Legal research service firm LexisNexis recently released its biannual Cybercrime Report, revealing important details that can guide security teams as they address existing and emerging cyber threats in 2021. The report shows an ever-evolving cyber threat landscape and the need for enhanced security visibility.
The comprehensive study examined over 24.6 billion transactions in various industries and use cases that took place from July to December 2020. These are transactions monitored by the LexisNexis Digital Identity Network, which serves as a shared intelligence repository compiling various consumer interaction information including logins, payments, and applications for new online accounts.
The network saw a staggering 12 billion year-on-year increase in transactions in 2020. Interestingly, the rate of cyber-attacks has fallen relative to the number of transactions. This does not indicate a slowdown in cyber threats and risks, though. The attacks only shifted in their form or approach. That’s why there is no reason to let up on cybersecurity.
Bot attacks rising
One of the key findings of the report is the notable rise in the volume of bot attacks, which happened while the number of human-initiated attacks fell. According to the study, human-led cyber assaults decreased by 184 million in 2020, while the amount of bot-driven cyber threats increased by 100 million.
While hacks and attacks primarily driven by humans tend to be more sophisticated, bot attacks are not much easier to detect and remediate. Former Akamai security expert Ido Safruti, who is now CTO at PerimeterX, describes new bot attacks as invisible invaders that are becoming more difficult to detect.
“Next-generation bots are outsmarting companies every day. Detecting and deterring these often invisible attacks is difficult, and the standard tricks of the trade such as logfile analysis, are inadequate,” Safruti explains.
Having evolved over the decades, these attacks have become more sophisticated than ever. While previous bots can be detected because of their inability to perform tasks humans are expected to do easily, advanced bots are now capable of doing complex actions and can even interact with humans. They can latch onto host users like parasites and perform actions that make them appear as human users.
Conventional measures not enough
IP address blacklisting is usually not an appropriate solution to deal with these automated threats. This is because bot attacks are typically malware that infect multiple devices such as smartphones and IoT gadgets. As such, they are not associated with a common IP address. Their attacks register with unique IP addresses.
These attacks are often disguised as ordinary or normal computer users that do not appear suspicious, so security controls like web application firewalls often fail to identify them. They can undertake an account takeover to obtain login credentials that can then be sold on the Dark Markets. They can also perform click fraud, engage in DDoS attacks, or browse websites using different fabricated identities. They can also be deployed to facilitate ticket scalping operations or to game voting systems.
Detecting and blocking advanced bots require enhanced cyber threat intelligence and greater security visibility, which enables prompt detection and response coordination. One of the most effective ways to address them is continuous security validation. This entails the use of multiple strategies including behavioral detection solutions, SIEM/SOC validation, full-kill chain APT simulation, and purple team automation.
The creation of the MITRE ATT&CK framework also helps in dealing with the most recent bot attacks, as it provides comprehensive and up-to-date threat intelligence along with detailed descriptions and information on attack patterns and processes. Many security solutions already integrate ATT&CK in their systems.
Vulnerability among the young and old
Just because someone is young does not mean they are less vulnerable to attacks. The LexisNexis report shows that the most vulnerable users are those in the below-25 age bracket followed by the 75-and-older group. The idea that younger people are “techie” does not necessarily mean that younger people are cyber security-conscious.
An analysis of the data collected shows that there was a 10 percent growth in the number of new computer users who belong to the below-25 age bracket. They tend to be more susceptible to falling prey to attacks because of their lack of experience in using web-enabled devices, particularly when it comes to installing security software and following best practices in securing their devices. The report suggests that attackers tend to have higher success rates when they target younger users.
Seniors who are at least 75 years old, on the other hand, understandably suffer from more attacks because of their limited familiarity with security measures and digital technologies in general. It is also not surprising that the report found that cyber-attack losses per customer rise progressively with the victim’s age. Older people have more disposable income.
More mobile e-commerce and new account creation attacks
Moreover, the report reveals that mobile e-commerce payment transactions have the highest attack rate among industries at 2.7 percent. With many businesses turning to the internet to continue operating amid the new normal, it is indubitable that there is a necessity to strengthen security systems. Businesses need to extend their security visibility to swiftly spot anomalies and deploy solutions as soon as possible.
Also worth noting is the increase of attacks on new account creations for media companies. The LexisNexis study says that media entities like video streaming services, gaming platforms, and gambling sites have been more prone to new account creation attacks in 2020 compared to other industries.
Companies cannot allow hackers to successfully hijack payment transactions or the very first point of interaction with a customer (signup process), lest they lose their customers’ trust and confidence. Also, customer attacks can become vulnerabilities that can create opportunities for bad actors to breach cyber defenses and spread malicious software.
“While digital businesses are working hard to better provide for new and existing customers, they must identify and mitigate potential risks moment by moment in order to protect consumers from becoming victims of fraud,” says Rebekah Moody, LexisNexis’s Director of Fraud and Identity.
To provide adequate security, organizations need to have better cyber threat intelligence to ensure more rapid attack detection and response. “Digital identity intelligence, in particular, is crucial for businesses to understand the behavior, transaction history, and device intelligence of each identity entering their environment. When we can crowdsource real-time intelligence across global digital businesses, it offers an unparalleled view of trust and risk,” Moody explains.
Knowledge is power
One crucial development in the field of cybersecurity over the years is the increased collaboration among security experts from various fields. This has led to better information sharing and coordination to quell the newest cyber threats. It would be inexpedient for companies to buck this trend of security cooperation and coordination within their respective organizations and refuse to unify security controls to have better security visibility.