23
Global Insights from the ThreatMetrix ® Digital Identity Network ® CYBERCRIME REPORT APAC
Global Insights from the ThreatMetrix® Digital Identity Network®
CYBERCRIME REPORTAPAC
Foreword
Overview
Regional Trends
CYBERCRIME REPORT
PAGE 2
APAC
Industry Trends
Mobile
Region Spotlight
Conclusion
Home to 60 percent of the worlds population, and nearly 4.5 billion people speaking almost 2,300 languages, there are great disparities across the APAC region in terms of employment opportunities, access to financial services, digital transformation and penetration of e-commerce.
The region is a dichotomy; on the one hand, it is home to more than half of the world’s digital population, and yet many countries within the region still have a high proportion of unbanked and underbanked customers, with almost no digital footprint. Technological hubs like Singapore exist alongside emerging and growth economies like Vietnam, driving a diverse pattern of mobile and internet penetration across the region.
However, when it comes to cybercrime, the region is very much part of a global, growth industry. Fraudsters are increasingly organized and establishing regional outposts in emerging economies, with Asia-Pacific seemingly becoming the bot epicenter of global cybercrime. Highlighting the ever-growing spread of breached identity data – the lifeblood of global cyberattacks – countries like Malaysia, South Korea and Vietnam are all taking prominent positions as prime bot originators.
At the same time the region is on a digital transformation journey, with a proliferation of mobile payments technologies, regulatory reform, virtual banking initiatives and digital ID proposals. This digital transformation is underpinned by the desire to leverage evolving technologies that can target increased financial inclusion in the region, as well as reduce fraud and the threat of cybercrime.
The growth in cybercrime, both in the APAC region and globally, puts digital businesses under increasing pressure to maintain a safe and secure online customer experience, without risking exposure to automated bots, identity spoofing attacks, or phishing and malware scams. This relies on a layered approach to understanding the true identity of the transacting user, with access to global digital identity intelligence to help detect high-risk and fraudulent scenarios.
Foreword
CYBERCRIME REPORT
PAGE 3
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC Report Overview
The ThreatMetrix® APAC Cybercrime Report is based on actual cybercrime attacks from July – December 2018 that were detected by the ThreatMetrix® Digital Identity Network® (the Network) during real-time analysis and interdiction of fraudulent online payments, logins and new account applications.
• The ThreatMetrix Digital Identity Network provides visibility and insight into transaction patterns and emerging cybercrime threats. ThreatMetrix analyzed 2.3 billion transactions in APAC during H2 2018, with 50% originating from a mobile device, slightly lower than the global average.
• A high proportion of transactions in the APAC region are cross-border. This means they are transactions with a business outside of the end user’s country of origin. This highlights the global diversity of the region and the need for businesses to have a global, cross-border view of risk.
• Transactions are analyzed for legitimacy based on hundreds of attributes, including device identification, geolocation, previous history and behavioral analytics.
• The Network and its real-time policy engine provide unique insight into users’ digital identities, even as they move between applications, devices and networks.
• ThreatMetrix customers benefit from a global view of risks, based on these attributes and rules that are custom-tuned specifically for their businesses
• Attacks discussed are from “high-risk” transactions scored by ThreatMetrix customers.
2.3 Billion Transactions Processed
14.8 Billion IndiaBiggest Attacker
MalaysiaBiggest Bot Attacker
35 Million Human-initiated Attacks
209 Million
1.2 Billion Bot Attacks
1.6 Billion
Including
14 MillionMobile Attacks
89 Million480% Growth in Bot Attacks YoY
45%50% Transactions Come from Mobile
61%
Asia-Pacific Rest of the World
CYBERCRIME REPORT
PAGE 4
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC H2 2018 in Numbers – Transactions Originating from APAC
CYBERCRIME REPORT
PAGE 5
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC
The Bot Epicenter:
• The region has emerged as a hotbed for automated bot attacks, with the huge 480% year-on-year growth in such attacks significantly outpacing global growth of 45%. E-commerce merchants face the most disruption from the pernicious and widespread impact of high volume automated bot traffic, with these identity testing bot attacks often contributing to more than half of an e-commerce merchants daily transaction volume. This makes it critical for merchants to detect and block bot traffic before it has an impact on their ability to accept orders from good customers.
