Arkose Lab released The Q4 Fraud and Abuse Report showing a 70% increase in bot-driven account registration fraud.
Actual user sessions and cyber attack patterns were analyzed by the Arkose Labs Fraud and Abuse Prevention Platform from July to Sept 2019. Researchers examined over 1.3 billion transactions in the financial services, e-commerce, travel, social media, gaming, and entertainment industries.
Nearly a third of all account registration transactions come from malicious humans
According to the report, Fraud increased 30% overall in Q3 2019, and bot-driven account registration fraud is up 70% as cybercriminals test stolen credentials in advance of the holiday retail season.
“Our report shows the evolving nature of the global cybercrime ecosystem. The monetization channels of fraud have become increasingly complex, which means the incentive and victim is not always immediately obvious,” said Kevin Gosschalk, CEO of Arkose Labs.
One thing is clear: the way fraudsters are weaponizing compromised data from recent high-profile breaches highlights the deep connectivity of the global cybercrime ecosystem that goes way beyond selling stolen data or knowledge sharing. One attack is a precursor to another attack, and they can be in two different industries, across two different geographies.
Fraudsters are discovering increasingly inventive ways to monetize account creation attacks. Therefore, The Q4 Fraud and Abuse Report show that account registration attacks are the most attacked customer touchpoint, with every 1 in 5 created accounts being malicious. Following this, there is an increase in attacks from malicious humans—both one-off and organized fraud sweatshops.
Human-driven attacks on the rise
The report also has details about the source of the attacks. Over half the new account registration attacks on the technology industry are human-driven. Every third attack done on financial services is human-driven, with the most sophisticated ones coming from lone fraudsters with access to stolen identity information and the latest tools.
Depending on the use case and associated profitability, these human-driven attacks can originate from lone fraudsters or organized click farms or sweatshops. The lone fraudsters usually target financial institutions across highly monetizable use cases, whereas the sweatshops target mass scale account testing and spam etc.
When we look at the location of attackers, over half of the human-driven attacks originate from Russia and China. Still, the most significant number of attacks originate from the Philippines with 60%.
30% increase in account takeover attacks in the retail industry
Overall, Russia, the Philippines, and Indonesia all have the highest Attack Incentive Index rating and can be counted as the top five countries from which attacks originate. The Philippines is the top attack originator; due to fraudsters can exploit the low purchasing power of the region. Bot-driven attacks for account registrations are 70% higher, and it is needed to add account registration attacks on gaming doubled.
There is a 30% increase in account takeover attacks in the retail industry compared to the previous quarter. Account takeover attacks are a precursor to payment fraud, as most e-commerce companies encourage consumers to create accounts and store payment details to remove friction in the path-to-purchase. 81% of all retail attacks were fraudulent payments transactions.
Mix attacks rate on social media has a sharp increase
Social media platforms are also an attractive target for fraudsters worldwide. Fraudsters use fake account creation as the best way to test credentials harvested from recent breaches. Social media registration attempts provide insights on the existence of accounts for users and help build accurate identity profiles by testing associations between usernames, email addresses, phone numbers, and passwords.
This is followed up with a more sophisticated account takeover attack. With password sharing across sites so common, a successful credential and password combination can unlock attacks on a user’s accounts across multiple industries and websites. The attack mix for social media varied dramatically over this quarter across the use cases. Human-driven attacks for account originations fell to 30% from a peak of 70% in early July, whereas the mix for logins increased from 18% to nearly 50%.
Over half of account registrations are now mobile-driven
Mobile share of transactions grew by 20% compared to the previous quarter, with every third transaction now originating from mobile devices. Overall attack levels for mobile grew compared to last quarter; however, the growth of attacks for web transactions was higher. Moreover, over half of account registrations across industries are now mobile-driven.
According to the report, the company predicts this to be the most significant peak in fraud and abuse that are ever seen on the Arkose Labs network, with a notable spike in attacks targeting retail, travel, and gaming sites.
For further information, you can read the Arkose Labs Q4 Fraud and Abuse Report.