While the volume of mobile bot traffic isn’t anywhere near the volume of traditional desktop bots, new research from ThreatMetrix found that the industry should keep an eye out for mobile bot attacks this year.
According to the newly released H2 2018 Cybercrime Report, “The Network processed 17 billion transactions during H2 2018, with 61% originating from a mobile device.” As more users move to mobile for their transactions, fraudsters are following suit.
“We have seen a growth in mobile attack volume, and it is definitely one to watch over the next year. If we look at mobile banking or payments, this is where the transaction patterns are going, and attackers are heading in the same direction,” said Rebekah Moody, director, fraud and identity, LexisNexis Risk Solutions.
Whether it’s being used by the business or the bad actor, technology has been a great enabler. The report found that fraudsters are using real customer data to leverage machine learning algorithms and generate pitch-perfect social engineering attacks. Additionally, malicious actors are using AI-driven malicious chat bots to dupe customers into sharing personal information.
“It’s easier for businesses to know their customer and protect their customer, but those same capabilities become much more realizable for the fraudsters who are also able to scale up some of those technologies and become much more optimal in the way that they harvest data,” said Michael Yeardley, senior director, fraud and identity, ThreatMetrix.
As technology evolves, investment comes from both attackers and defenders. Because cyber-criminals are using the same technologies, it’s all the more important for businesses to ensure that machine learning algorithms actually point to legitimate customer. Companies need to understand the patterns and behaviors of their customers, and there are more data points available to them to identify what looks like a genuine and authentic customer, Yeardley said.
The report also found that the same fraudsters are operating across different organizations within the same industry but also across different industries. “Network attacks need a network view. It takes a network to fight a network,” Moody said.