Growth Economies Fueling Rise in Bots:
• The majority of automated bot traffic originates from dispersed geographies within the APAC region. Top bot originators include Malaysia, Vietnam and South Korea. The risk from automated bot attacks appears to be growing year-on-year in APAC, perhaps indicating the fact that cybercrime is developing into an industry in its own right, serving smaller growth economies with stolen credentials and the tactics for how best to monetize them.
High Percentage of Identity Spoofing Drives New Account Creation Fraud:
• The most prevalent attack vector in the region is identity spoofing, driven by the availability of stolen identity data in the wild. This in turn fuels a high percentage of new account creation attacks as fraudsters open fraudulent accounts to monetize stolen credentials or as a gateway to further fraud.
Key Highlights
CYBERCRIME REPORT
PAGE 6
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC
The ThreatMetrix® Identity Abuse Index shows the percentage of attacks per day across the entire ThreatMetrix Network, mapping the peaks and troughs in attack patterns over the last four years. This provides a clear indicator of the impact large data breaches have on global cybercrime, with the most significant spikes in attacks often coinciding with big data breaches reported in the news.
At times, breached identity data may manifest in increased attacks on the Network before a breach has even been discovered or reported, indicating that fraudsters see the time immediately after a breach as the most lucrative period for launching an attack.
In 2018, the Network experienced a high volume of global bot attacks originating from diverse and emerging economies. This indicates the huge dispersal of breached
identity data to all corners of the globe, with smaller peaks in attacks often representing attacks from new geographies.
An Identity Abuse Index level of High (shown in red) represents an attack rate of two standard deviations from the medium term trend. Aggregated over all global transactions, this shows that the exploitation of stolen identity information is automated, disseminating to countries across the globe in an organized and comprehensive way.
6.0%
5.5%
5.0%
4.5%
4.0%
3.5%
3.0%
2.5%
2.0%
1.5%
1.0%
0.5%
0%
High Medium Low
Identity Abuse Index
The ThreatMetrix® Identity Abuse Index
Atta
ck R
ate
Jan 2018 Feb 2018 Mar 2018 Apr 2018 May 2018 Jun 2018 Jul 2018 Aug 2018 Sep 2018 Oct 2018 Nov 2018 Dec 2018
CYBERCRIME REPORT
PAGE 7
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC
In line with global trends, the APAC Identity Abuse Index shows that the latter half of 2018 was less volatile than at the beginning of the year, with overall attack trends decreasing in intensity and frequency.
However, significant spikes in attacks were still recorded in the APAC region, with the biggest peaks seen in January and May. These corresponded to high volume cross-border bot traffic.
APAC Identity Abuse Index
Atta
ck R
ate
22%
28%
20%
26%
18%
24%
16%
14%
12%
10%
8%
6%
4%
2%
0%
High Medium Low
APAC Identity Abuse Index
Jan 2018 Feb 2018 Mar 2018 Apr 2018 May 2018 Jun 2018 Jul 2018 Aug 2018 Sep 2018 Oct 2018 Nov 2018 Dec 2018
CYBERCRIME REPORT
PAGE 8
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC The Growing Threat of Networked Cybercrime
The Network is seeing a strong footprint of cross-organizational and cross-industry fraud.
This is seen when digital identities have been associated with confirmed fraud attempts by more than one organization within the Network.
The strongest correlation of fraud, (as shown by the darkest colors in the heat map opposite), is for organizations within the same industry, particularly banking, gaming/gambling, lending and retail. However, there are some strong patterns of shared fraud within different industry groups, such as between banking / cryptocurrency and media streaming / retail.
Examples of cross-organizational attack patterns that ThreatMetrix encounters in the Network include:
• The same bot targeting multiple organizations, often outside the country where the bot originated.
• Mule accounts linked in networks that span multiple banks in the Network.
This global nature of cybercrime illustrates the value of using a global network of digital identity intelligence to protect global organizations.
