THE DARK SIDE
Digital transformation is making it easier not only for legitimate organisations to expand their reach but also for fraudsters and other bad actors to expand theirs, as per a Dell/RSA research
Digital transformation is making it easier not only for legitimate organisations to expand their reach but also for fraudsters and other bad actors to expand theirs. For example, cybercriminals are increasingly using mobile to ply their trade, as evidenced by a 680 percent increase in fraud transactions from mobile apps between 2015 and 2018. RSA expects to continue to see digital transformation unfold for both legitimate businesses and the cybercriminals who target them for fraud. This report explores this digital revolution that both sides are experiencing and examines its implications for fraud and other forms of cybercrime in 2019.
We will look at the digital developments, market forces and regulatory pressures that are driving this shift in how fraudsters and others commit their crimes, as well as how anti-fraud forces fight them.
TREND #1 Cybercrime’s Growing Preference for Mobile
Fraud in the mobile channel has grown significantly over the last several years, with 70 percent of fraud transactions originating in the mobile channel in 2018. In particular, fraud from mobile apps has increased 680 percent since 2015. In another indication of the growing popularity of mobile as a channel for cybercrime, the use of rogue mobile applications
Fraud in the mobile channel has grown significantly over the last several years, with 70 percent of fraud transactions originating in the mobile channel in 2018. In particular, fraud from mobile apps has increased 680 percent since 2015.
to defraud consumers is on the rise. RSA identified an average of 82 rogue mobile applications per day last year across most popular app stores.
The RSA Anti-Fraud Command Centre expects these and other forms of mobile-based cybercrime to evolve and grow even more prevalent as organisations continue to leverage the mobile channel to deliver new digital services to customers.
Cross-Channel Vulnerabilities
While fraud growth in the mobile channel continues to trend upward, it is by no means the only digital channel that fraudsters are exploiting. As organisations continue to introduce innovative products and services online, in the cloud and across other digital channels, cybercriminals can be expected to seize on these developments to launch more attacks. In this scenario, we see that the very advances that fuel innovation and growth of digital channels also fuel cross- channel fraud. This is one of the ways in which digital transformation creates both digital opportunity and digital risk.
Consider the move to an open API economy, in which organizations can more easily share data (and in some cases may even be required to do so by regulations such as the EU’s Payment Services Directive II, or PSD2) in the interest of customer convenience.
This results in innovations such as consumers being able to share account information with apps and platforms of their choice. For example, a consumer can choose to securely share financial data with an app that provides financial planning. But it also creates vulnerability across channels that cybercriminals will be eager to exploit.
Or think about how an increase in cybercrime can accompany the introduction of a new digital service. For example, the RSA Anti-Fraud Command Centre saw phishing attacks increase 178 percent after leading banks in Spain launched instant transfer services. Cybercriminals are always alert to these types of developments and quick to seize on them for their own nefarious purposes.
Still Phishing
Mobile may be taking centre stage as an increasingly popular vehicle for cybercrime, but that doesn’t mean the end of tried-and-true methods like phishing. To the contrary, phishing increased 12 percent and accounted for 47 percent of all fraud attack types RSA detected in 2018. It still works, and it’s not likely going away anytime soon.
TREND #2 Using Legitimate Platforms for Illicit Activity Social Media: The New Public Square for Fraud
In the 2018 Current State of Cybercrime, RSA reported on a fast- growing trend of cybercriminals relying on Facebook, Instagram, WhatsApp and other legitimate social media and messaging platforms to
communicate with each other and sell stolen identities, credit card numbers and other ill- gotten gains. Our prediction that this trend would expand and continue has been borne out. By the end of last year, social media fraud attacks had increased 43 percent, as cybercriminals continued to find new ways to exploit social media platforms for gain.
One such development involves the Telegram bot feature that is being used by cybercriminals to facilitate and automate their activities. Some provide automated tools for common actions to enhance communications, whereas others provide actual fraud services via online stores. RSA Anti-Fraud Command Centre findings suggest trading in stolen identities will gain even greater momentum, with more stores likely opening on legitimate platforms to sell this type of data. Given the ease of use, absence of fees and other benefits of these platforms, continuation of this trend in 2019 should come as no surprise.
