With 2016 in the rear-view mirror, it’s time to take a look at the malware industry and see how it evolved, which trends have emerged, the strategies fraudsters are using and what we can expect in the year 2017.
Malware Trends in 2016
2016 saw the rise of a number of different types of cybersecurity attacks. Remote administration tool (RAT) attacks saw exponential growth over previous years, according to research presented in Biocatch’s webinar titled, “Global Trends in Online Fraud: 2016 Year in Review.”
One of the main reasons for the increase in RAT attacks is because of the difficulty in detecting them using traditional means, especially in the financial sector. RAT attacks use system-level remote access tools that are commonly used by system administrators or help desk personnel to render technical assistance. As a result, because a RAT attack originates from the customer’s device and uses non-trojan, system-level software, such attacks bypass traditional anti-malware techniques.
The one cybersecurity tool that consistently demonstrated the ability to thwart such attacks was behavioral biometrics. In one international bank transfer attempt in 2016, for example, a fraudster had gained access to a client machine via a RAT attack. Ultimately though, behavioral biometrics flagged the transfer attempt as fraudulent based on the anomalous way the fraudster was interacting with the user’s device via the RAT.
In the accompanying infographic, the green dots on the right side of the first image show that the legitimate user mainly relied on the scroll bars along the right side of the screen, whereas in the second image the red dots show that the fraudster preferred using the mouse scroll wheel to accomplish the same tasks. The biometric analysis also showed that the fraudster used the Caps Lock key rather than the Shift key, as the legitimate user did.
In addition to RAT attacks, voice phishing (vishing), account takeovers (ATO), refund attacks and mobile banking fraud are just a few of the methods that also saw increased use in 2016.
What to Expect in 2017
As 2017 marches on, many of these attack methods will only grow in popularity. In particular, RAT attacks have proven to be a very reliable and successful way to bypass more traditional means of security and will no doubt continue to grow in use until behavioral biometric security is more widely adopted.
Changes in various industries, such as open API banking in the financial sector, will open up increasing avenues of attack. 2016 saw a rise in aggregator attacks, namely attacks on services that allow users to access multiple services through a single aggregator like Mint.com, for example. As these services increase in popularity among consumers, they will also increase in popularity as high-reward targets for fraudsters, especially in the financial industry.
Social engineering, one of the oldest methods of attack in fraudsters’ arsenals, will also see continued growth in 2017.
Learn More in Our Free Webinar
To learn more about the threats, both old and new, that played a role in 2016, as well as more detailed information about what to expect in 2017, subscribe to the BioCatch Webinar Channel.