ThreatMetrix: Cyber-attacks more complex, more frequent and global in nature
By Dzof Azmi May 16, 2018
- Vietnam is one of the world's top five attack originators; Singapore a top attack destination
- Asia sees highest level of account creation attacks, targeting e-commerce, media companies
VIETNAM is now one of the world's top five attack originators, while Singapore has emerged one of the top attack destinations according to data collected by the ThreatMetrix Digital Identity Network this quarter.
This was part of an overall trend of increased attacks, with the security company detecting and stopping 251 million attacks globally, as the overall attack rate grew 50% year-on-year.
"The attacks are getting more complex, more frequent and global in nature," said ThreatMetrix Product Marketing and Strategy vice president Vanita Pandey.
“Billions of online users are generating huge swathes of data and unfortunately it is becoming easier and easier for cybercriminals to steal and monetise this,” continued Pandey. "The data is out there: Most of us have some elements of our digital identities that have been compromised."
These are some of the insights highlighted by ThreatMetrix, a security technology company that profiles online transactions to identify potential fraudsters.
"We have the world's largest digital identity network," she explained, adding that their customers include five thousand of the world's biggest brands, and includes banks and companies in Malaysia.
Staying secure is more challenging
"All of us have become vulnerable customers because there are very powerful computational devices (out there)," stressed Pandey, recognising that with greater convenience comes more opportunities for attacks.
"We're in a digital world now (where) I can send up to twenty thousand dollars from my phone, I can continue to be logged in through Venmo and never have to reauthenticate myself," she explained. "So if my phone is with someone else they can send themselves a lot of money."
In fact, staying secure is now more challenging, even for the tech-savvy, with every decision an exercise in risk management.
"If I'm traveling, I sometimes sign up for free Wi-Fi and am leaking some digital data in that process," she said. "There is so much information that's out there that the concept of vulnerable customer has changed."
For example, even how you hold your phone or use the keyboard is data that can be captured and analysed.
This is reflected in more statistics from the report: Asia saw highest levels of account creation attacks, especially targeting e-commerce and media companies, while identity and device spoofing are the top attack vectors in the region.
"I think the companies that we work with are aware of the fact that a lot of times the data is compromised," she confessed.
Pandey quoted as an example a case where there were vetting transactions. One customer had great credit history, and would have normally been accepted without hesitation, except for their name: It was literally "Fake Name".
"This guy is taunting us, you know," said Pandey.
The usual provisos apply to people conducting transactions on the Internet: don't share passwords, and be on the lookout for suspicious account activity.
Perhaps the hardest thing for people to avoid are malicious scammers who use social engineering to take advantage of the very human instinct to blindly follow instructions from authority figures in novel situations.
"They are trained to prey on some of these weaknesses," admitted Pandey.
Need for regulation
There is a growing recognition that users need protection with the help of suitable laws, such as the EU's General Data Protection Regulation (GDPR), and many countries look to Europe to see how protection of individual privacy may be regulated.
Pandey highlighted three things that all regulations should aim to achieve, namely, "to secure the transaction and the user; to foster competitiveness; and to drive innovation."
What such laws would do is place the onus on the private sector to secure the user. "If you have a company that's made a business out of that data, then you need to take responsibility," emphasised Pandey, contrasting what relatively lax verification by social media networks with what banks and financial institutions need to do for their transactions.
"It's their duty to make sure that they are not compromising the validity of their platform by not checking."