Using Mobile to Stay Low-Profile
RSA is seeing cybercriminals use mobile not just as a vehicle for launching phishing, malware and other attacks but also as a platform for resources that make it easier for them to carry out criminal activity and get away with it. In addition to using legitimate mobile apps for nefarious purposes, they are also developing their own apps to increase their anonymity, avoid detection and otherwise keep anti-fraud forces from tracking them down and exposing what they’re doing, as RSA has reported. We can reasonably anticipate that this activity will continue to grow as cybercriminals become increasingly emboldened by their successes.
The Advantages of Blockchain for Cybercriminals
RSA reported last year on the use of a blockchainbased domain name system (DNS) to host sites such as stores that sell credit card information or other stolen data. Unlike traditional DNS addresses, which are subject to oversight by governing organisations like ICANN, blockchain based DNS addresses have no oversight. That makes it harder for law enforcement to interfere with their operations, including taking down sites, and that makes the popularity of blockchain among cybercriminals likely to grow. This is one reason RSA anti-fraud experts are predicting more fraud websites will be utilising blockchain domains in 2019.
Cybercriminals are developing their own apps to increase their anonymity, avoid detection and otherwise keep anti-fraud forces from tracking them down and exposing what they’re doing.
In a relatively short time, we’ve gone from individuals presenting themselves in person when making purchases to not being present at all, across a multitude of transaction channels - even to the point of being represented by devices in the age of IoT.
Exploiting On-Demand Services Platforms
What’s the next frontier for cybercriminals looking for legitimate online platforms they can exploit? CNBC recently reported on the use of on- demand services platforms such as Uber and Airbnb to launder money made from credit card fraud: “Money laundering is an essential element in the proliferation of cybercrime, as much of the funds come in the form of crypto- currencies with a chain traceable to crime.” Using on- demand platforms to hide ill- gotten gains is one thing; using them to actually commit fraud is another. But it happens: CNET has reported on Uber drivers being victimised by fraudsters, who impersonate the company’s driver support team to cancel a ride, get the driver’s Uber account credentials and then use them to steal the wages in the account before they are transferred to the driver’s bank.
TREND #3 Fight Fire With Fire
The trend toward using the latest digital technologies in cybercrime increasingly applies both to committing and fighting cybercrime. Here are some examples of how both sides are making the most of advanced digital capabilities. Watch for 2019 to bring more cybercrime that’s based in automation and IoT - as well as more anti-fraud capabilities that are technology- driven.
IoT
The more IoT devices become part of everyday
life, the more cybercriminals are going to find ways to exploit them. So how can you trust your self- driving car to get an oil change without taking you for a ride financially? Being able to spot risky behavior in human-not present transactions is critical to preventing fraud.
Cross-Channel Fraud
Cybercriminals are exploiting the growth of crosschannel vulnerabilities by using one channel to break into another. One of the most common examples is a type of account takeover in which a fraudster interacts with an organisation’s call centre to change the password in order to gain access to an online account. Aside from web and mobile, 38 percent of organizations cite the call center as the channel they’re most concerned about for fraud vulnerability.
Self-Learning Risk Engines
Today’s risk engine technology uses sophisticated machine-learning models to automatically adapt its assessments of fraud risk, based on what it learns over time. The RSA Risk Engine is just one example.
Behaviour Analytics
Fighting cybercrime is about identifying the good guys as well as the bad guys. That increasingly means using behaviour analytics to detect whether people and things are interacting with someone’s accounts and information in expected ways—and being prepared to act quickly when they’re not.
Authentication Hub
One of the most effective weapons for fighting cross- channel fraud is an authentication hub, which provides a central point of visibility from which to detect fraud across channels. Given the growing concern about cross- channel fraud, it should come as no surprise that more organisations are adopting this technology. In the financial services industry, for example, 52 percent of financial institutions indicated they would be adopting an authentication hub in the next one to two years.
As organisations become increasingly digital, the challenge of finding and fighting cybercrime becomes tougher. In a relatively short time, we’ve gone from individuals presenting themselves in person when making purchases to not being present at all, across a multitude of transaction channels - even to the point of being represented by devices in the age of IoT. Cybercriminals are exploiting this trend, both by taking advantage of the increasing difficulty of authenticating identities and by taking advantage of digital technologies themselves. As the digital transformation of both business and cybercrime continues, organizations must be increasingly vigilant and increasingly well equipped technologically, to protect themselves from sophisticated attacks. In this way, digital transformation becomes both a critical contributing factor in the problem of growing cyber risks today - and a critical resource for solving it.