Professional Documents
Culture Documents
2019 Fraud Risk at Glance PDF 10 W 5831
2019 Fraud Risk at Glance PDF 10 W 5831
Contents
Foreword and 2019 risk trends assessment 3
Spoofing is in decline 11
2 0 19 : F R A U D R I S K AT A G L A N C E 2
FRAUD RISK AT A G L AN C E
Foreword and
2019 risk trends assessment
Billions of exposed user records are fueling mass-scale attacks daily,
from the simplest automation-based to the most sophisticated fraud
that emulates human behavior. Our data scientists continuously
analyze billions of data points to look for the emerging attack
trends, distilled and highlighted here.
This is the first of NuData’s periodic releases to analyze but more effective attacks that bypass bot-detection
attack vectors and help fraud teams understand challenges such as CAPTCHA. For fraudsters, this
the trends taking shape. The report collects insights is a common alternative to using a script that can’t
from the NuData Trust Consortium, a powerful solve a CATPCHA challenge.
pool of aggregated and anonymized data from
NuData clients used to gather historical trends Across industries and regions, sophistication and attack
and train our machine learning models. creativity are pushing new boundaries, bypassing
traditional security measures such as one-time
One of those trends is the growth of sophisticated passwords and legacy automation detection tools.
attacks that focus on quality rather than volume. In the next pages, we break down these fraud and risk
Bad actors use these sophisticated techniques trends to explain the threats digital companies face.
to attack businesses across industries, allowing
cybercriminals to increase their success rate with This report answers some questions, and hopefully
high-quality attacks that try to resemble human raises others, as the best answers come from a
behavior such as faking human typing patterns. conversation. If you would like to talk further about
By doing so, cybercriminals reduce the chances of attacks and fraud trends we show here or share yours,
being detected by bot-detection tools, underscoring feel free to contact us; we love talking about fraud.
the importance of behavioral tools like NuData’s.. Sincerely,
Human attackers are also a common sighting; NuData Analyst team
fraudsters hire workers to manually deploy smaller verifygoodusers@nudatasecurity.com
2 0 19 : F R A U D R I S K AT A G L A N C E 3
DOC UM ENT SUM M A RY: K E Y STATS
430%
Financial
SOPHISTICATION IS GROWING Institutions
AMONG ATTACKERS
Retail
Sophisticated attacks, those focused on quality rather
Digital
than volume, have grown 430% since July, compared Goods
to the previous seven months.
Travel
330%
ATTACKS ARE LEVERAGING
THE HUMAN FACTOR
Human account takeover attack instances have
increased by 330% in the past four months.
SPOOFING IS IN DECLINE
Fewer than 2% of attacks used spoofing (changes
on the device information to mislead the company’s
security) compared to 60% in 2018. 60% 2%
2018 2019
2 0 19 : F R A U D R I S K AT A G L A N C E 4
AT TACK BY COU NTR IES
100% 100%
ATO ATO
Brazil 97% India 94%
ATO ATO
Indonesia Vietnam
2 0 19 : F R A U D R I S K AT A G L A N C E 5
AT TACK SP IKES IN 2 019
Days with
most fraud
Total events by month
10 20 21 25 04
witnessing – the attack volume to pick up again
for the holiday shopping season.
2 0 19 : F R A U D R I S K AT A G L A N C E 6
F RAUD SPIKES BY IND U STRY
Early in 2019, eCommerce, digital goods and travel Top 3 days with most attacks by industry, in order of attack volume
companies were the main targets for bad actors,
with the largest spikes around late February.
However, financial institutions suffered larger
attacks during the end of summer, a season
with a higher concentration of banking attacks.
Cybercrime is a large business and, same as big
businesses, follow trends throughout the year.
Financial Digital
When the peak shopping seasons are over, eCommerce Institutions Goods Travel
merchants see a drop off in legitimate traffic,
which would allow them to spot bad actors
25 09 20 19
F E B R UA RY SEPTEMBER F E B R UA RY F E B R UA RY
more effectively. To avoid detection, some fraud
groups change the targeted industry, attacking
companies that still have high-traffic volumes,
such as financial institutions. This explains the
high attack volume on financial institutions
03 11 10 18
toward the second half of the summer. JA N UA RY SEPTEMBER F E B R UA RY F E B R UA RY
24 30 08 06
F E B R UA RY AU G U S T APRIL SEPTEMBER
2 0 19 : F R A U D R I S K AT A G L A N C E 7
T Y PES OF AT TACKS
20
0
Jan Feb Mar Apr May Jun Jul Aug Sep Oct
For the purposes of this report, basic and sophisticated automated attacks are defined as follows:
A basic attack focuses on high volume rather than A sophisticated attack may show lower volume
quality. It doesn’t attempt to emulate human but attempts to emulate user behavior, increasing
behavior or browser interaction and it typically its effectiveness. It displays expected browser
doesn’t execute JavaScript. or application behavior and runs scripts in the
environment to create this human-like interaction.
2 0 19 : F R A U D R I S K AT A G L A N C E 8
T Y PES OF AT TACKS
Some signs of
sophisticated attacks
Sophisticated attack patterns Within our network we have seen sophisticated attacks
(automated) can include: attempting to access our clients’ environments. Some large
attacks went on for months until they suddenly stopped, most
Use of the keyboard to type the user likely moving on to another company where they can bypass
information (i.e., username, password):
A script doesn’t need to use a keyboard to type, more vulnerable defenses with their complex script.
but it can be forced to do so to seem human.
2 0 19 : F R A U D R I S K AT A G L A N C E 9
AT TACKS WITH HU M AN B E H AVIO R
Thousands
high-value accounts. For example, they use
human farms where they pay workers to type 15
out the required information on a device and
bypass bot mitigation challenges. These human
10
farm workers tend to live in developing countries
and are paid by completed task, which can
5
be a completed login, a posted review or the
creation of a new account.
