campaigns sent to staff, including those which lead to ransomware. Ryuk largely dominated the first quarter’s notifications to FS-ISAC with 9 to 12 campaigns noted per month; however, Maze started in earnest in the second quarter with 12 campaigns observed in April,” the report said.

Preventive Measures:

FS-ISAC also recommended certain practices to help prevent ransomware attacks. These include:

• Regularly educate and train employees to maintain situational awareness and report any potential issues immediately.
• Provide real-world examples and repercussions of successful ransomware exploits.
• Perform regular phishing tests to assess your employees’ knowledge and ability to prevent ransomware attacks.
• Train cyber teams to coordinate a response with other parts of the organization including finance, communications, and the executive team to respond when ransomware hits.
• Ensure your incident response and business continuity plan includes ransomware response protocols.
• Include steps to isolate or power-off affected devices that have not yet been completely corrupted.
• Ensure ways to immediately secure backup data or systems by taking them offline and make sure backups are free of malware.

Source: cisomag