Cybercrime is becoming more automated, organized and networked than ever before, according to the ThreatMetrix Cybercrime Report: Q4 2016.
Cybercriminals are increasingly targeting online lenders and emerging financial services, says Vanita Pandey, vice president of strategy and product marketing, ThreatMetrix.
ThreatMetrix's report is based on data drawn from its ThreatMetrix Digital Identity Network, which analyzes about 2 billion transactions per month for insight into traffic patterns and emerging threats. The network uses a real-time policy engine to analyze transactions — about 44 percent of which originate from mobile devices — for legitimacy based on hundreds of attributes, including device identification, geolocation, previous history and behavioral analytics.
ThreatMetrix's data shows 1 million cyberattacks targeted online lending transactions throughout 2016, Pandey says . It estimates the total value of these transactions at about $10 billion. It expects the number of attacks to continue to grow in 2017. Indeed, the number of attacks specifically targeting alternative lending increased by 150 percent quarter-over-quarter in the fourth quarter of 2016. That doesn't mean criminals have stopped targeting banks: ThreatMetrix says it detected 80 million attacks using fake or stolen credentials during 2016 in the finance sector alone.
It should be noted that attacks are increasing both in number (ThreatMetrix says it detected and stopped nearly 122 million attacks in real-time in the fourth quarter, an increase of more than 35 percent over the previous year) and in proportion: growth in attacks outpaced overall transaction growth, and the overall rejected transaction rate grew by 15 percent.
"Fraud has evolved from being like robbing a house to being a big heist on a bank or institution," Pandey says.
Increasingly, she explains, cybercriminals are stealing identities and using them to create accounts that they allow to sit and mature, sometimes for years, before leveraging them for crime.
First, she says, criminals buy, trade and augment stolen identity credentials from any of the numerous data breaches that occur with increasing frequency.
"Most of us have been breached, whether you've stayed at an InterContinental Hotel, or you had a Yahoo account or you have a LinkedIn password you haven't changed in four years," she says.
Those credentials are then used to create new accounts with retailers, banks and e-lenders. E-lenders are frequently targeted, perhaps because the criminals see them as softer targets than more established banks, according to ThreatMetrix.
"They will then use automated bot attacks on a new site to create an account for you," Pandey says. "If it doesn't exist, they'll create an account. If it does, they'll bring in sophisticated tools to crack your password. They'll let an account sit and mature for a while. Once your identity has been verified, a lot of times you won't be stepped up or challenged. Imagine if I have a stable account, I've been transacting for two years nicely and then I use my account to buy a big item and change my address, they may not flag that."