2018 Biannual Report Released by ThreatMetrix Reveals Change of Tactics in Mobile Attacks [REPORT]

ThreatMetrix, released its H2 2018 Cybercrime Report. You can find the accompanying press release below. The report is based on 17 billion digital transactions on the ThreatMetrix Digital Identity Network during the second half of 2018. 

The findings highlight emerging trends and developments in sectors like e-commerce, financial services and media, which includes social networks, content streaming, gaming and gambling. 
​

---

---

Below are some of the findings from the Media section of the report which I believe may be of interest:

• The Media industry sees the highest penetration of new account creation attacks of all industries. Fraudsters likely see media companies, with their lower barriers to entry, as ideal test beds for stolen credentials. 
• Approximately one in every six new account creations in the Media industry is fraudulent.
• New account creation and login transactions from North America are particularly vulnerable to attack: new account creation attack rates have grown 45 percent year-on-year while login attack rates have grown 20 percent

​

ThreatMetrix H2 2018 Cybercrime Report shows an evolution in attack vectors used by fraudsters and an increase in mobile attacks within financial services   
     
ThreatMetrix® Digital Identity Network® records 3 billion bot attacks in the second half of 2018

SAN JOSE – March 5, 2019 - ThreatMetrix®, a LexisNexis® Risk Solutions Company, today released its H2 2018 Cybercrime Report. Among the insights in the biannual report on global cybercrime is the shift toward cross-organizational fraud, as well as a change in fraudsters’ tactics toward attacks on mobile. This latter trend is particularly prevalent in financial services, where attacks on mobile account logins have risen 107 percent in just six months.

The report is based on 17 billion digital transactions on the ThreatMetrix® Digital Identity Network® during the second half of 2018, with 61 percent of digital transactions originating from a mobile device.

Key Findings from the ThreatMetrix® H2 2018 Cybercrime Report

• ThreatMetrix recorded 244 million human-initiated attacks in H2 2018, along with 3 billion bot (automated) attacks.
• New account creations still have the highest attack rate of all use cases analyzed by ThreatMetrix, with approximately 1 in every 8 new accounts rejected as fraudulent.
• Across sectors, ThreatMetrix recorded 189 million mobile bot attacks, a 12 percent growth compared to H1 2018, highlighting the ongoing evolution of mobile fraud.
  
  

“Fraudsters are master manipulators, with constantly shifting tactics,” said Alisdair Faulkner, chief identity officer, LexisNexis Risk Solutions. “They adapt their attack patterns and modus operandi to take advantage of shifting customer trends, evolving regulations and technological changes, always attempting to stay one pace ahead of businesses. We see this through the way in which attack patterns evolve and morph over time. Businesses must be able to piece together digital identity intelligence on a per-user basis so that departures from trusted customer behavior can be identified in near real-time, before a transaction is processed and before fraudsters can operationalize new attack methods.”

Financial services: A rise in mobile risk
Key findings:

• The most noticeable growth in mobile attacks is on account logins, as fraudsters attempt to infiltrate user accounts by brute force (using mobile bots) or stealth (using mobile remote access attacks). This contributes to the 107 percent growth in mobile account takeovers in comparison to that of H1 2018, despite the fact that overall attack rates are low.
• In some regions, fraudsters are shifting focus from desktop to mobile attacks. North American financial services firms saw a 48 percent year-over-year growth in attack rates, and a 116 percent increase in mobile transactions, with a 35 percent increase in mobile attacks.

Customers are increasingly opting to bank online and there is a preference for full-service mobile banking apps over desktop sessions in many regions. As a result, financial services organizations must continue to ensure that integrated and low-friction digital authentication capabilities form an inextricable part of the customer experience. This way, the sector will be able to align security with the online experience customers expect.

E-commerce: The target for global bot attacks
Key findings:

• ThreatMetrix detected and stopped 2.1 billion bot attacks on e-commerce merchants, a 142 percent growth compared to the same period last year.
• Account logins in e-commerce are much more desktop based, with 69 percent of logins occurring via desktop.

In the e-commerce sector, although sophisticated attacks have actually dropped during H2 2018, the impact of high-volume automated bot traffic continues to disrupt the industry. Identity-testing bot attacks often make up considerably more of an e-commerce merchant’s daily transaction volume than good traffic, making a low-friction online experience for trusted customers all the more challenging for merchants to provide.

One of the key challenges for e-commerce merchants, particularly during busy holiday shopping days such as Black Friday and Cyber Monday, is balancing optimized customer experience and low-friction authentication, while also maintaining effective fraud control. At times, this might mean accepting a higher percentage of fraud to accept more genuine orders from good customers.

Media: Lower barriers lead to account creation attacks
Key findings:

• In H2 2018, the media industry was hit by 211 million bot attacks, a 16 percent growth compared to H1 2018.
• In keeping with the mobile trend, media sees a growth of 7 percent in mobile new account creation attacks year-on-year, as well as a growth of 24 percent on mobile payments transactions year-on-year.

The media industry, which includes social networks, content streaming, gaming and gambling, still sees the highest penetration of new account creation attacks of all industries. Approximately one in every six new media account creation transactions were found to be fraudulent. This is in part due to low barriers of account access and creation and less-stringent security measures, which means that media accounts have become prime targets for testing identities. Media companies must remain vigilant against fraudulent attacks to ensure that they do not jeopardize customer trust.

“With each Cybercrime Report that we develop, we gain important new insights into global transaction and attack patterns and the ever-growing, networked footprint of cybercrime,” said Thomas C. Brown, senior vice president, U.S. commercial markets and global market development, LexisNexis Risk Solutions. “Businesses that can harness the power of a global digital identity network that provides near real-time intelligence into the trustworthiness of an online user have a leg up on the competition. A layered defense of fraud, identity and authentication capabilities, including both digital and physical data, across the entire customer journey, is crucial to preventing fraudsters from succeeding.”
​
Download the full report and an accompanying infographic or simply view them below. 

---