Cyber attacks on emerging financial services firms and new online lenders rose significantly last year, netting hackers an estimated €9.37 billion, according to a report from internet security firm ThreatMetrix.
The company said cyber criminals are increasingly targeting FinTech businesses running alternative payment and lending models, looking to take advantage of security gaps in digital systems designed primarily with processing speed and agility in mind.
Criminals are increasingly looking to exploit time delays inherent in reporting loan agreements to credit bureaus, and using stolen identity credentials and device spoofing techniques to bypass complex application security procedures.
Hackers are also using bots to test stolen identity credentials en masse and infiltrate trusted user accounts, the report found.
ThreatMetrix, which monitors more than 20 billion online transactions every year, detected 80 million attacks on the financial sector using stolen of fake credentials over the course of last year.
One million attacks were targeted at online lenders alone, signalling a shift in cyber criminals’ focus to emerging internet loan firms. The report predicts this trend will continue throughout 2017 after attacks on alternative lenders leapt by 150% in the third quarter of last year.
Vice President of Strategy at ThreatMetrix Vanita Pandey commented: “Due to its surge in popularity, and fast transaction cycles, online lending has become a prime target for cybercriminals.
“Online lenders are under increasing pressure to adopt smarter authentication methods that leverage real-time, behaviour-based intelligence to accelerate genuine loans and prevent fraud.
“This is the only way to thrive in an increasingly competitive market.”
Cyber attacks against emerging lenders commonly originate from organised crime groups in countries such as Brazil, Egypt, Ghana, Jordan, Nigeria and Macedonia, ThreatMetrix found, confirming a trend which has seen emerging nations become major players in cyber fraud across all industries.
In the final quarter of 2016, ThreatMetrix witnessed a significant increase in attacks coming from emerging economies such as Bangladesh, Brazil, Cuba, Guadeloupe, Tunisia, Ukraine, Malaysia, Pakistan, Serbia, Morocco, Qatar. Identity spoofing is the leading attack vector in such economies, the company said.
Authorities in Europe and the US can often encounter problems disrupting cyber criminal gangs based overseas, allowing many to operate safe in the knowledge it will be unlikely they will be caught and brought to justice.
“The fact that developing nations are becoming bigger players in the online fraud game demonstrates the spread of breached identity data to countries across the globe,” Pandey said.
“One in four transactions on our network is now cross-border, illustrating a global village economy that’s continuing to take root. Global data breaches are making stolen identity data globally available via the dark web, and this information is traded by organised and networked crime rings.”
