Cyber-criminals have adapted their strategies by moving from desktops and laptops to mobile devices, launching attacks on apps, email and social networks where users increasingly spend their time.
In new research conducted by Easy Solutions, fraud experts identified the most recent and sophisticated cyber-attacks impacting companies, financial institutions and consumers worldwide this year.
Fraud experts analysed search-engine ad poisoning, social media attacks, rogue mobile apps, SWIFT network attacks, ransomware, credit card breaches, synthetic identity fraud, corporate email takeover and spear-phishing. Protection recommendations for organisations and their end-users have also been provided for future prevention.
Organisations that don't have any protection measures on their mobile applications are between four and nine times more likely to be attacked. The advice is to consistently monitor rogue app stores for any unauthorised applications that come up. Additionally, organisations whose applications have some kind of on-device threat analytics integrated into them are able to detect anywhere from four to nine times more potentially rogue applications than those that don't. Software development kits allow organisations that release mobile applications to incorporate protection directly into their apps, so it's transparent to end-users.
Organisations not using multi-factor authentication experience three times more phishing attacks on their web portals than those who do. The extra complexity required to launch an effective attack against a site protected by multi-factor authentication discourages less talented cyber-criminals, which lowers the overall incident volume and reduces the chances that end users will be affected.
There are more than 80 million fake profiles on Facebook, Twitter and Instagram, many of which are used to launch social media attacks. Instant response time to attacks is key since it allows mitigation to happen before any customers can fall victim.
Attacks launched through the SWIFT network facilitating communication between banks have resulted in millions of pounds in losses, which will likely continue. Multi-factor authentication is critical and the banks that use SWIFT would do well to reinforce usernames and passwords with extra authentication such as biometrics to prevent cyber-criminals from logging into the network in the future.
Ransomware attacks are rising in frequency across many different industries, producing major losses in data and revenue. Last year, the US FFIEC offered advice that any organisation can use to proactively mitigate the specific risks related to ransomware prior to when an attack takes place.
Credit card fraud has evolved to EMV chip-and-pin cards in the US where card-not-present fraud had spiked to new highs. Organisations can scour black market forums that sell stolen cards to see which cards have been compromised and cancel them before they can be used to carry out fraud as well as improving anomaly detection capabilities and developing more sophisticated tools for noticing fraud patterns and checks on IP, geolocation and transaction amount.
Stolen personal identifiable information (PII) has risen dramatically among cyber-criminals since it has become so easy to make money creating fake identities with it. Suspicious activity analysers can alert card issuers and financial institutions about the activity that is most likely to be fraud. Behavioural analytics can also flag any activity that looks strange and falls outside the customer's normal transaction routine for further scrutiny.
Four out of every five Google users click on sponsored AdWords links instead of the organic search results, and more than one-third don't even realise they're ads, enabling an increase in search engine ad poisoning attacks. Monitor the domain name servers (DNS) for any potential phishing sites that are mimicking copyrights and trademarks, and request they be taken down as soon as they appear. Rigorously monitor any keywords that customers may be using to search for your brand online, since cyber-criminals will most likely try to exploit them.
“As we move into 2017, the concept of digital trust will gain significant relevance as criminals are motivated to contaminate any type of digital interactions with banks and enterprises in pursuit of relevant information that will enable them to successfully launch and monetise fraudulent attacks. Organisations must be able to transparently deploy security and make it simple for users to integrate higher levels of protection into their online systems. It is these companies that will be the ones poised to make headlines for their business acumen, and not because they fell victim to the crafty tactics of fraud actors,” said Ricardo Villadiego, CEO of Easy Solutions.