The SEC warned of attacks on client credentials in the fall of 2020, one of the trends that today’s columnist, Stephen Topliss of LexisNexis Risk Solutions, says has continued in 2021, along with automated attacks to steal identities and brute force attacks to access accounts. (Credit: Getty Images)

The rate of digital transformation continues to accelerate across the globe thanks to the pandemic, opening new avenues for fraudsters to exploit. Consumer behavior has evolved, and attack methods and targets are evolving right along with it. A prime example has been the digital shift that occurred post-lockdown. More people are transacting digitally than ever before. This poses an ongoing challenge to fraud and risk models, which are not generally built to adjust to such significant shifts in behavioral patterns.

This shift has wide-ranging impacts on individuals and businesses. Well-established digital organizations are likely less at risk or less targeted by criminals than new-to-digital services. Businesses are also having to shift focus to stopping fraudulent account access in recent months, in addition to their on-going focus of trying to detect the use of stolen or fake identities being used to create new accounts. This means that all organizations offering online services need to ensure they are tightening the net used to catch fraudulent activity and prevent unauthorized account access.

Patterns to watch in cybercrime

Our latest Cybercrime Report indicates that cybercriminals have increasingly focused on automated attacks during the pandemic, which generally test stolen identity, credentials data or use brute force to access accounts. Based on the success of these tests, human-initiated attacks follow, which leads to actual fraudulent activity. According to global data examined within the LexisNexis Digital Identity Network in the first half of 2021, these final human-initiated attacks have declined 29%, suggesting that there may be some restrictions on certain types of fraud or the fraudsters themselves during the pandemic. Human-initiated attacks could start to rise again in the coming months, especially as automated testing continues in preparation of these human-initiated attacks. Unauthorized account access attempts are likely to rise as well.

Identity and access management (IAM) solutions have historically focused on single or multi-factor authentication to prevent unauthorized access. While multi-factor authentication works, it’s not impenetrable – especially as we see scams becoming more and more prevalent. This especially has become the case when scammers convince good users to reveal their access details or one-time passwords. Some IAM vendors are now embedding digital intelligence technology into their offerings. This offers a further zero-trust layer of defense, based on analysis of anomalies in digital intelligence which can reveal situations where multi-factor authentication is compromised.

The tipping point

Over the last 18 months, we have seen good consumer transactions in the digital space far outpace any growth in fraud when most of the world’s population moved online. Some parts of the world have seen the acceleration of digital transformation bring a wealth of new digital services online, while established digital economies have seen rapid growth of alternative payment methods such as buy now, pay later.

I can argue that cybercriminals have been busy just like everyone else, assessing weaknesses and new opportunities to commit fraud. Fraudsters targeted many government-led, pandemic-related stimulus initiatives early on, but as these come to an end, cybercriminals will look for their next targets. Why should they target established, digitally-mature organizations with complex layers of defense when there are a range of new digital services out there with limited experience in dealing with cybercriminals?

Automated processes are often easy to track, but we see more and more examples of “low and slow” bots specifically designed to pass under the radar of traditional bot detection solutions, which generally have simple, static rules based on high-volume attacks reaching certain thresholds. Larger fraud networks are easier to track in theory especially if companies can use anonymized global shared intelligence to identify them. It’s important to comply with all privacy regulations around the world at the same time. While many regulations consider the ability to share certain data to prevent criminal activity, organizations often choose to take very conservative approaches to any ambiguous language in these regulations, meaning that data does not always get shared. If we are to keep one step ahead of the fraudsters, we really do need a network of gathered intelligence to fight criminal networks.

The outlook moving forward

Our Cybercrime Report reveals clear correlations between cybercrime trends and the pandemic that hit the world in early 2020. Even now, we see significant uncertainty with where the pandemic will head, with different parts of the world in varying stages of vaccination programs, restrictions on movement, and infection rates. As mentioned at the start, cybercriminals have also been impacted by the pandemic and we know that they have accelerated their automated testing of stolen or breached consumer identity data. We expect an increase in fraudulent activity in the digital space over the coming months, especially as regions emerge from restrictions. The big question: Whether organizations have the flexible layers of defense in place to respond successfully? We think with the right planning and strategic thinking, they can.

Stephen Topliss, vice president of fraud and identity strategy, LexisNexis Risk Solutions