Security & Fraud

Hackers Trade Identity Data Like Baseball Cards

Hackers Trade Identity Data

With major data breaches on the rise, it’s no surprise cybercriminals have access to more than enough compromised data. From a person’s payment information to their mother’s maiden name, hackers have everything they need to pose a legitimate customers and keep perpetrating fraud. In this week’s Hacker Tracker, we look at how identity information has quickly become a critical currency — being stolen, traded and resold at an alarming rate.

The latest ThreatMetrix Cybercrime Report revealed that as cyberattacks become more complex and widespread, fraudsters are trading the stolen identity of victims in order to fuel their malicious activities.

“Identity data is the critical currency for perpetrating online fraud. While attacks are multifaceted, global and ever evolving, they have a singular focus: stealing, validating, augmenting and selling identity credentials to make future attacks more lucrative,” explained Vanita Pandey, vice president of strategy and product marketing at ThreatMetrix. “Cybercrime is increasing — our latest statistics prove that —  but we can stay one step ahead with innovative approaches that derail fraudsters and strike the right balance between protecting businesses and minimizing friction for users.”

The digital identity company released its Q3 2016 Cybercrime Report, which shows that during the typically slow quarter roughly 130 million cyberattacks were thwarted in real time, representing a 40 percent increase compared to last year.

ThreatMetrix predicted a sharp increase in the number of cyberattacks targeting retailers as the holiday shopping season approaches, with an expectation that as many as 50 million cyberattacks could take place during a peak shopping week.


Cybercrime Follows The Light

Recent headlines and news have solidified the fact that hackers have a love for the Internet of Things. Connected devices are serving as a vulnerable entry point for hackers gain access to networks and launch massive cyberattacks. From WiFi hotspots to printers and unsecured routers to digital video recorders, hackers essentially have their pick of when looking to compromise unsuspecting IoT devices.

But the latest item on the “things hackers love” list seems to be smart lightbulbs.

A research study that showed that through smartbulbs, hackers were able to take full control and gain access to strobe LEDs to cause discomfort and seizures. With access to one compromised bulb, hackers can also easily gain access to all bulbs nearby within minutes, The New York Times reported.

The most troubling aspect isn’t just the compromised bulb itself, but the growing number of internet-connected devices in direct proximity that will be easily accessible from this vantage point. The researchers found they could infect a building with malware from driving a car within 229 feet. They also modeled the light distribution of Paris and found that an infection could spread across the 40-square-mile area with as few as 15,000 devices in place. These are some grim results.

The results underpin how important it is for connected device manufacturers to use advanced cryptographic techniques when securing even the simplest of tech. Even with Philips using standard industry measures, the researchers were able to hack lightbulbs only using “readily available equipment costing a few hundred dollars.” A small price to pay for potentially massive effects.


When Confidence Isn’t Key

Despite the rising threat of cybercrime and the increasing sophistication of hackers, many retail IT professionals are pretty confident in their abilities to identify and stop a cyberattack.

According to Tripwire, they may just be a little too confident.

A new study from the company analyzed the confidence of IT professionals regarding seven key security controls that need to be in place to quickly detect a cyberattack in progress. Seventy-one percent of retail respondents said they think they could detect configuration changes to devices on their organization’s network within hours.

However, just 51 percent actually knew exactly how long the process would take.

“The increased scrutiny of retail cybersecurity in the wake of major breaches has forced organizations to focus on securing their environments, yet these survey results show that there’s still a lot of room for improvement,” said Tim Erlin, senior director of IT security and risk strategy at Tripwire.

Just 43 percent of the respondents knew how long it would take for their vulnerability scanning systems to generate an alert if an unauthorized device was detected on their networks. Tripwire pointed to Verizon’s 2016 Data Breach Investigations Report, which found that 99 percent of successful system compromises occurred within hours and it took 79 percent of retailers weeks or longer to discover that a breach had even taken place.



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.

Click to comment