Pandemic sees ‘bot’ cyber-attacks on financial services increase
16 Sep 2020
The number of human-initiated cyber attacks declined during the Covid-19 pandemic, but there has been an increase in automated ‘bot ‘attacks targeting financial services organisations, according to research by LexisNexis
16 Sep 2020
Its analysis of global cybercrime activity from January to June this year indicates strong transaction volume growth compared to 2019, but an overall decline in global attack volume. LexisNexis says this is indicative of changing consumer habits, as more people made purchases and handled other activities online because of difficulties accessing their usual services.
The report analysed more than 22.5bn transactions processed by the LexisNexis digital identity network, a 37% growth year on year.
This shows mobile device transactions continued to rise, with 66% of all transactions coming from mobile devices in the first half of 2020, up from 20% in early 2015.
The Europe, Middle East and Africa region (EMEA) saw lower overall attack rates in comparison to most other global regions, due to a high volume of trusted login transactions across relatively mature mobile apps.
Latin America experienced the highest attack rates of all regions globally and realized consistent growth in attack rates from March to June 2020.
The UK saw the highest volume of human-initiated cyberattacks in EMEA, with Germany and France second and third. The UK is also the second largest contributor to global bot attacks behind the US.
The report identified 5.2bn transactions in the UK during the period, an 18% increase on the previous year. Of these 84% are mobile which is a growth of 4%.
There were 9.7m human-initiated attacks, a drop of 39%, but bot attacks grew 19% to 103m.
Overall, the attack rate in the UK was 50% down on the previous year. LexisNexis said there was a high volume of financial services login transactions from customers in the UK. This contributes to a large proportion of mobile transactions and a low corresponding attack rate given many of the logins come from trusted, returning users.
The overall human-initiated attack rate identified in the study fell through the first half of 2020, showing a 33% decline year over year. The breakdown by sector shows a 23% decline in financial services and a 55% decline in e-commerce attack rates.
Globally, automated bots remained a key threat, and during the pandemic financial services organisations experienced a surge in automated bot attacks and continue to experience more bot attacks than any other industry.
LexisNexis said new account creations see attacks at a higher rate than any other transaction type in the online customer journey. However, the largest volume of attacks targets online payments. Login transactions have seen the biggest drop in attack rate in comparison.
Rebekah Moody, director of fraud and identity at LexisNexis Risk Solutions, said: ‘This is the first LexisNexis Risk Solutions Cybercrime Report to include data on the new reality of conducting business during a pandemic,
‘The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation.
‘Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry.
‘Businesses must arm themselves with a layered defence that can detect the full spectrum of possible attacks and is future-proofed against evolving threats.’