Finally, we’re being attacked by zombies.
After years of being inundated with pop cultural representations of undead hordes tormenting the living in countless movies, books and that inexplicably popular television show (and its spinoff) that’s like “Groundhog Day” without (intentional) laughs or a functional narrative (and on which no character has ever referred to a zombie as a “zombie” because, we’re to assume, that wouldn’t be “classy”?), the real world is finally being confronted by the scourge.
Technically, the zombies we are faced with are not flesh and blood (or maybe just flesh; zombies don’t necessarily have blood in their veins) — they’re actually computers. But the colloquial term for a botnet is a “zombie army” … and that’s pretty much where the fun and games end regarding this very serious topic.
A botnet is created when a fraudster takes over a person’s computer without their knowledge (each time establishing a “bot”), linking it to one different hijacked computer after another until the “net” is established.
Now having full control of his botnet, the cybercriminal utilizes the system of computers — all with unwitting owners — as a means to enact nefarious behaviors across the Internet. These activities can range from the mildly annoying — such as spam — to the far more dangerous — such as viruses and denial of service attacks.
In this new world plagued by digital zombie armies, online merchants and consumers are particularly at risk, as PYMNTS lays out in the latest edition of the Global Fraud Attack Index.
In the application of botnets to attack transactions — including, but certainly not limited to, on point-of-sale devices — in 2015, cybercriminals hit just about every eCommerce vertical, save for food and beverage, at a rate never before seen.
Digital goods were, perhaps unsurprisingly, a prime target, given the inherent nature of those transactions being immediate, with no physical merchandise to track en route (and attempt to recover if the fraud is spotted early enough). By the end of last year, botnet-originated fraud in the digital goods space affected 6.2 percent of all transaction dollars, while all other forms of attack combined in the vertical only accounted for 1.6 percent.
The next biggest rise in eCommerce botnet attacks last year occurred in luxury goods, where the activity nearly doubled from 31 attacks per 1,000 transactions in Q1 to 60 attacks per 1,000 transactions in Q4.
A potentially misleading aspect of botnet attacks, at least in 2015, is that while they were the most common method of online fraud during the year (they also gained ground in the vertical of clothing and footwear) — accounting for 83 percent of all attacks — they also primarily targeted low dollar-value transactions.
Given, therefore, that botnets do not currently present a particularly high degree of risk on a per-transaction monetary basis compared to forms of attack that go after big-ticket transactions, some in the industry may be tempted to regard botnets with a lesser degree of concern than they do other, more established (and more familiar) types of attacks, such as account takeover and identity theft.
However, just because botnets primarily stick to the low-hanging (i.e., low-cost) fruit in eCommerce transactions, that’s certainly no reason to sleep on them.
As the growth of EMV adoption in the U.S. continues to push (according to certain analyses) fraud from offline to online, botnets are, by their very nature, in prime position to further entrench themselves across all of eCommerce, with the fraudster at the helm of each network hiding safely behind the computers of legitimate consumers, unaware that their devices are being used to do his nefarious bidding.
As is the case regarding so many elements of the ever-evolving business of cybercrime, industry awareness of the botnet problem will be paramount in fighting back against it.
Otherwise, we could be looking at a potential near future in which these digital zombie armies are devouring increasingly larger amounts of eCommerce dollars across the board.
Among other bad news, that possible outcome could form the basis for yet another uninspired zombie movie or TV shows that the world simply does not need.