Hacker Tracker: DataVisor’s Global Insight Into Online Fraud

While the fraud ecosystem continues to rapidly develop and advance, big data may prove itself to be a strong weapon in combatting fraud.

With that thought in mind, DataVisor set off on a mission to harness and analyze that could potentially detect fraud and protect billions of users around the world.

The result of that effort is the company’s inaugural DataVisor Online Fraud Report, which analyzed more than 1 billion user accounts and 50 million malicious accounts to gain insights into what really makes fraudsters today tick.

From the latest trends in the ecosystem to the most coveted attack techniques, Ting-Fang Yen, research scientist at DataVisor, joined this week’s Hacker Tracker to share the findings uncovered by this massive data sample.

Here is an excerpt of the conversation.

PYMNTS: What was the motivation behind starting the DataVisor Online Fraud report? What did you hope to reveal through the research?

TY: Our main objective behind the report was to provide an in-depth analysis of the attack tools and techniques fraudsters use to create armies of fake accounts and evade detection. By analyzing the anatomy of a fraud attack — from what devices were used to launch the attack, what email services were used to register accounts, what infrastructure was used and how many fake accounts were created, to how long the accounts were deliberately aged — we wanted to provide a fuller picture of the characteristics of a typical fraudulent attack campaign. Ultimately, we wanted to help to inform and empower the community in our common fight against fraud and abuse.

PYMNTS: What role does Big Data play in detecting and mitigating fraud?

TY: Big Data technology makes it possible to use more advanced algorithms to analyze billions of events together. DataVisor’s Unsupervised Machine Learning Engine detects groups of malicious users by linking them together by a variety of shared attributes. This is not only effective at capturing entire fraudulent attack campaigns, but it also has the byproduct of creating an extremely rich array of telemetry signals that we studied to provide insight presented in this report.

PYMNTS: What are some of the most dangerous attack technique trends being used by cybercriminals today?

TY: Fraudsters are becoming increasingly sophisticated. The most dangerous attack techniques are those that allow the fraudulent accounts to blend in with normal users and remain undetected. For example, some fake accounts perform normal user activities such as logging in, updating a profile, following other users, etc., for months or even years before being used in an attack. This technique of aging fake accounts can make the malicious accounts appear very similar to other users and evade detection.

Another dangerous attack is account takeover (ATO). What makes ATO attacks so dangerous is that they target accounts that are created by real users. Unlike mass-registered fake accounts, they contain valuable information such as financial data, and their activities are less likely to raise the suspicion of security solutions.

PYMNTS: What was the most surprising takeaway from the report results?

TY: It was surprising to see so many fraudulent accounts being hosted on the cloud — 18 percent of user accounts hosted on the cloud are fraudulent. Regardless of the type of attack — whether it is to perform spam attacks, ad fraud or fraudulent transactions — we are seeing the cloud being used as proxies to hide their actual network location. In some cases, more than 90 percent of accounts originating from a cloud service are fraudulent.

PYMNTS: What’s next in online fraud? How do you think the fraud ecosystem will change over the coming years?

TY: Fraudsters know that detection is getting better, so they are doing whatever it takes to look like real users, beyond just using a convincing email to register or real-sounding name. Their behaviors are changing as well. For example, in addition to launching attacks from cloud services, they can also leverage botnets of compromised machines or IoT devices to make the attack operation appear distributed. The fraudulent accounts can perform advanced engagement on the service (such as making legitimate purchases) and telling real and fake users apart becomes even more of a challenge. As they get smarter, our detection must become smarter as well.

. . . . . . . . . . . . . . . . 

Here’s a glimpse at some of other cybersecurity news updates from this week …

Password Sharing With A Phone Tilt

According to cyber experts at Newcastle University, the number of motion and orientation sensors built inside most mobile devices today may be putting passwords at risk of exposure. In fact, the team of researchers were able to guess four-digit PINs within an accuracy of 70 percent by using the movement and the positioning of the device, Android Authority reported. Every movement made on the smartphones and tablets in the market today — including tapping, scrolling and long-pressing — results in a unique way that the device is held. This, researchers noted, is what can be monitored by hackers through sensors and then enable them to compromise data on the device.

Selfie Authentication Combats Tax Fraud

The Alabama Department of Revenue (ADR) and identity company MorphoTrust USA are teaming up to put a dent in tax fraud and theft by adding an additional layer of authentication security into the mix. The duo is set to launch a pilot program that leverages MorphoTrust’s electronic ID (eID), testing the digital identity credential for residents filing state tax refunds during the 2016 season. MorphoTrust’s eID works via mobile app. Users register to receive a credential and verify their identity with a photo of their driver’s license and by taking a selfie. The app compares this information against the driver’s license database record. If it’s a match, the user obtains the credential and is able to prove their identity online.

Hackers Hit UK Payday Lender

This week, Wonga notified roughly 270,000 of its customers — more than 240,000 in the U.K. and another 25,000 in Poland — that their information may be at risk after a data breach that was discovered the previous week. In a statement on its website, the company confirmed that it doesn’t believe customers’ Wonga account passwords were compromised in the breach, but it does suggest that if a user has concerns, they should reset their password. Wonga also identified the security precautions its customers should take, which include alerting their banks and staying vigilant about unusual account activity.