Heat Map Showing Level of Shared Fraud Across Organizations
Banking
Travel
Crypto Currency
Telco
Dating/Social Networking
Retail
Gaming/Gambling
Media Stream
ing
Lending
Lending
Media Streaming
Gam
ing/Gam
bling
Retail
Dating/Social N
etworking
Telco
Crypto C
urrency
Travel
Banking
CYBERCRIME REPORT
PAGE 9
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC APAC Transactions & Attacks
8.0% Payments
4.0% Account Logins
12.8% New Account Creations
Attack rate is based on percentage of transactions identified as high-risk and classified as attacks, by use case. Events identified as attacks are typically blocked or rejected automatically and in real time depending on individual customer use cases.
ThreatMetrix transactions span the full spectrum of global industries, from e-commerce, financial services and media, to gaming and gambling and telco. ThreatMetrix protects transactions across the entire customer journey, from digital onboarding, to streamlining logins, verifying password reset/change of details and authenticating payments.
In APAC there are more account takeovers by volume than any other transaction, however, as a percentage of overall volume, logins are still the safest transaction type overall. Businesses that
are able to build trusted customer profiles are therefore better equipped to protect those same customers online.
New account creations in the region are the most attacked transaction type as a proportion of total volume. This is generally an opportunity for cybercriminals to use stolen identity credentials to open fraudulent new accounts and perpetrate further criminal activity, such as applying for loans or monetization of stolen credit cards.
Interestingly, the APAC region has a higher attack rate across all transaction types compared to global figures. This points to the diversity of the region in terms of economic growth and digital transformation. Some of the biggest economic powerhouses such as Japan and Singapore operate alongside growth and emerging economies such as Vietnam and Cambodia. This creates a complex landscape for cybercrime, whether sophisticated scams targeting online banking or simple phishing attacks taking advantage of end users who are potentially new to digital transacting.
DeviceSpoofing
IdentitySpoofing
IPSpoofing
Mitb orBot
Attack Vectors Attack Rate per Transaction Type
6.9%
11.2%
2.5%
6.0%
The columns represent percentage of total transactions that were recognized as attacks.
CYBERCRIME REPORT
PAGE 10
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC APAC Regional Trends
SE Asia• E-commerce – 66% of all payments transactions
come from a mobile device, a higher proportion than the global average of 56%
• Financial Services – Region has seen a drop in attacks on logins and payments transactions, but new account creations have grown considerably. There was a 78% growth in attacks year-on-year overall and 105% growth on mobile new account creations
• Media – Significant growth in attacks on new account creations, specifically in the last six months, with attacks growing 48% overall and 114% for mobile transactions
China• E-commerce – Growth in mobile payments attacks,
with Greater China seeing a 54% year-on-year growth
• Media – Second highest percentage of account takeovers at 17%
Japan• Financial Services – Strong growth in attacks on
mobile logins. These attempted account takeovers have grown 326% compared to H1 2018
• Media – Consistent growth in attempted account takeovers; 33% overall year-on-year and 50% for mobile transactions specifically
India• E-commerce – 81% of all new account creations from
India originate from mobile, indicating how mobile is driving the growth of digital commerce in the region
• Financial Services – Almost one in four new account creation transactions originating in India is an attack, the highest of any region
• Media – Payments transactions have seen a growth in attack rates of 29%
ANZ• E-commerce – All e-commerce transactions see a very
low overall attack rate, with just a 5% attack rate on new account creations in comparison to 14% globally
• Financial Services – New account creations attack level has grown 19% in the last six months. In Australia specifically, this rises to 33%
• Media – Attack rates have grown 259% overall and 330% for mobile new account creations
CYBERCRIME REPORT
PAGE 11
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC
Top 10 Attackers List
#1 India
#2 China
#3 Japan
#4 Australia
#5 Bangladesh
#6 Hong Kong
#7 Vietnam
#8 Philippines
#9 Pakistan
#10 Thailand
APAC Top Attack Originators
The top 10 attack originators in the APAC region include a diverse range of countries, from the largest economies of India and China, to emerging and growth economies like Thailand and Bangladesh.
The APAC region is also becoming an epicenter of bot attack activity, with such attacks originating from emerging economies such as Vietnam.
This mirrors the global trend in which growth economies are increasingly making their mark on the cybercrime world stage, highlighting the widespread dissemination of breached identity data to countries across the globe.
India
China
Japan
Australia
Bangladesh
Vietnam
Thailand
Philippines
Pakistan
Hong Kong
Based on total number of attacks detected by geography of origin.
