Covid-19 has changed how cyber criminals operate, but maybe not in the way you think, according to a new report.
Over the past few months we have heard warnings from law enforcement agencies like the FBI and cybersecurity experts that bad actors have upped their activities in order to leverage the pandemic to their advantage.
However, new research from LexisNexis Risk Solutions suggests that things may not be that clear cut.
Having an analysed 22.5 billion transactions processed by the LexisNexis Digital Identity Network, the researchers found that the overall human-initiated attack rate dropped by 33% in the first half of 2020, just as the health crisis kicked off.
Breaking the data down into sectors, the researchers found a 23% decline in financial services and a 55% decline in e-commerce attack rates.
Nevertheless, the researchers warned that this is no time to be complacent about putting up digital defences.
“The move to digital, for both businesses and consumers, has been significant,” said said Rebekah Moody, director of fraud and identity at LexisNexis Risk Solutions. “Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry.
“We need to ensure that all consumers, especially those who might be new to digital, are protected. Businesses must arm themselves with a layered defence that can detect the full spectrum of possible attacks and is future-proofed against evolving threats.”
Elsewhere, the report noted that Europe, Middle East and Africa region (EMEA) saw lower overall attack rates in comparison to most other global regions from January through June 2020.
The researchers attributed this to a high volume of trusted login transactions across relatively mature mobile apps. The attack patterns in EMEA were also, on average, more benign and had less volatility and fewer spikes in attack rates.
That being said, it did note some notable exceptions such as a UK banking fraud network that saw more than $17m exposed to fraud across ten financial services organisations. This network alone consisted of 7,800 devices, 5,200 email addresses and 1,000 telephone numbers.
Along a similar note, the UK proved particularly problematic, with the highest volume of human-initiated cyberattacks originating in the country in EMEA. Germany and France came second and third in the region in that regard. The UK is also the second largest contributor to global bot attacks behind the US.
Overall, desktop transactions conducted from EMEA had a higher attack rate than the global average and automated bot attack volume grew 45% year over year.
Latin America experienced the highest attack rates of all regions globally and realised consistent growth in attack rates from March to June 2020. The attack patterns in North America and EMEA had less volatility and fewer spikes in attack rates from the six-month period observed.
“While the face of cybercrime will continue to re-shape to fit the growing global digital economy, the ability for businesses to reliably recognize good, trusted customers must remain constant,” said Stephen Topliss, vice president of fraud and identity at LexisNexis Risk Solutions. “We must identify and block fraudsters – whether opportunists or highly networked fraud rings – the moment they transact and knowledge sharing must be as pivotal to global businesses as it is to the cybercriminals that attack them.”
In the first half of 2020, the cybersecurity sector raised $2.2bn in total. However, the second quarter saw investment into the industry drop by 60% compared to the first quarter. The industry raised $700m between April and June, according to FinTech Global’s research.