0
Across 2019, human-driven account takeover Jul Aug Sep Oct
attacks remained relatively steady until the
The last months of human-driven attacks that showed an upwards trend.
last four months, when these attacks increased
by 330%.
330%
In our network we can see attack attempts that, after encountering a bot mitigation challenge, they redirect
the attempt to a human worker to solve it. Our platform’s machine learning model was able to determine
this change by drilling down into device and behavioral data from each event. Having visibility into this
sophisticated behavior where the traffic is redirected to humans is crucial to prevent this type of fraud.
2 0 19 : F R A U D R I S K AT A G L A N C E 10
S P OOFING TECHNIQU ES
Spoofing is in decline
Spoofing techniques used in attacks
Example of spoofing
When a bad actor switches the name
of that device to another one, even if it
doesn’t exist, like “iPhone 14”. They do
60% 2%
this because they know a security tool will
flag incomplete device information, but
less often does a security tool check the
validity of that information.
From January 2019 to October 2019,
less than 2% of the attack attempts
used spoofing techniques such as basic
changes on the device type. This could
2018 2019 be driven by the improvement in existing
device-intelligence technologies to catch
device information abnormalities.
Bad actors seek the easiest path to attack while avoiding detection, with
techniques such as spoofing or faking the information on a device, such as IP,
location, device operating system, or browser version. Spoofing is used when
a device has been caught as fraudulent, but the fraudster needs to use it again,
then disguises it as a new one with fake information. When fraudsters spoof
the information on a device, such as the device operating system, they often
type irrelevant data.
2 0 19 : F R A U D R I S K AT A G L A N C E 11
CON C LU SION
1.
Fraud attacks follow seasons, and so do the industries
3.
The challenges that security tools are placing in To increase protection against basic and
they target. From January 2019 to October 2019, the front of automated attacks are becoming a real sophisticated attacks, it is important to have
seasons with higher shopping activity such as Valentine’s problem for attackers, forcing them to increase the a holistic approach that can detect different
Day and Easter have the highest concentration of use of human workers. Manual attacks deployed behaviors such as automated behavior, unusual
attacks among eCommerce, digital goods and travel by human workers are growing significantly. Some human-like behavior, low reputation information
companies – without including the Christmas holiday cybercriminal groups are extremely fluid and go as such as to recognize IPs used in fraud attacks
season. Similarly, bad actors switch industries during far as to combine bots and humans as part of the in the past, or device recognition.
the summer and increase their focus on financial same attack. For instance, fraudsters divert a login
institutions, an industry that suffered its biggest attempt that requires a bot-mitigation challenge,
attack during the summer months. such as CAPTCHA, to a human to manually solve it.
2.
Bad actors are shifting from high-volume basic attacks
4.
This year, spoofing has become less common among
If you have questions or want to
share your experience with attacks
in your environment, contact us at
to high quality, human-like attacks. This growing bad actors who prefer to invest their time and skill verifygoodusers@nudatasecurity.com
trend is lower in numbers, making the danger seem in other tactics with a higher success rate. This shift As we said, we love talking about fraud.
less threatening, but shows a human-like behavior is influenced by device intelligence tools, which are
that increases its chances to succeed, bypassing becoming better at detecting spoofing behavior. As
traditional security solutions. With NuDetect, a the effectiveness of spoofing decreases, bad actors
solution often placed after a bot detection tool to are switching to more sophisticated techniques.
detect automation, companies consistently see these
human-like attacks bypass the first layer of defense.
This sophisticated traffic enters the NuData network,
where we flag this unusual human behavior, allowing
our clients to mitigate the threat.
2 0 19 : F R A U D R I S K AT A G L A N C E 12
2 0 1 9 FRAUD RISK AT A GL AN C E
Glossary of terms
Account creation or online account Digital goods: Companies selling digital goods Sophisticated attacks: Attacks deploying lower
origination fraud: The opening of new account online, including SaaS. volume but attempting to emulate user behavior.
with fake or stolen information with the intention They display expected browser or application
of committing fraud. eCommerce: Includes companies selling physical behavior and run scripts in the environment
goods online. to simulate human interaction.
Account takeover: The use of someone else’s
credentials to enter their account. Financial institutions: Includes companies that Spoofing: Modification of a device’s information
provide financial services, comprising FinTech. such as operating system, browser, or version
Basic attacks: Attacks focused on quantity rather to appear as a different device.
than quality. They don’t attempt to emulate human High risk: Session or sessions with a high risk score
behavior or browser interaction and they typically based on the NuData platform’s assessment. Travel: Includes companies with travel portals.
don’t execute JavaScript.
Human farms: groups of workers paid to deploy
Bot-detection challenge: When an event is attacks manually.
suspected to be fraud, a bot-detection challenge
such as a CAPTCHA helps confirm if it is a machine NuData Trust Consortium: Historical data of
or a human. events and accounts aggregated from the NuData
network to improve the accuracy of each assessment.
Bot-detection tool: Tools detecting bot-detection
behavior by looking at some of the data such as IP,
location, connection, or input.
2 0 19 : F R A U D R I S K AT A G L A N C E 13
NuData Security is a Mastercard company. It helps
businesses identify users based on their online interactions
and stops all forms of basic and sophisticated attacks.
By analyzing billions of events annually, NuData harnesses
the power of behavioral and biometric analysis, enabling
its clients to identify scripted or human threats accurately.
This allows clients to verify users before a critical decision,
block account takeover, stop automated attacks, and reduce
customer insult. NuData’s solutions are used by some of the
biggest brands in the world to prevent fraud while offering
a great customer experience.