CYBERCRIME REPORT
PAGE 12
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC Cybercrime Risk Across the Customer Journey in APAC
New Account Creations
RISK RISKRISK• High new account creation attack
rate in both e-commerce and media
• New accounts are prime targets for identity testing attacks.
• Payments transactions in Financial Services has the highest attack rate
• Fraudsters target financial services due to the immediate monetization of payments.
• High login attack rate in both e-commerce and media
• Fraudsters attempt to takeover accounts using stolen identity credentials in order to access saved credit card/financial information/sensitive personal information.
PaymentsLogins
15.8% E-commerce
4.9% Finance
13.2% Media
7.7% E-commerce
1.6% Finance
4.2% Media
5.4% E-commerce
10.1% Finance
0.8% Media
Attack Rate Per Industry Attack Rate Per Industry Attack Rate Per Industry
Attack rate is based on percentage of transactions identified as high-risk and classified as attacks, by use case. Events identified as attacks are typically blocked or rejected automatically and in real time depending on individual customer use cases.
Asia-Pacific Rest of the World
7.1%
5.5%
9.7%
5.8%
2.0%1.6%
6.0%
10.7%
CYBERCRIME REPORT
PAGE 13
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC
15.8% E-commerce
4.9% Financial Services
13.2% Media
Attack rate is based on percentage of transactions identified as high-risk and classified as attacks, by use case. Events identified as attacks are typically blocked or rejected automatically and in real time depending on individual customer use cases.
Attack Rate per Industry
APAC Trends in New Account Creations
Attack Vectors
• Mirroring global trends, e-commerce in APAC sees a high rate of new account creation attacks despite an overall drop in human-initiated attacks throughout the customer journey. Some of this volume may have migrated to bot traffic given the strong growth in automated attacks.
• The new account creation attack rate is marginally higher in APAC when compared with the ROW attack rate.
• In line with global trends, customers in APAC are increasingly opting to bank online, with 62% of new account creation transactions originating from a mobile device.
• In the rest of the world, transaction growth and attack rate has remained consistent year-on-year. In APAC, whilst transaction volume is not growing, attacks on these transactions have increased 29% year-on-year and the attack rate is just under double that of the ROW number.
• The risk associated with mobile new account creations in APAC is also growing 82% year-on-year. This growth indicates how fraudsters are increasingly targeting the mobile channel; a trend the Network sees globally.
• Media consumers in APAC show a preference for opening accounts on a mobile device, with 76% of transactions coming from a mobile device.
• Although the media industry experiences a higher ROW attack rate on new account creations, attacks on these transactions in APAC are growing at a much faster rate; 40% in the last six months, compared to 13% for the rest of the world.
• By extension, mobile new account creations have also grown 55% in APAC, outpacing ROW growth of 18%.
E-commerce
Financial Services
Media
DeviceSpoofing
IdentitySpoofing
IPSpoofing
Mitb orBot
The columns represent percentage of total transactions that were recognized as attacks.
CYBERCRIME REPORT
PAGE 14
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC
Asia-Pacific Rest of the World
APAC Trends in Logins and Account Takeovers
7.7% E-commerce
1.6% Financial Services
4.2% Media
Attack rate is based on percentage of transactions identified as high-risk and classified as attacks, by use case. Events identified as attacks are typically blocked or rejected automatically and in real time depending on individual customer use cases.
Attack Rate per Industry
Attack Vectors
• In APAC, account logins in e-commerce experience the biggest attack rate compared to any other industry, with the 7.7% attack rate outpacing the comparative ROW figure of 4.6%.
• Interestingly, e-commerce logins in the APAC region have a significantly larger mobile penetration when compared to the rest of the world; 42% of login transactions originate from a mobile in APAC, compared to 29% ROW.
• There is a high volume of mass scale bot attacks from APAC targeting cross-border e-commerce merchants, as fraudsters attempt to test the validity of stolen identity credentials harvested from data breaches.
• The Network has seen a significant growth in login transactions year-on-year, with the growth primarily driven by an increase in mobile login transactions, in line with the global propensity towards transacting via mobile banking apps.
• Financial services login transactions in APAC are two times more risky than ROW login transactions, although the risk is falling year-on-year.
