ThreatMetrix: Rogue Cyber ‘Elves’ Poised to Drive the Biggest Online Attack Period to Date
November 14 2017 - 7:01PM
Business Wire
Swathes of freshly breached identity data
means Cybercrime Christmas comes early for fraudsters targeting
Black Friday shopping
- The week of Black Friday is predicted
to see largest number of cyberattacks on retailers to date
- The week of 20th November is going to
be ‘hit week’ as 50M global attacks expected across the peak
shopping days
- Billions in revenue at stake as
retailers look to stop fraudsters, without adding onerous security
checks and increasing abandonment rates
- Intensified bot activity shows
cybercriminals recruiting an army of ‘cyber elves’ in the run up to
the biggest shopping period of the year
- Identity has become the most valuable
currency on the web as fraudsters harvest personal credentials from
the large data breaches of 2017
Online retailers are expected to face enormous security
challenges as they prepare for the biggest cybercriminal attacks to
date. Early forecasts from retail analysts, including IMRG, have
been predicting strong online sales during the 2017 Christmas
shopping period, with a forecast that £20bn will be spent online
during November and £7bn peak in online sales during the Black
Friday spike. However, fraudsters have been busy preparing their
armory and are expected to capitalise on this enormous amount of
online spending in the run up to and surrounding Black Friday and
Cyber Monday.
ThreatMetrix®, The Digital Identity Company®, which monitors and
protects more than 24 billion online transactions each year, today
reveals data that demonstrates online fraudsters have been gearing
up for the festive period. By recruiting armies of fraudsters and
developing new, sophisticated cybercrime techniques, they are
expected to exploit the busiest online shopping period of the year.
More than 50 million attacks will target businesses during the week
of 20th November. With the average ticket size of fraudulent
transactions being two-times that of a good transaction, these
attacks represent a significant potential loss in revenue.
UK and European retailers in particular are being warned to be
extra vigilant as these regions have become a hotbed of cybercrime,
with online transactions 63 percent more likely to be fraudulent
than in North America. The UK, France and Germany have consistently
appeared on the “top 5 attack originator” list during the peak
shopping period of Q4 (both in 2015 and 2016), and 2017 is expected
to be no exception. ThreatMetrix estimates that approximately 50
million attacks will originate from these three countries in total
this quarter. Around 15 million of these attacks will happen during
the peak shopping period.
ThreatMetrix data demonstrates that some of the largest,
high-profile data breaches across 2017 have caused significant
spikes in the trading of personal identity data on the dark web,
helping the preparations for a big ‘hit’ over the Christmas
shopping period. Retailers preparing for this crunch period need a
sophisticated way to recognise true customer digital identity
versus fraudsters posing as individuals using stolen data.
Vanita Pandey, vice president of product marketing and strategy
at ThreatMetrix comments, “Cybercrime continues to grow, with
organisations being attacked more than ever before, fueled in large
part by the proliferation of data breaches that continue to provide
fresh identity data to exploit. Fraudsters are acting with haste,
before data breaches are disclosed publicly, to test stolen
credentials with a view to perpetrate large-volume attacks on
digital businesses. In just the past 90 days alone, the
ThreatMetrix Digital Identity Network detected 171 million attacks,
which is a 32 percent increase since the beginning on 2017.”
The Creation of a Christmas Bot Army:
Bot activity has significantly intensified in the second half of
this year across the ThreatMetrix Digital Identity Network®, as
fresh data has been made available due to the recent major
breaches. In the same way that retailers are bringing on supply
staff to cover this busy shopping period, cybercriminals are
creating armies of automated cyber robots (bots) to carry out
large-scale attacks on businesses.
“We predict that the top retailers will sustain heightened
attacks from bot operators, looking to test personal accounts. Over
the next week, we are expecting approximately 5 to 8 million daily
identity testing attacks,” Pandey continues. “By analyzing our most
recent data, we can see that the scale of eCommerce attacks in the
final quarter of 2017 is likely to surpass the entire attack number
for all industries – including banking and media – during Q4
2016.”
In just the past 90 days:
- 171 million attacks were registered
this last quarter; around a 100-percent increase over Q3 2015
- New account registrations are twice as
likely to be fraudulent than trusted payments
- Identity data has replaced credit card
data as the key target for cybercriminals for long-term gain
- 450 million bot attacks were recorded,
with the majority focused on initial identity tests as well as
automated attacks.
- The EMEA region is a hotbed of
cybercrime, with transactions 63 percent more likely to be an
attack than in North America
- Brazil emerged as one of the top attack
originators, especially for new account origination attacks.
Coming at a time when millions of consumers are concerned about
the downstream effects of major breaches, the Q3 Cybercrime Report
examines attack patterns, which show increasingly dramatic spikes
that can be correlated to high-profile data breaches.
ThreatMetrix Q3 2017 Cybercrime Report – download now
About the ThreatMetrix Q3 2017 Cybercrime Report
The ThreatMetrix Q3 Cybercrime Report is based on actual
cybercrime attacks from July to September 2017 that were detected
by the ThreatMetrix Digital Identity Network during real-time
analysis and interdiction of fraudulent online payments, logins and
new account applications.
About ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, operates a global
shared intelligence network to differentiate trusted customers from
fraudsters. The ThreatMetrix Digital Identity Network® recognizes
behavior and identities across 4.5 billion unique devices from 1.4
billion anonymized users worldwide. More than 5,000 businesses rely
on ThreatMetrix as their decision engine to deliver a frictionless
digital customer experience across all online transactions for
increased profitability and security.
ThreatMetrix is recognized as the sole Leader in the 2017
Forrester WaveTM for risk-based authentication. Learn more at
www.threatmetrix.com.
© 2017 ThreatMetrix. All rights reserved. ThreatMetrix and the
ThreatMetrix logo are trademarks or registered trademarks of
ThreatMetrix in the United States and other countries. All other
brand, service or product names are trademarks or registered
trademarks of their respective companies or owners.
View source
version on businesswire.com: http://www.businesswire.com/news/home/20171114006112/en/
For ThreatMetrixSophie BrownTel: +44 (0)7919 095
793Email: sophiebcomms@gmail.comorCourtney AustinTel: +44
(0)7554 495 218Email: caustin@threatmetrix.com