Security issues are everywhere, and it seems not a day goes by without another large breach making the front page of your favorite website. As long as it's financially advantageous, bad actors will continue to attack companies and individuals in an attempt to make money.
Today, Arkose Labs released a report that provides a lot of insights into what is happening in the world of cyber crime. The most striking piece is the fact that many cyber criminals are taking their strategies and selling them on the Dark Web as "fraud-as-a-service" offerings to so-called "rookies", who then turn around and make over $20,000 a month. While that sounds like a lot, the kingpins are actually raking in over $600,000 a month.
All of these attacks are also taking a toll on businesses. For example, some businesses are reporting that up to 35% of all network traffic they're seeing is actually related to fraud. This ties into the use of attack bots, where currently 25% of new accounts created are actually fake. According to the report, bot traffic grew by 25% from Q4 2021 to Q1 2022.
Another interesting tidbit is that roughly 33% of sessions on social media and dating sites were actually attackers. Scams are so rampant that many government entities have details on how to spot them.
Gamers aren't in the clear either, as there have been 2.5 times more attacks against gaming sites in Q1 2022 compared to the previous quarter, and fake account registrations have increased 86%. Attacks on gamers include spam, scans, and account takeovers, so remember to enable multi-factor authentication on your gaming accounts as they're valuable. Back in 2015, over 77,000 accounts a month were compromised, and that number is probably increasing.
Some other highlights of the report:
- 20% of attacks originate in North America, and 40% originate in Asia
- 90% of human attacks in 2022 targeted communication channels in gaming, dating, and tech
- On the flip side, 97% of fintech attacks were bots
- Credential stuffing, phishing, and mass fake accounts are the top attack types
Although the report doesn't provide details on how to stay safer, Neowin recommends the following:
- Enable MFA: If any service offers multi-factor authentication (MFA), enable it. That way, even if an attacker steals your username and password, they won't be able to get in without the second factor. Be careful because some attackers will call you and ask you for the code after they login!
- Be suspicious: Beware of strangers asking you for information about yourself. In addition, be careful when sexting with someone you don't know, as that person may be attempting to blackmail you.
- Update your computer: Make sure you keep your operating system and browsers up to date.
- Use different passwords: Never use the same password on multiple sites so that if one password is leaked, the attackers won't be able to use a password stuffing attack to get access to other accounts on the Internet. A password manager can be helpful here.
There's a lot of other good tidbits in the report, so if you're interested in the topic, we recommend taking a look.