Financial sector sees major spike in mobile cyberattacks
A new look at cybercrime trends shows that the financial industry experienced a 37 percent increase in takeover attacks in the second half of 2018.
During the second half of 2018, the financial services industry saw a more than 100 percent increase in cyberattacks occurring during mobile account logins, when criminals attempt to infiltrate users’ accounts, according to a report from LexisNexis risk solutions company ThreatMetrix.
The H2 2018 Cybercrime Report released Tuesday draws global statistics from cyberattacks that the ThreatMetrix network detected between July and December. During that time, the company processed 17 billion transactions, 61 percent of which originated from mobile devices.
Related: 5 cybersecurity threats to be aware of in 2019
In those same six months, there were 244 million human-initiated attacks and 3 billion automated or bot attacks—189 million of those were mobile attacks, a 12 percent increase over the first half of 2018.
The financial sector appears to be bearing the brunt of attacks in which cybercriminals try to take over user accounts. While the rate of such incidents dipped globally by nearly 50 percent, the financial industry experienced a 37 percent increase in takeover attacks and a whopping 107 percent spike when looking at fraudsters’ attempts to gain control of user accounts during mobile transactions.
The report notes that “financial services organizations continue to walk the tightrope between maintaining robust security with a low friction, streamlined customer experience, while at the same time managing the sometimes competing demands of privacy and regulatory reform.”
Thomas Brown, senior vice president of U.S. commercial markets and global market development for LexisNexis Risk Solutions, said in the report that businesses need to implement a “layered defense of fraud, identity and authentication capabilities, including both digital and physical data, across the entire customer journey,” to thwart fraudsters.
While account takeovers are a significant concern, the use of stolen personal information to create fraudulent accounts for loans, insurance policies or credit cards, for instance, continues to pose an even greater risk for more businesses.
Latin America, with its rapidly growing economy, is emerging as a “hotbed of new account creation fraud,” according to the report. The issue is also a big problem in India, where “almost one in every four new account creation transactions … is an attack, the highest of any region globally,” the report found.
While the highest volumes of cyberattacks typically originate out of the U.S. and U.K., according to LexisNexis data, the report revealed a growing number of attacks coming from Canada, Columbia, Ukraine, South Africa and Ghana.
“This reality serves to highlight the widespread and pernicious impact of breached identity data,” according to the report.
And the same cybercriminals appear to be working together in a “strong networked pattern of fraud” that targets multiple industries throughout the world, which illustrates the “global and ever-more connected nature of online fraud,” the report states.
Some other noteworthy findings:
- In Japan, there was a 326 percent increase in attempted account takeovers through mobile logins during the second half of 2018. And France’s attack rate on login transactions experienced a 199 percent year-on-year increase.
- As mobile fraud evolves mobile bot attacks are increasing. There were 189 million such attacks during the last six months of 2018, a 12 percent increase over the first half of the year.
- Bot attacks also are becoming the bane of the e-commerce world, according to ThreatMetrix. The company says it detected and stopped 2.1 billion bot attacks on online merchants, a growth of 142 percent compared to the same six-month period during the prior year.
Read more: