NuData Security Threat Intelligence Reveals Latest in Online Fraud

Trends Including Spike in Scripted Attacks

Online Fraud Detection Solutions Including User Behavioral Analysis

Provide an Antidote to Ever-Morphing Hacking Methods

VANCOUVER, British Columbia – March 31, 2015 – Threat intelligence from NuData Security, released today, provides insight into the latest trends surrounding online fraud. As fraud detection methods grow stronger, hackers are evolving to find newer, better, more sophisticated ways to commit online fraud. Much like a virus mutates in response to a vaccine, hackers are finding new ways of infiltration. Fraudsters are using increasingly sophisticated techniques to steal data and circumvent detection:

  • Account takeover is the new credit card fraud. Fraudsters are getting more sophisticated at hiding their location. Account takeover is rising to beat out credit card testing. Over the past ninety days, of all account transactions analyzed, 4% were high risk where only 2% of credit card transactions were identified as a fraudulent attempt.
  • Account takeover is becoming a preferred means of hijacking accounts containing cardholder data over the previously popular method of credit card testing, meaning fraudsters are attempting to steal valid user accounts as opposed to using lists of stolen credit card details.
  • There has been a 112 percent increase in sophisticated scripted attacks on logins intent on account takeover over the same time period in 2014.
  • The average retail attack will now only use an IP address two times before moving onto the next IP in an attempt to circumvent detection.
  • Breached accounts are rarely used for more than five purchases in an attempt to further avoid detection.
  • Fraudsters have begun matching IP addresses to billing addresses on the stolen credit cards being used.
  • Cloud-hosted solutions are being used for launching attacks more often than before with Amazon AWS, Choopa and SoftLayer being among the most common utilized.
  • Account takeover and new account creation attacks are more challenging to detect as compared to conventional fraud tactics.

The top browsers being used to commit fraudulent attacks include:

  • Internet Explorer versions 7.0, 8.0 and 11.0
  • Chrome
  • Mobile Safari
  • Firefox
  • Safari

The top operating systems used include:

  • Windows 7 and 8
  • Windows XP
  • Mac OSX – which has been on the rise in the past 90 days
  • Windows Vista

Ryan Wilk, director, customer success, NuData Security, said:

“Analyzing the information discovered from our NuData Cloud View, it is clear that attackers are rapidly evolving their methods to avoid detection. Fraud teams must be ever vigilant as fraudsters leverage account takeover over credit card cycling. Expecting consumers to maintain strong, non-reused passwords isn’t feasible, meaning ecommerce organizations shoulder an even larger responsibility to protect their brand and users. Being able to detect when and how fraudsters are utilizing stolen identity data is the key to this. Fortunately, this can be accomplished by harnessing the power of an online fraud detection solution with behavioral analysis capabilities, both conscious and subconscious.” 

About NuData Security NuData Security predicts and prevents online fraud, protecting businesses from brand damage and financial loss caused by fraudulent or malicious attacks. NuData Security analyzes and scores billions of users per year and services some of the largest ecommerce and Web properties around the globe. Additional information is available at: https://nudatasecurity.com/