As Mobile Activity Grows, So Do Cyber Attacks

Sixty-seven percent of financial service transactions - including online banking, money transfers, and stock trades - now come from mobile devices. That has grown 13% year-over-year, according to identity-security company ThreatMetrix. It is a measure of not only the devices' popularity, but also a disturbingly fast-expanding target for cyber crooks.

ThreatMetrix found there was a 107% increase in mobile account takeovers in the second half of 2018, compared to the first half, with account logins attracting the greatest number of mobile attacks.

The data come from the ThreatMetrix Cybercrime Report, an analysis of 17 billion digital transactions that occurred in the second half of 2018, 61% of them originating from mobile devices. The firm, part of LexisNexis Risk Solutions, is a provider of risk decision technology and an authenticator of digital transactions in real time. In this capacity, it analyzes more than 110 million transactions per day across 40,000 websites.

Payment transactions experience the highest attack rate, the report said, though the risk to such transactions is actually decreasing 17% year-on-year.

At the same time, cyber attacks on new-account creations at financial institutions grew by 35% in the most recent six months for transactions occurring on all types of computer devices, and by 29% for mobile transactions.

Sophisticated Adversaries

“Cyber criminals see more opportunity in new bank accounts that can be used to launder money or take out multiple loans,” says the report, adding that the uptick in account takeovers on the mobile channel is the most significant development for financial firms to watch as fraudsters seek immediate access to customer balances and personal credentials.

“Fraudsters are master manipulators, with constantly shifting tactics,” Alisdair Faulkner, a ThreatMetrix co-founder who is now chief identity officer of LexisNexis Risk Solutions, said in the March 5 survey announcement. “They adapt their attack patterns and modus operandi to take advantage of shifting customer trends, evolving regulations and technological changes, always attempting to stay one pace ahead of businesses. We see this through the way in which attack patterns evolve and morph over time.

“Businesses must be able to piece together digital identity intelligence on a per-user basis” Faulkner continued, “so that departures from trusted customer behavior can be identified in near-real-time, before a transaction is processed and before fraudsters can operationalize new attack methods.”

Insecure Wi-Fi

ThreatMetrix's data and message are reinforced by other mobile security research.

Understanding the mobile threat landscape in 2019, from mobile security provider Wandera, says that 43% of companies have at least one mobile device amongst employees with no lock screen; 57% of all enterprises have experienced a mobile phishing incident; and 70% of Wi-Fi sessions on employee mobile devices occur over an unsecure, unencrypted connection.

Similarly, in the February 2019 Mobile Security Report published by Pradeo, 91% of mobile devices used in enterprises were found to already have been connected to an unsecure public hotspot. In Pradeo's analysis of 3 million mobile applications and 500,000 devices, 82% of Android devices and 54% of iOS devices were outdated in the corporate environment, and therefore exposed.

Particularly unsettling is Wandera's finding about the number of mobile devices employed by enterprises that are connected to cryptojacking sites and apps. They are subject to takeover by hackers to secretly mine cryptocurrency. The number of enterprise mobile devices infected in this manner grew by 287% month-on-month in 2018.

Regional Differences

According to ThreatMetrix, cyber attack rates can vary by region.

In North America, financial services attack rates have grown 48% year-on-year, and 116% for mobile transactions specifically. By contrast, Asia has seen a drop in financial services attacks on logins and payment transactions in the last year, while new-account creation attacks have grown considerably. There was 78% growth in attacks year-on-year overall, and 105% on mobile new-account creation transactions.

ThreatMetrix also finds that the act of mobile tethering - using a cell phone, for example, as a modem to connect another device to the Internet - is often an indicator of fraud taking place in financial service transactions. Desktop transactions that are carried out with a mobile tether are 2.4 times more likely to be fraudulent than a transaction with a device connected via Wi-Fi or fixed-line broadband.

Mobile Advantages

On a positive note, ThreatMetrix says that overall, mobile transactions are safer than those conducted via a desktop. The former make up 61% of the volume of transactions, but only 42% of the total attacks.

“This is in part due to the built-in security features of mobile operating systems and in particular, native mobile apps, making them harder to spoof or take over,” the report says. However, it also notes that fraudsters always go where the money is, and as more activity goes mobile, those types of attacks will only grow.

“As 2019 progresses, it is likely that trends seen in the latter half of 2018 will continue to evolve and add to the already complex cybercrime landscape,” the report says, adding that a trend to watch is the growing use of artificial intelligence by fraudsters, taking on the AI defenses of their targets.

One counter-measure, ThreatMatrix says, is to take a more layered approach to authentication. This may involve asking consumers to register data about the device they choose to use for financial transactions and then binding that information to their credentials and behavioral information.

“The onus is very much on businesses to deliver a strong customer authentication journey whilst also maintaining low-friction and unnecessary disruption of a user's login or payments journey,” ThreatMetrix concludes.

Katherine Heires is a freelance business journalist and founder of MediaKat llc.