Arkose Labs: Human-Originated cyber attacks on the rise

New data from Arkose Labs, a fraud deterrence platform, has revealed that Europe is seeing a noticeable spike in human attacks as the impact of the pandemic and job losses continues to take its toll. The latest insights report, which analyses data from seven billion sessions, has discovered an enormous 77% increase in human attacks, a surprising change in approach for cybercriminals given the already prolific nature of automated botnets.

Although bot attacks still remain the number one attacking vector in Europe (88.1%), human fraud is emerging as a new growth area and is fast on the rise.  This trend varied by industry with tech (40%) and media (32%) seeing the highest human-driven fraud. Human fraud also spiked in payment attacks on retail companies.

Humans vs. Bots: A notable change in pace

The more efficiently fraudsters can execute attacks, the higher the potential ROI, and Arkose Labs’ latest report logged a surge of large-scale bot attacks capitalising on the accelerated digital transformation across industries at high volume – mostly linked to the pandemic. This never-before-seen uptick in human attacks is something businesses are being urged to prepare for as we head into the latter half of the year.

While fraudsters still favour automation to deploy attacks cheaply, the volume of human-assisted attacks have increased dramatically over 77% since the second half of 2020. These types of attacks have been increasing the most in digital media (including social networks), gaming and tech industries. Areas of the world that have seen the greatest rise in human attacks are countries in Europe, North America, and Asia.

“Whether they are taking over existing user accounts, or creating fake accounts for a variety of purposes, fraudsters expertly disguise themselves as legitimate users to abuse and monetize digital accounts,” said Kevin Gosschalk, CEO and Co-Founder of Arkose Labs.

“Human-powered attacks have been notoriously low in the past but now are becoming a legitimate concern as fraudsters circumvent increasing bot prevention with mal-intended humans.”

This trend illustrates how important humans are to carrying out attacks. These are organised operations of workers that are deployed to attack at scale while keeping costs low and circumvent anti-bot defenses. This trend could also indicate that many of those who turned to fraud after sudden job losses during the pandemic may have found this new line of work was profitable and continued doing it.

“Organised fraud is fuelled by a complex shadow ecosystem, which provides the low-cost tools, data and resources needed to launch attacks on digital accounts and transactions at scale,” said Lizzie Clitheroe, UK Research Lead at Arkose Labs.

“Human labor is a vital component of this, and as the economic fallout of the pandemic continues, individuals are being actively recruited to help scale up attacks and bypass anti-bot defences.”

Social networks are a huge target

The latest fraud report also indicated that there was a large number of human-driven attacks from North America – primarily driven by attacks on social media companies. Humans are required to launch scams on these platforms, which they do by sending phishing messages or malicious links to good users seeking to place malware on their devices or extract sensitive information, which can then be resold at a large profit.

Smart devices aren’t so smart after all

Alongside this, the Arkose Labs report has found a rise in an insidious new trend of bad actors hijacking trusted IP addresses to carry out attacks, to help avoid detection. This has been made easier by the explosion of new IPs created in recent years due to a proliferation of smart devices and the IoT – such as smart baby monitors, smart TVs and home security devices.

Kevin Gosschalk continued, “The explosion of internet connected devices in homes over the last several years – including home security devices, virtual assistants and smart appliances – along with the enforced working from home mandate has provided fraudsters and other attackers with a plethora of new IPs to potentially hijack and misuse.”

He commented, “Cybercriminals can hijack IPs by rerouting Border Gateway Protocols( BGPs) which are the standard routing protocol of the internet. Those intent on large-scale cyberattacks can then use a network of these compromised devices to launch an attack against a website or series of websites.”

Credential stuffing attacks make up 5% of all digital traffic in the first half of 2021

The Arkose Labs network also detected and stopped 285 million credential stuffing attacks, with spikes upwards of 80 million in a single week. Considering it’s large-scale, low-cost deployment, it’s no surprise that credential stuffing made up 29% of all attacks. What’s troubling is how these attacks have blended into increased traffic volume and account for 5% of all digital traffic, even after going through traditional anti-bot defenses. That means 1 in every 20 account logins could be an attack mimicking a real user.

Credential stuffing continues to be a prevalent attack tactic for businesses to keep an eye on. Their low barrier to entry makes them easy to deploy and fraudsters can generate profits with one successful compromised account. Their volumetric approach can come on abruptly, quickly overloading servers and putting users and the user experience at risk.

Fraudsters use credential stuffing attacks to take over real user accounts, which they then monetize in a number of ways. These include draining compromised accounts of funds, stealing and reselling personal; data, selling lists of known verified username and password combinations and using the compromised accounts to launder money gained from other illegal enterprises.

 

To stay up to date on the latest, trends, innovations, people news and company updates within the global security market please register to receive our newsletter here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio

Tel: +44 (0) 1622 823 922
Email: editor@securitynewsdesk.com

Georgina Turner image

Georgina Turner

Sales Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Graphic displaying a lockdown solution

Netgenium debuts next gen display and touchscreen technologies

Power-over-Ethernet (PoE) solutions specialist Netgenium will be showcasing its new range of IP…

ICT® Launches New TSL Access Reader Series

Integrated Control Technology (ICT®), a leading manufacturer of intelligent access control and…
Image Provided by Paxton

Paxton Partners with Skills for Security

The security technology manufacturer Paxton is proud to announce a partnership with Skills for Security…
Image Provided by ICT

ICT and Ingram Micro sign distribution agreement MEA

Integrated Control Technology (ICT), award-winning global manufacturer of intelligent electronic access control and security solutions..
Image Provided by Toshiba

Toshiba launches new HDD Innovation Lab

Toshiba Electronics Europe GmbH (Toshiba) has inaugurated a new HDD Innovation Laboratory (HDD Innovation Lab) at its site in Düsseldorf..
Image Provided by Verkada

Verkada Doubles Down on the Channel with Strategic New Hire

Verkada, a leader in cloud-based physical security, today announced the appointment of Micah Deriso as Head of Global Channel…
Image Provided by IPSA

IPSA Appoint Frontline Hero as Ambassador

Abdullah, the courageous security officer praised for foiling a horrific knife attack at Leicester Square, has been appointed as…
Image Provided by Codelocks

New Surface Latch from Codelocks

Codelocks is expanding its Gate Solutions by Codelocks range with the introduction of the new Codelocks’ Surface Latch…
Image provided by Genetec

Nicholas Smith to Lead Genetec UK and Ireland Operations

Genetec, provider of enterprise physical security software, announced the appointment of Nicholas Smith as its new Regional Sales Director…

News Desk

View all the latest, product, project and people news

News Desk

Click Here

Technology News

Keep up-to-date with the latest product innovation

Technology News

Click Here

Industry Sectors

Discover technology in action in all applications

Industry Sectors

Click Here

Enter The Awards

Showcase personal or organisation excellence

Advertise With Us

Reach decision makers and amplify your marketing

Advertise With Us

Click Here
Scroll to Top