Fintech Firms Primary Targets for Cybercrime Attacks
The financial services industry are prime targets according to research revealing 130 million fraud attacks detected in just a 90-day period with the growth in attacks outpacing transaction growth by 50%.
San Jose, Calif. based digital identity firm’s ThreatMetrix’s Q1 Cybercrime Report, based on actual detected cybercrime attacks from January-March 2017, showed heightened risk levels attributed to significant growth in cybercriminal activity from emerging markets. Data revealed 50% more cybercrime attacks originating from all of Europe than U.S., the single most attacked nation, and increasing cyberattacks from South America.
"We saw a number of high-profile global breaches over the last year. Identities are being bought, sold, traded and augmented by criminals seeking to improve the success of their increasingly complex attacks," Vanita Pandey, vice president of product marketing at ThreatMetrix, said "All of this points to one thing: Identities are the critical currency in cybercrime this year and it is up to businesses to look beyond static data to check that users are who they say they are."
The Q1 2017 Cybercrime Report also revealed that attack vectors and patterns are more evolved and malicious, including:
- Remote access Trojans, which contain a strong footprint in the financial services industry. RATs combine remote access software with precise social engineering attacks and get downloaded indiscernibly with a user-requested program or sent as an email attachment.
- Identity spoofing attacks target fintech firms through peer-to-peer loans, global remittance and potential loopholes in new and emerging platforms. ThreatMetrix research showed an 80% increase in digital wallet transactions year-on-year as well as a 180% increase in associated bot attacks, typically used to mass test identity credentials.
According to ThreatMetrix fraudsters use bots to mass test identity credentials and infiltrate trusted user accounts. New attack trends disclose fraudsters targeting emerging and fintech industries, which they view as more vulnerable to attack.
Because fintech has now become more mainstream with many traditional financial institutions accepting fintech operators as partners rather than competitors the threat landscape now encompasses a potentially broader victim base. “Attacks are growing as fraudsters increasingly target these vulnerabilities in order to monetize data from the dark web. The Network (ThreatMetrix Digital Identity Network) continues to see higher attacks for fintech than for traditional financial services institutions,” the report said.
"The complexity and speed of evolving attack vectors continues to take us by surprise. Fraudsters are operating within a much broader cybercrime landscape; one that shares knowledge, tools and exploits; trades information, tests and refines and constantly analyzes the market for new opportunities," Pandey added. "Businesses must become the all-powerful lion to the fraudsters' gazelle, outsmarting them with dynamic shared intelligence to genuinely understand online users' unique digital identities."