• The media industry in APAC has an attack rate of almost double the ROW figure.
• Attacks on logins in the APAC region are growing 10% year-on-year, a contrast to the rest of the world where there has been a fall in such attacks.
• There is some indication that the risk to mobile logins in media is growing in the APAC region, an opposite trend to what the Network is seeing globally.
7.7%
5.7%5.3%
2.1%
4.6%
2.1%2.4%
11.6%
DeviceSpoofing
IdentitySpoofing
IPSpoofing
Mitb orBot
The columns represent percentage of total transactions that were recognized as attacks.
E-commerce
Financial Services
Media
CYBERCRIME REPORT
PAGE 15
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC
5.4% E-commerce
10.1% Financial Services
0.8% Media
Asia-Pacific Rest of the World
APAC Trends in Payments
Attack rate is based on percentage of transactions identified as high-risk and classified as attacks, by use case. Events identified as attacks are typically blocked or rejected automatically and in real time depending on individual customer use cases.
Attack Rate per Industry
Attack Vectors
• In APAC, the attack rate for e-commerce payments is more than double the ROW figure and while the ROW attack rate for e-commerce payments appears to be falling, the attack rate in APAC is increasing slightly at 3%.
• However, mobile payments in APAC are significantly safer than those in the rest of the world, with an attack rate of 0.6% in APAC versus 1.2% ROW.
• Financial services payments in APAC see the biggest attack rate compared to all other industries and is higher than the ROW attack rate.
• In line with this, mobile payments are also attacked at a higher rate than the rest of the world.
• APAC is a dichotomy between a market that is leading the field in pioneering mobile payments, whilst still serving a high proportion of unbanked and underbanked consumers.
• The attack rate for media payments in APAC is significantly lower than those in the rest of the world, with the ROW attack rate of 4.8% outpacing the 0.8% attack rate seen in the APAC region.
• The attack rate for mobile payments in media is 0.7% in APAC, compared to 5.2% in the rest of the world.
5.1% 5.6%
3.9%3.0%
9.6%
2.1%3.4%
12.4%
DeviceSpoofing
IdentitySpoofing
IPSpoofing
Mitb orBot
The columns represent percentage of total transactions that were recognized as attacks.
E-commerce
Financial Services
Media
CYBERCRIME REPORT
PAGE 16
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC Attack Spotlight: Global Bot Targets Japanese Telco
A telco company in Japan was the victim of a targeted bot attack from a source outside Japan. ThreatMetrix was able to help the company detect and block the attack by looking at various attributes from the source device and from across the Network, as well as analysing the frequency of the bot transactions.
ThreatMetrix provided this insight through identifying:
• the connection method
• attributes that had been disabled on the source device
• missing device attributes consistent with a BOT attack
• browser type, device type, and country of access for the device
• the frequency of access attempts from the same source
CYBERCRIME REPORT
PAGE 17
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC
Asia-Pacific Rest of the World55% vs 68%
Mobile Spotlight: Risk & Reward
Mobile Financial Services Transactions
Mobile vs Desktop Volume per Transaction Type Mobile Desktop
58% 42%Payments
70% 30%New Account
Creations
45% 55%Account Logins
Attack Rate - Mobile vs Desktop
4.2% Mobile
6.5% Desktop
Attack Rate per Transaction Type - Mobile vs Desktop
Payments
Account Logins
New Account Creations
Mobile
Desktop
Mobile
Desktop
Mobile
Desktop
9.2%
21.1%
5.5%
7.7%
2.2%
8.2%
Attack rate is based on percentage of transactions identified as high-risk and classified as attacks, by use case. Events identified as attacks are typically blocked or rejected automatically and in real time depending on individual customer use cases.
CYBERCRIME REPORT
PAGE 18
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC Region Spotlight – Hong Kong
2.8 Million Human-Initiated Attacks
Including
1.3 Million Mobile Attacks
Identity Spoofing Most Prevalent Attack Vector
79 Million Transactions Processed
9 Million Bot Attacks
52% Mobile Transactions
CYBERCRIME REPORT
PAGE 19
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC Hong Kong: A Prime Target for Cybercriminals
In the second half of 2018, Hong Kong emerged as a prime target for attacks.
