UK retailers should be on their guard and ready to face more potential cyberattacks this Christmas according to ThreatMetrix®, The Digital Identity Company™. Recent data, revealed today by ThreatMetrix in their Q3 Cybercrime Report*, indicates that 2015 is likely to be known as the biggest ‘Cybercriminal Christmas’ so far. The report reveals the latest trends across the global threat landscape and is created from data and analysis from the ThreatMetrix® Digital Identity Network, which currently analyses more than a billion transactions across the globe every month.
Over the last 90 days, ThreatMetrix detected a huge 45 million attempted attacks specifically targeting online retailers, representing a 25 percent leap from the previous quarter. This data strongly indicates that the final quarter of the year, in the run up to the festive period, is likely to see more attacks on online business than ever before.
UK retailers could lose millions this Christmas:
The major shopping days between now and Christmas, including Black Friday on 27th November through to Cyber Monday on 30th November, are expected to become a particular target for online criminals. According to analysts at IMRG, Black Friday will become the first ever £1billion shopping day in the UK (compared with £810 million last year) with consumers spending £12,384 every second. The pressure on retailers is likely to continue right up to the January sales. Last year, ThreatMetrix saw 11.4 million fraudulent transaction attempts during the peak holiday shopping period and this year it is expected to be double the volume driven by the continued growth of digital commerce and the aftermath of the numerous breaches. This would represent millions in potential losses for UK business.
“Generally, the third quarter is a slower time for businesses as consumers anticipate spending money during the Christmas and New Year shopping season, but this year it yielded record numbers in attack attempts. The size, complexity and frequency of the attacks targeting businesses is growing driven by the multiple data breaches that have compromised the traditional identity sources, including the TalkTalk and Carphone Warehouse both being huge hacks that were widely covered in the UK,” said Vanita Pandey, senior director, strategy and product marketing at ThreatMetrix. “The ultimate victims are the consumers whose digital identities are increasingly compromised with each subsequent breaches. Cybercriminals don’t sleep when it comes to attacks – the majority of the attempts we saw were in the e-commerce space and retailers must stay on their toes when it comes to protecting digital identities during what is sure to be the largest digital season to date for online and mobile transactions.”
These attacks were detected during real-time analysis and interdiction of fraudulent online payments, logins and new account registrations. E-commerce transactions consist of the following percentages and risks:
- 78 percent of transactions were account logins, with 5 percent high risk
- 21 percent of transactions were payments, with 3.2 percent high risk
- 1 percent of transactions were account creations, with nearly 7 percent high risk
In terms of cybercrime techniques, fraudsters are using bots and botnets to run massive identity testing sessions in order to penetrate fraud defenses.
“Botnets are the new data breach threat, as opposed to Advanced Persistent Threats (APT), which attack the network from the inside out; botnet breaches are targeting the outside-in via digital identities,” said Pandey. “We see very high daily traffic at leading retailers due to low frequency attacks using botnets designed to evade rate and security control measures and thus detection.”
Mobile Usage increase by 50 Percent and Digital Identities become new global currency
Mobile usage has also increased at particularly a rather high rate in the recent months – more than 50 percent from this time last year. This trend is only expected to continue as devices become more widespread and smartphones more prolific.
“As consumers increasingly turn to mobile devices often to make purchases on the move, they’re leaving digital footprints for the cybercriminals to exploit,” said Pandey. “The main concern we stress with our society’s mobile-dependence is being aware of your online persona – how much information you share online and where you share it – as seemingly unrelated data can provide very important insight into a person’s digital identity.”
As businesses become more dependent on digital identification to interact and transact with their customers, organisations that store personal data have become a prime target for hackers and cybercriminals. Every time a major online organisation is breached, more fragments of digital information are leaked that further enable cybercriminals to stitch together aspects of a customer’s digital persona.
Top Digital Nations are Top Attack Originators
Cybercrime is a global phenomenon with fraudsters targeting businesses in countries that have the highest online and mobile penetration. The report notes that the top digital nations are the big attack originators. Three of the top five attack originators are from Western Europe – Germany, France and the United Kingdom – which also continues to be one of the most targeted attack destinations. The United States is one of the biggest players in cyber fraud origination, as well as a key target for attackers worldwide.
To learn more, download the “ThreatMetrix Cybercrime Report: Q3 2015” eBook here.
* The ThreatMetrix® Cybercrime Report: Q3 2015 examines cybercrime attacks detected by the ThreatMetrix® Digital Identity Network (The Network) from July to September. These attacks were detected during real-time analysis and interdiction of fraudulent online payments, logins and new account registrations.