Human-Looking Attacks Infiltrate FIs: NuData Security

Ninety-six percent of all cyberattacks on financial institutions during the first six months of 2020 were sophisticated attacks – those that are high-quality enough to resemble human behavior, according to a new report from NuData Security, a Mastercard company. This reflected the highest percentage of sophisticated attacks out of all industries analyzed and an increase from 90% during the same time period in 2019.

Unlike basic cyberattacks, which focus on high volume rather than quality and do not attempt to emulate human behavior, sophisticated cyberattacks often include human intervention, such as the solving of a CAPTCHA, and allow fraudsters to bypass common security layers such as bot detection tools, NuData explained. The industry with the second-highest percentage of sophisticated attacks from January to June 2020 was travel at 67%, an increase from 48% one year earlier.

“As companies get wise to fraudsters and improve their bot-detection tools, fraudsters are forced to find another way in and rely more on sophisticated attacks to help them access protected platforms,” the report stated.

NuData added that financial institution traffic remained stable during the first six months of the year, aside from a spike in mid-April, as consumers accessed their accounts following the first round of economic stimulus checks. “However, high-risk traffic has remained unchanged during the pandemic, highly focused on targeting financial institutions with large scale sophisticated attacks,” the company said. “This constant stream of attacks at institutions’ login placements underscores the need to protect every user endpoint continuously, regardless of the customer changes that may be happening in the online ecosystem.”

Another key finding from NuData’s “H1 2020 Fraud Risk Report” was a surge in attacks via mobile device, with high-risk mobile traffic growing by 55% in the first half of 2020. In addition, as consumers stayed home during the onset of the COVID-19 pandemic, NuData reported an uptick in account creation attacks against merchants, in which bad actors create fake accounts for fraudulent use.

“The growth in this type of attack is influenced by bad actors using new accounts to make fraudulent purchases with stolen card information or to buy sought-after and restricted goods at mass scale for later resale,” the report states. “In particular, from March to June, one in every two account creation attempts was flagged as high risk by the NuData platform.”

What’s more, the pandemic lockdown-triggered shopping practice of in-store pickup led to higher-value chargebacks in North America, according to the report. While the volume of chargebacks from purchases of goods shipped to consumers remained the highest, the average dollar value of chargebacks from goods picked up at stores grew the most – 124% in April compared to 36% in April for shipped goods.

The “H1 2020 Fraud Risk Report” was based on a NuData analysis of global online changes across the NuData network from Jan. 1 to June 30, 2020. The analysis was enriched by the NuData Trust Consortium, which gathers historical trends and trains machine learning models for attacker recognition and fraud prevention solutions, according to NuData.