One of the world’s most densely populated regions, Hong Kong is a significant financial centre and boasts one of the highest per capita incomes globally. These factors, combined with a more advanced digital economy, makes Hong Kong one of the main focuses for cybercrime in the APAC region.
Interestingly, Hong Kong was found to be a key target for Canadian fraudsters in the latter half of 2018, highlighting the growing pattern of dispersion in global attacks.
DeviceSpoofing
IdentitySpoofing
IPSpoofing
Mitb orBot
Hong Kong Attack Vectors
5.3%
9.0%
2.0%
6.6%
The columns represent percentage of total transactions that were recognized as attacks.
CYBERCRIME REPORT
PAGE 20
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC Conclusion
The APAC cybercrime trends epitomize many of those that we see globally; a proliferation of bot attacks driven by emerging and growth economies, a heightened risk from stolen identity credentials being used in identity spoofing attacks, and an evolution in mobile fraud.
However APAC also experiences notable pockets of growth in attacks, perhaps driven by the region’s diversity in terms of technological development and digital transformation. With a proliferation of new financial services initiatives - virtual banks, new mobile payment platforms, regulatory reform – sitting alongside a high proportion of end users who are new to transacting online, fraudsters potentially see room to exploit this changing landscape.
With fraudsters deploying automated bot attacks at scale, and increasingly using artificial intelligence to improve the success of attacks, the ability to better understand genuine customer behavior, and accurately differentiate this from a robot or a synthetic identity, becomes more pivotal than ever before.
It is clear from this complex and evolving battleground that single point solutions are unlikely to succeed in winning the war against cybercrime. Fraudsters are playing businesses at their own game; behaving like good customers, using AI to increase the success of attacks and employing global networks of machines and humans to launch attacks both at a network level, and on individual customer accounts.
A layered defense of fraud, identity and authentication capabilities, executable in real time, and across the entire customer journey, is the most robust solution to a growing problem. This relies on uniting world-class digital identity intelligence with physical identity and authentication capabilities that can help businesses meet regulatory requirements, streamline the customer experience and detect and block complex fraud.
CYBERCRIME REPORT
PAGE 21
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC Glossary
Industry TypesFinancial Services includes mobile banking, online banking, online money transfer, lending, brokerage, alternative payments and credit card issuance.
Fintech includes companies that use technology to make financial services more efficient with a purpose of disrupting incumbent financial systems and corporations that rely less on software.
E-commerce includes retail, airlines, travel, marketplaces, ticketing and digital goods businesses.
Media includes social networks, content streaming, gambling, gaming and online dating sites.
Common AttacksNew Account Creation Fraud: Using stolen, compromised or synthetic identities, typically through a spoofed location, to create a new account to access online services or obtain lines of credit.
Account Login Fraud: Attacks targeted at taking over user accounts using previously stolen credentials available in the wild or credentials compromised by malware or Man-in-the-Middle attacks.
Payments Fraud: Using stolen payment credentials to conduct illegal money transfers or online payments via alternative online payment methods such as direct deposit.
PercentagesTransaction Type Percentages are based on the number of transactions (account creation, account login and payments) from mobile devices and computers received and processed by the ThreatMetrix Digital Identity Network.
Attack Percentages are based on transactions identified as high risk and classified as attacks, by use case. Events identified as attacks are typically blocked or rejected automatically, in real time dependent on individual customer use cases.
Desktop Versus Mobile
Desktop Transactions are transactions that originate from a desktop device such as computer or laptop.
Desktop Attacks are attacks that target a transaction originating from a desktop device.
Mobile Transactions are transactions that originate from a handheld mobile device such as tablet or mobile phone. These include mobile browser and mobile app transactions.
Mobile Attacks are attacks that target transactions originating from a mobile device, whether browser or app-based.
Attack ExplanationsDevice Spoofing: Hackers delete and change browser settings in order to change their device identity or fingerprint, or attempt to appear to come from a victim’s device. ThreatMetrix patented cookieless device identification is able to detect returning visitors even when cookies are deleted or changes are made to browser settings. To differentiate between cybercriminals and legitimate customers who occasionally clear cookies, only high risk / high velocity cookie deletions (such as a high number of repeat visits per hour / day) are included in the analysis.
