Go to:

February 2019
< Jan Mar >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

New Accounts Account for Highest Rate of Cyber-attacks
Wednesday, June 19, 2013 9:35 AM

Cyber-attacks have unfortunately become as commonplace as fender-benders in rush hour. According to ThreatMetrix Network (network), the total cost of cybercrime and attempts to prevent it have surpassed a staggering $1-trillion a year.

Data from the Network reveals that approximately one in 10 registrations for new lines of credit, creating profiles on social networking or marketplace sites and enrolling in authentication schemes are originated by cybercriminals. In a recent six-month snapshot ending March 31, ThreatMetrix determined that attacks on new account registrations using spoofed and synthetic identities had the highest rate of attacks. These were followed by account logins and payment fraud.

Payments fraud attempts, which include online credit card transactions and money transfers, increased from 3.1 percent to 6.4 percent over the six months ending in March 2013. Additionally, based on data taken from October 2012 through March 2013, ThreatMetrix customers saw account takeover attempts nearly double (168 percent). These types of attacks have traditionally focused on banking and brokerage sites, but have recently escalated across e-commerce sites that store credit card details and Software-as-a-Service (SaaS) companies that hold valuable customer data that do not yet have the heightened level of protection as banking sites.

ThreatMetrix has observed a rise in the sophistication of account takeover attempts using blended attacks to exploit companies that do not have an integrated solution for malware, device identification and bot protection. These include:

  • Multi-stage malware exploits: Malware, typically using Man-in-the-Browser (MitB) Trojans, is used to extract login and setup verification credentials from a customer that is then used by a separate device or third party to avoid server-side MitB detection capabilities.
  • Multi-stage scripted attack exploits: Automated bot attacks test previously breached credentials from third-party sites, exploiting that many people reuse user names and passwords. After checking account balances or verifying whether an account has a stored credit card, a second attack is launched, typically done manually, to avoid any server-side bot detection.

(Source: ThreatMetrix Network)