Financial institutions (FIs) were being hit by sophisticated attacks… and then COVID happened. In March, one U.S. bank alone experienced almost 750K takeover attempts.
In 2019, 7,098 data breaches exposed over 15 billion user credentials, according to Risk Based Security, then skyrocketed to 8.4 billion users exposed in Q1 2020 – a 273% increase compared to Q1 2019. The stolen personally identifiable information (PII) is now available on the dark web for schemes such as account takeovers and credential stuffing attacks.
These are common schemes that all financial institutions experience. However, a new breed of refined attacks is growing into a dangerous threat to all banks operating online. This wave of attacks tricks most bot-detection tools into thinking they are human users instead of scripts by mimicking human behaviors, such as a slower typing speed, or other sophisticated techniques.
In a time when users increasingly rely on online services – and attacks are evolving – financial institutions have greater pressure to differentiate their good users from bad actors. Many FIs are benefiting from behavioral and passive biometrics tools that help businesses detect sophisticated attacks and protect customers.
Increased traffic during COVID-19 lockdowns
According to NuData analysts, customers interact with an average of three devices: a work computer, a home computer, and a mobile device. But they’ve noticed that during movement restrictions, there are significant behavioral changes taking place. Good users are logging in more often, creating new accounts, and making an unusual number of money transfers.
It is important to incorporate these variations into a machine learning model to maintain user verification accuracy. Static security tools that don’t look at user changes or lack machine learning capabilities can mistakenly flag behavioral deviations as fraud and block legitimate login or money transfer attempts. Organizations need tools that help them discern changing customer behavior to avoid false declines while mitigating fraudulent traffic.
Our eBook, Attacks are more sophisticated during COVID times – How to tell them apart with behavioral technologies, explores this delicate balance. With a threefold increase in sophisticated attacks in 2019, bad actors are focusing on quality attacks, investing more time in developing their scripts than deploying volume-driven basic attacks.
Aggregated high-risk traffic divided into sophisticated and basic attacks. Source: NuData
Within the NuData Trust Consortium, we constantly see sophisticated attacks attempting to access our clients’ environments. Some of these attack vectors go on for months before they realize they can’t permeate the security barrier and suddenly stop. Once they disappear from one platform, they often move on to another one hoping for better luck. As attack vectors move from platform to platform, financial institutions need to ensure their security will block the threat until it moves on – and the next one comes in.
How to mitigate these attacks
To mitigate these sophisticated attacks, companies need technologies that can look at traffic beyond static parameters such as location, IP, or attack velocity. While many business approaches focus on building more security barriers, these can block good users, too. A security approach with an invisible barrier can protect the good user’s experience and only makes itself perceptible to risky traffic.
Behavioral and passive biometrics tools enhance the collection of data for every event assessment and build a holistic view to discern if it is made by a human or bot without blocking legitimate customers. These technologies help financial institutions mitigate sophisticated threats targeting their environments, including credential stuffing, account takeover, and money-transfer fraud.
How one major bank stopped 750K sophisticated attacks
In March of 2020, a large U.S. bank was targeted by a slow but sophisticated attack vector that lasted weeks, with nearly 750K account takeover attempts. This sophisticated attack was hybrid, combining automation and human-driven work. When NuData flagged each event as a bot and triggered a challenge, the attacking script rerouted the request to a human worker to solve it. We stopped 99.6 percent of those attempts.