Identity Spoofing: Using a stolen identity, credit card or compromised username / password combination to attempt fraud or account takeover. Typically, identity spoofing is detected based on high velocity of identity usage for a given device, detecting the same device accessing multiple unrelated user accounts or unusual identity linkages and usage.
IP Address Spoofing: Cybercriminals use proxies to bypass traditional IP geolocation filters, and use IP spoofing techniques to evade velocity filters and blacklists. ThreatMetrix directly detects IP spoofing via both active and passive browser and network packet fingerprinting techniques.
Man-in-the-Browser (MitB) and Bot Detection: Man-in-the-browser attacks use sophisticated Trojans to steal login information and one-time-passwords (such as SMS out-of-band authentication messages) from a user’s browser. Bots are automated scripts that attempt to gain access to accounts with stolen credentials or create fake accounts and transactions.
Crimeware Tools: Crimeware refers to malware specifically designed to automate cybercrime. These tools help fraudsters create, customize and distribute malware to perpetrate identity theft through social engineering or technical stealth.
Low and Slow Bots: Refers to low frequency botnet attacks designed to evade rate and security control measures, and thus evade detection. These attacks use slow traffic that not only appears legitimate but also bypasses any triggers set around protocols and rules.
ThreatMetrix ID™ThreatMetrix ID is the technology that brings our Digital Identity Intelligence to life; helping businesses elevate fraud and authentication decisions from a device to a user level as well as unite offline behavior with online intelligence. ThreatMetrix ID has the following benefits:
• Bridges online and offline data elements for each transacting user• Goes beyond just device-based analysis and groups various other entities based on complex associations formed between events• Consistently identifies a person irrespective of changes in devices, locations or behavior. Intelligence from the Network helps accurately recognize the same returning user behind multiple devices, email addresses, physical addresses and account names.
CYBERCRIME REPORT
PAGE 22
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC Data Processed and Analyzed
From the 17B transactions processed in H2 2018, ThreatMetrix uses subsets to conduct detailed analysis.
Bot attacks and sophisticated attacks:
• ThreatMetrix differentiates between simple threats, like automated bots (2.8B) and human-initiated/sophisticated attacks (244M)
• For the sophisticated attacks, ThreatMetrix considers a subset of 10.3B of the 17B transactions - categorized as known sessions related to individual events.
• This excludes a variety of events; for example, high volume bot traffic (bad and good/tolerated bots, such as auction bots), events that failed to gather any digital intelligence due to unsuccessful profiling and customers with attack rates considered to be outliers.
• APAC statistics quoted in the report include the following countries: American Samoa, Australia, Bangladesh, Bhutan, Brunei, Cambodia, China, East Timor, Hong Kong, India, Indonesia, Japan, Laos, Macau, Malaysia, Maldives, Mongolia, Myanmar [Burma], Nepal, New Zealand, North Korea, Pakistan, Papua New Guinea, Philippines, Singapore, South Korea, Sri Lanka, Taiwan, Thailand, Vietnam. ROW statistics include other global countries.
CYBERCRIME REPORT
PAGE 23
Foreword
Overview
Regional Trends
Industry Trends
Mobile
Region Spotlight
Conclusion
APAC
Sales Telephone: +1 408 200 5700 Email: [email protected]
Support Telephone: +1 408 200 5754 +1 888 341 9377 Email: [email protected]
Partners Email: [email protected]
Public Relations Email: [email protected]
ThreatMetrix®, A LexisNexis® Risk Solutions Company, empowers the global economy to grow profitably and securely without compromise. With deep insight into 1.4 billion anonymized digital identities, ThreatMetrix ID™ delivers the intelligence behind 110 million daily authentication and trust decisions, to differentiate legitimate customers from fraudsters in real time. ThreatMetrix is recognized as the sole leader in the 2017 Forrester Wave for risk-based authentication.
For more information, or a demonstration of how the ThreatMetrix solution can work for your business, contact us at:
T +1 408.200.5755 F +1 408.200.5799
[email protected] www.threatmetrix.com
LexisNexis and the Knowledge Burst logo are registered trademarks of RELX Inc. ThreatMetrix and Digital Identity Network are registered trademarks of ThreatMetrix Inc. Copyright © 2019 LexisNexis.
Contact
