pixel_dreams - Fotolia
A major financial institution is likely to be hit by significant cyber criminal activity in 2016, according to the latest ThreatMetrix Cybercrime Report.
Analysis of more than 15 billion transactions in the past 12 months by the ThreatMetrix Digital Identity Network revealed a 40% increase in cyber criminal activity targeting the financial sector.
A record 21 million fraud attacks and 45 million bot attacks were detected in the last three months of 2015 alone.
The data also shows that the financial sector is facing the highest number of organised attacks and multi-channel threats.
The biggest emerging threat for financial institutions is bot attacks, which increased 10 times in the last three months of 2015 compared with the previous quarter.
A worst-case attack scenario could see a major bank or financial institution completely paralysed for days, leading to millions – if not billions – of pounds of lost business, according to ThreatMetrix analysts.
“A trend in our latest report shows bot attacks as the biggest attack vector to financial businesses globally,” said Vanita Pandey, senior director of strategy and product marketing at ThreatMetrix.
“Bots and other sophisticated attacks, such as malware, have determined strategies to mimic the behaviour of authentic customers to bypass traditional security defences. This has serious implications for businesses across industries and geographies, as bots are difficult to detect and can cost billions in losses,” she said.
Online lending top target for hackers
In addition to bot attacks, other trends in the financial services industry include increased mobile usage and attacks targeting both online lending and alternative payments.
Online lending is seen as an easier way for the unbanked and under-banked to gain access to loans in a matter of days, and its increasing popularity is making it a top target for cyber criminals.
“While convenient for consumers and profitable for financial institutions, online lending presents a risk for new account creation fraud, as cyber criminals stand to profit from fraudulent loans and other financing,” said Stephen Topliss, vice-president of products at ThreatMetrix.
“Online lending is a hotbed for fraud because it is a less secure channel and an attractive target for attackers. They are also working with much faster transaction cycles than traditional lenders,” he said, adding that mobile also opens the door for the unbanked and under-banked to easily and conveniently gain access to loans from online institutions and small lenders.
Increase in e-commerce and mobile attacks
In the last three months of 2015, the ThreatMetrix Digital Identity Network detected and stopped approximately 58 million attacks on e-commerce merchants, preventing billions of pounds in potential fraud losses, as well as potential serious damage to brand reputation, the security firm said.
ThreatMetrix analysts said that as retailers look to build trust and long-term relationships with consumers, this has led to an increase in attempted log-in attacks, which are largely carried out by bots attempting to compromise consumers’ stored financial information. The challenge for retailers, said ThreatMetrix, is stopping bots while also avoiding “friction” in the online shopping experience for the customer.
According to ThreatMetrix statistics, mobile transaction volume reached a new high in the last quarter of 2015, up 200% compared with the same period the year before.
In addition, more than 350 million mobile devices were added to the ThreatMetrix Digital Identity Network in 2015, mainly due to mobile application downloads across industries.
This growth makes mobile an attractive target for cyber criminals, who use stolen identities and compromised devices from major data breaches to their advantage for financial gain, according to analysts.
“With mobile transactions at an all-time high, so are the attacks targeting mobile. Digital businesses must do everything in their power to prevent these attacks,” said Pandey.
“Global shared intelligence and a multi-layered approach to cyber security enable businesses to detect and stop mobile bot attacks, malware, device spoofing, jailbroken devices, rooting and other associated risks,” she said.
Digital world must stay ahead of cyber criminals
The data also shows that consumers are becoming more comfortable using multiple devices to access online accounts. In the last quarter of 2015, more users than ever before accessed their bank accounts, made payments, streamed content and created accounts using their connected devices, moving seamlessly between devices, such as tablets and smartphones.
“We now live in a digital-first world and will continue to see consumers turning to online channels and mobile devices for shopping, banking and other transactions,” said Topliss.
“With such a high volume of connected consumers and devices, cyber criminals now have access to endless personally identifiable information at their fingertips. Businesses need to take a digital-first, holistic approach to cyber security to stay one step ahead of fraudsters,” he said.
According to Topliss, businesses can use the power of digital identities and shared intelligence to analyse the connection between devices, locations and anonymised personal information to build a unified risk assessment across all digital channels.
Read more about cyber attacks on the financial sector
- DDoS is most common cyber attack on financial institutions.
- Hackers target global financial institutions and payment systems with Dridex malware, with UK losses estimated at £20m, warns the National Crime agency.
- The requirement for financial services businesses to maintain real-time connection to the global economy impairs security precautions, says Websense.
- Most financial institutions cite cyber threats as a top five risk, the latest Systemic Risk Barometer Study shows.