Despite a 37% growth in global digital transaction volume on year, the region recorded a 33% lower human-initiated attack rate.
In the first half of this year, the Asia-Pacific region (APAC) saw higher cyberattacks rates than the global average, 3% compared to 1.4% globally. Attack rates also grew during both April and May, with a large spike in June through an identity-spoofing bot attack from the Philippines targeting a payment gateway.
However, attack rates in APAC declined across all channels year over year. The only exception was a 9% growth in automated bot attacks in the region, although this growth is still lower than the global average of 13%. H1 2020 saw strong transaction volume growth compared to 2019 but with an overall decline in global attack volume. This was likely linked to growth in genuine customer activity due to changing consumer habits.
These are some of the findings of a half-yearly Cybercrime Report by information analytics firm LexisNexis Risk Solutions. In the report, which tracks global cybercrime activity from January 2020 through June 2020, APAC continued to experience higher cyberattacks rates than North America or Europe, the Middle East and Africa (EMEA).
Significant bot activity was observed from Japan, India and Australia—they now rank fifth, seventh and eighth respectively as some of the largest originators of automated bot attacks by volume globally. Japan appears to be a particular hotspot: The country recorded the largest growth in bot-attack originations year over year and is now one of the top 10 largest contributors to human-initiated cyberattacks by volume.
The report asserts that hyper-connected, networked fraud continued to be a key feature of the attacks in H1 2020. In Australian, groups of fraudsters targeted the financial services, e-commerce and media sectors. This single network consisted of 2,400 devices, 3,700 email addresses and 1,500 telephone numbers, and at least US$800,000 was exposed to fraud across the entire network.
Notable global findings
The research group’s network recorded a 33% decline year-over-year, in the overall human-initiated attack rate. The breakdown by sector shows a 23% decline in financial services and a 55% decline in e-commerce attack rates.
Latin America experienced the highest attack rates of all regions globally and realized consistent growth in attack rates from March to June 2020. The attack patterns in the U.S., Canada and EMEA had less volatility and fewer spikes in attack rates during the six-month period observed.
- Non-human attack vectors
Media was the only industry that recorded an overall year-over-year growth in human-initiated cyberattacks. There was a 3% increase solely across mobile browser transactions. Globally, automated bots remained a key attack vector in the networks studied. Financial services organizations experienced a surge in automated bot attacks and continued to experience more bot attacks than any other industry.
- Online transactions
New account creations saw attacks at a higher rate than any other transaction type in the online customer journey. However, the largest volume of attacks targeted online payments. Login transactions saw the largest drop in attack rate in comparison to other use cases.
- Pandemic-linked threats
The report cites all industries being affected by the COVID-19 pandemic. There were clear peaks and troughs in transaction volumes coinciding with global lockdown periods. Financial services organizations realized a growth in new-to-digital banking users, a changing geographical footprint from previously well-traveled consumers, and a reduction in the number of devices used per customer. There have also been several attacks targeting banks offering COVID-19-related loans.
E-commerce merchants saw an increase in digital payments and several other key attack typologies that coincided with lockdown periods. These included account takeover attacks using identity spoofing and more first-party chargeback fraud.
According to Rebekah Moody, Director of Fraud and Identity, LexisNexis Risk Solutions: “This is the first Cybercrime Report to include data on the new reality of conducting business during a pandemic. The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: government support packages, new lines of credit or media companies with fewer barriers to entry. We need to ensure that all consumers, especially those who might be new to digital, are protected. Businesses must arm themselves with a layered defense that can detect the full spectrum of possible attacks and is future-proofed against evolving threats.”
Adding to this, Moody’s counterpart Cameron Church said: “Fraudsters remain masters of disguise. They operate alone and in highly-connected groups to build up huge networks of cross-industry and regional fraud. This is a particularly acute issue in APAC, where we see the highest global cyberattacks rates.”
Church said fraudsters need to be identified and blocked, the moment they transact. “Knowledge sharing must be as pivotal to global businesses as it is to the cybercriminals who attack them.”