Neustar International Security Council launched ... » LONDON, UK: Neustar, Inc. has announced the launch of the Neustar International Security Council (NI... RiskIQ Digital Threat Management Platform Recognis... » LONDON, UK: RiskIQ has been recognised in an Ovum Research “On the Radar” report for providing orga... ExtraHop introduces new professional services fo... » UK: Today at Interop ITX has announced new professional services for cloud migration, datacenter mig... MIKE SMITH BECOMES NEW ECA PRESIDENT » A highly respected electrical engineer and businessperson – Mike Smith of SES Engineering Services –... Patriot One obtains purchase agreement with rese... » TORONTO:  Patriot One Technologies Inc. has announced a reseller agreement with Information Technolo... TDSi and LITESTAR announce new partnership in Si... » Poole: TDSi has announced a new partnership with Singapore-based installation specialist LITESTAR Te... FSA 10TH BIRTHDAY TOPS THE BILL AT IFSEC SHOW » Fire and security business representatives are being urged to attend the Fire & Security Association... Intercede announces Secure Login for WordPres... » Lutterworth, England/Reston, VA: Recently, digital identity and credentials expert, Intercede announ... Senior Intelligence Official Ron Moultrie joi... » NEW YORK, NY: Balabit has announced today that the former Director of Operations at the National Sec... Luke Kleszcz joins security manufacturer as Fina... » Poole: Integrated has announced the growth of its Finance team with the appointment of its new Finan...

CLICK HERE TO

SOCIAL BOOKMARK

Case Studies

NuData Security has announced that they had observed a 400 percent surge in automated online attacks over the 2016 holiday period.

NuData data scientists discovered an increase in maliciously scripted botnet activity of over 400 percent against many large online retail client sites during the last quarter of 2016 compared to the previous year.

· Of the 5.6 million anomalous behaviours detected, over 1 million events were directly attributed to malicious automated activity from scripts and bots.

· Malicious scripted, bot and botnet activity accounted for 31% of all login activity for the month of December.

· Had they been successful, these automated attacks would have been used to  power identity-based account takeover (ATO) and a wide array of cybercrime over the holiday period, including account information scraping, transaction fraud, coupon and reward abuse.

NuData found high levels of new account fraud in September and October of 2016, with some online merchants experiencing a record-breaking 60 percent of new accounts opened with fraudulent intent in the lead up to the holiday season.

· Much of the increase in new account fraud was spoofing human input characters such as keystrokes and mouse movements and putting these in through scripts to look more legitimate. For a good example of how this type of attack can occur, see this rewards fraud case .

· The fraudulent creation of new accounts waned during the last few weeks of the fourth quarter, falling to 22 percent in late December, indicating that cybercriminals switched their focus from fraudulent new account openings to scripted account-based fraud attempts over the holidays.

In 2016 NuData found that a ttacks against the login of NuData’s clients’ sites doubled over the previous year.

· Both the  volume and sophistication of these attacks spiked, f ed by the increased availability and low-cost of stolen consumer credentials available for sale on the Dark Web, harvested from massive data breaches in 2015 – 2016.

There is a demonstrated increase in the sophistication of automation, with bad actors using legitimate GUI-like automation trying to manipulate how pages are used.

· Fraudsters leverage volumetric spikes in activity over holiday shopping periods to circumvent detection – and policies that retailers deploy to lower the risk threshold to ensure good customer experience over the holidays.

· Bad actors are using increasingly sophisticated tactics to mimic human behavior and adjust the timing of their attacks, such as using b asic bots to perform velocity type functions and complex bots that are spoofing IPs, emulating devices, apps or browsers.

NuData found that account takeover continues to be a dire problem .

· What makes ATO so dangerous is fraudsters target accounts created by real users, and use their stolen credentials to access these accounts.

November/December 2016 ATO events on several large retailers

· 7,620,605 total confirmed attack events

· Equivalent to 2310 per minute or 38.5 per second

Robert Capps, VP of business development for NuData Security explains, “Cybercriminals are using bots to run automated tasks that increase the efficiency of attacks on confidential data such as login and payment details. The growing sophistication of cybercriminals is evident in the evolution of advanced attacks, their strategic timings and the use of tools such as malicious programs. These tools allow a relatively few number of technically skilled cybercriminals to conduct cybercrime on a global scale, effectively increasing the growth of cybercrime exponentially.”