DataVisor Threat Blog:
Digital Fraud Trends for 2018 and Outlook for 2019
As global economies undergo a digital transformation, they offer a plethora of new opportunities to monetize from new channels of engagement that has opened the floodgates to not only digital organizations but also digital fraud. The overarching theme that stood out clearly in 2018 is how bad actors have continued to become sophisticated as they demonstrate their technology prowess through advanced attack patterns and evasion techniques. Whether it is masking attack origin by using cloud services or renting botnets, mirroring legitimate user activities to blend with the normal is the modus operandi of the relentless fraudster of today. The most recent DataVisor Fraud Index Report deconstructs the modern wave of malicious attacks that show no sign of melt down.
Continued momentum of a complex and diversified fraud
Throughout the year, the Fraud Index Report captured the well orchestrated nature of fraud and the increasing sophisticated nature of fraud attacks. These reports illustrate a wide spectrum of attacks across all industries varying in size, duration and sophistication. It highlights how fraudsters obtained access to the online service or platform, orchestrated fake/compromised accounts to evade detection and scaled the attack operation in order to be profitable. High sophistication attacks are 2.3x larger than low sophistication attacks potentially causing the most damage to the online service.
Three key findings from 2018 fraud reports:
- Coordinated attacks are an emerging trend in financial services sector.
We saw that fraud attacks on financial platforms are the most complicated: 56% of attacks on financial platforms are sophisticated, compared to 17% for ecommerce and 14% for social platforms.
- The dominant attack events on financial services were fraudulent transactions and changes to account information such as updating contact info or adding destination accounts for fund transfers and payments. These reports reaffirmed that fraudsters were getting better at masking the attack origin and their attack
- Cloud services were seen as a popular tool for fraudsters. They not only help mask the true origin of the fraudulent accounts as fraudsters try to remain anonymous and avoid IP blacklists, but also allowed fraudsters to easily orchestrate attacks at scale by taking advantage of the infrastructure of cloud services such as virtual servers. Nearly 22% of accounts originating from cloud service IP ranges appeared to be fraudulent, with malicious accounts being 8x more likely to use cloud services than normal users. Moving away from datacenters, fraudsters have become smarter purchasing IPs from advanced proxy services with residential and mobile IP ranges at their disposal.
The Future of Fraud Prevention
The past few years have seen the availability of big data infrastructure which got ready to enable collection and storage of data. We also saw a revolution in the computation paradigm that made processing of big data efficient. Additionally, there has been an increase in availability of more advanced machine learning algorithms that helped make value out of data. From the application perspective, the degree of ease to get to a solution has significantly increased. The gap to solving the business problem is definitely smaller, yet the gap is still present. DataVisor CEO, Yinglian Xie notes three key trends that will be seen in 2019.
#1 Convergence towards data intelligence
Solutions that address the continuously evolving digital attack landscape need to combine online data with real time computational power to provide meaningful signals specific to the problem they are solving. In the last few years, organizations have been focused on data collection and integrating input signals from different sources. In 2019, the emphasis will be on drawing inferences from this data to make more automated decisions with greater transparency. Particularly, when it comes to digital fraud and risk, the more domain specific the intelligence, the more effective the solutions are in not only detecting and preventing known and unknown threats but also in creating frictionless experience for the customers.
#2 Unsupervised Machine Learning will garner more attention
Looking at the evolution of AI algorithms, we will see unsupervised machine learning get more attention in 2019. Ultimately, it is not a silver bullet that solves everything and when everyone is more familiar with supervised machine learning, there’s less of a mystic view to it. There are limitations to what supervised machine learning can and cannot do. By nature, SML needs good quality labelled data to guide the machine to come up with an effective model to do more. The lack of good quality labels before an attack happens or as an attack is happening is a prolific problem in the anti-fraud domain. This is where unsupervised machine learning (UML) comes into play with its inherent benefits of detecting unknown fraud pattern in real time without requiring loss labels. We have seen demonstrated success with many use cases, and the adoption of unsupervised machine learning will increase in 2019.
#3 Fraud is not just a CRO issue
The record number of data breaches in recent years are fueling third party fraud and synthetic fraud. Open APIs are emerging as a new attack vector. Outdated APIs, when used on older versions of operating systems or apps are easy entry points for fraudsters, because older APIs may not be equipped with the latest detection capabilities like device fingerprinting, Geo or bio-signals, or may contain known software vulnerabilities. As in other areas of digital commerce and social forums, opening up of online transactions and other banking functionalities are offering more possibilities to fraudsters who are regulars at manipulating digital identifiers, such as email address, IP address or device information, and bypassing common authentication schemes including passwords, captchas, and second-factor. This underscores the need to mitigate fraud and risk with both system and application level security. So, we are likely to see more synergies between CISO and CRO organizations as they combine forces to address the broader spectrum of threats facing the organization.
Gartner predicts that by 2021, 50 percent of enterprises will have added UML to their fraud detection solution suites. With the onslaught of high profile fraud attacks, there is no doubt that fraud management teams will need to incorporate new AI and machine learning approaches to secure their technology architecture as they win the heart and mind of their valuable customers.