Expect intelligent, automated cyberattacks in 2019, experts warn

The Starwood Marriott security breach, which compromised 383 million guest records, represents a new wave of organized attacks against enterprise infrastructures, security analysts have stated. In previous interviews with The Green Sheet, experts at Recorded Future Inc., Uniken and Bluefin said advanced forms of authentication, data devaluation and multilayered security can protect companies and individuals against ever-present threats.

Philip Farah, digital transformation lead, global FI, at World Wide Technology, expects to see near-term growth in agile, cloud-based and "Infrastructure as Code" solutions. In a January 2019 blog post, titled "2019 Tech Trends for Financial Service Industry", Farah cited automation, security and cloud management as critical elements of digital transformation. Unfortunately, cybercriminals are also harnessing these capabilities, he noted.

"Financial organizations will continue to invest significantly in their cybersecurity capabilities, including the development of enterprise-wide end-to-end patching, further adoption of biometrics to replace traditional passwords, and wider implementation of zero-trust cybersecurity architectures across the organization," Farah wrote.

Four top threats in 2019

Frank Teruel, senior vice president and general manager at ThreatMetrix, a LexisNexis Risk Solutions company, observed that criminals are launching increasingly powerful and sophisticated attacks. New attack vectors, such as guessing, phishing, credential-stuffing, social engineering and mimicking, are difficult to detect and continually evolving, he noted.

Teruel cited these 4 dominant threats to digital and mobile infrastructures in 2019:

1. Fraud attacks against mobile banking and mobile-first consumers will escalate: Mobile financial service transactions have tripled over the last three years, studies have shown. Current data suggests that mobile attack rates will increase in 2019. "Fraudsters prey on the fact that mobile users have a very low tolerance for the friction typically associated with security controls," Teruel wrote. "Banks will need to walk a tightrope between appropriate protection and frictionless authentication to ensure their response is suitable for the mobile-first consumer."
2. Credential stuffing will lead to multiple high-profile data breaches: Bot attacks are using "low and slow" bots to mimic human behavior and counteract the deployment of technologies like behavioral biometrics that differentiate between legitimate customer log-ins and bots. "We predict that banks will see a continued assault as fraudsters seek to carry out mass credential stuffing attacks using bots, in order to mine breached accounts for sensitive personal data," noted Teruel. "In a very real sense, 2019 will be a year where the lines between network security, fraud, identity, and authentication issues become blurry."
3. Identity factories will hit peak production levels, using synthetic IDs to target banks and lenders: The disparity between the number of new identities added to the US credit system, compared to birth and immigration rates, underscores the growing use of synthetic identities. Teruel expects organizations to protect against this threat by investing in multilayered authentication technologies that use identity attributes in ways that cannot be synthesized. "We may look back next year and crown 2019 as the year of 'synthetic identities,'" Teruel surmised. "In our hunt for synthetic identities, we have seen an 800 percent increase in suspicious identities since 2012, and this trend will certainly accelerate in 2019."
4. The AI arms race will hit global fraud departments:
While the banking sector is deploying machine learning and AI to detect anomalies, fraudsters are also leveraging these increasingly pervasive and affordable technologies to launch stealthy and sophisticated fraud attacks.

Teruel predicts banks will double down on machine learning technology in 2019, adding, "Doing so is crucial in ensuring maximum protection of their customers' accounts with the lowest intervention rates, ensuring a digital and mobile banking experience that is both friction and fraud-free."

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.