A new report released entitled The 2022 State of Fraud and Account Security, is warning UK commerce that it faces its most challenging year ever. Experts from the Arkose Labs Network, an online fraud deterrence platform, analysed over 150 billion transaction requests across 254 countries and territories in 2021 over 12 months to discover that there has been an 85% increase in login attacks and fake consumer account creation at businesses. Alongside this, it identified that a quarter (one in four) of new online accounts created were fake. A further 21% of all traffic was confirmed as a fraudulent cyber attack.
“From the earliest days of online information to the rapid evolution of today’s metaverses, the internet has come a long way. However, this latest data shows that it is more under attack than ever before,” said Arkose Labs Founder and CEO Kevin Gosschalk.
He continued: “Your digital identity is a currency for fraudsters and wherever there is online commerce, cybercriminals are quick to identify vulnerabilities.”
The new report focused on a number of key themes:
The Worst Attacked Sectors in the UK
The latest research took a deep dive into UK business specifically to understand which sectors were the most attacked by online criminals. The ongoing popularity of online gaming puts it top of the list for fraudsters with almost half (46%) of all the attacks in the UK, as seen by Arkose Labs. Digital media companies (social networks and online streaming platforms) are also high value targets and represent a third of all attacks, seeing an 88% increase since 2020. Across all sectors including e-commerce/retail, travel, gaming, financial services, one in every four new online accounts created were fake throughout 2021.
Metaverse companies are more likely to be targeted by “Master Fraudsters”
The rise of virtual worlds has created new attack opportunities for bad actors. Early insights from the Arkose Labs Network show scams, microtransaction abuse, and unfair play are the top threats in a metaverse world. These companies experienced 80 per cent more bot attacks and 40 per cent more human attacks than other businesses. “Master Fraudsters” attack their targets by scripting together multiple tools with intense persistence. They combine bots and human fraud farms, and invest large amounts of capital, creating virulent attacks. Top attack patterns Master Frauders use to disrupt fair commerce include microtransaction fraud, spam and scams.
Crypto-fraud sees Asia overtake Russia as the world-leading attacking region
In prior years, Russian attacks were more common, but in 2021, attackers from Asia took the top spot, with 40 percent of all attacks coming from this region. One in every two Asian attacks originated from China. Leveraging an ecosystem of tools and low-cost resources, two-thirds of Chinese attacks targeted registration, primarily driven by abusing free trials at cloud computing platforms for crypto mining.
Credential Stuffing attacks see a significant spike
Attacks are more volatile than ever. A single attack can consume nearly 80 per cent of traffic at peak periods, and in 2021, credential stuffing spikes hit up to 76 million per week. Attack rates doubled during peak season in November, making it the most dangerous month in 2021. Bots were used almost exclusively in Black November.
The Intelligent Bot
Attackers have continued to invest in increasingly sophisticated bots. Bots mimic human behaviour with a high degree of accuracy and in 2021 accounted for 86 per cent of all attacks. Today’s bot signatures are three times more complex than signatures of previous years. This level of sophistication makes it more difficult to assess risk and make accurate decisions. Businesses require even more sophisticated analysis to detect anomalies and prevent loss.