Giant-Killer Fraudsters Are Climbing High Walls And Stealing Big Data
Breaches are getting bigger across industries, and no matter the arena, from crypto to retail and all points in between, attacks share similar hallmarks — incubating accounts, bot-powered scale, and sophisticated coordination. One can’t help but wonder; if giants like Amazon and Facebook are vulnerable, how do we keep anything safe?
This week, we read about a wide array of breaches and hacks, and while Mark Zuckerberg may have declared that “the future is private,” one can’t help but wonder whether privacy is genuinely attainable unless these giants get serious about adopting more comprehensive and transformational fraud management strategies.
From ZDNet, we learned of a 5 million-log leak this week that included credit card numbers, expiry dates and verification numbers in plain text:
And from Ars Technica, we learned of a new credential-stealing botnet that was able to breach three different antivirus software vendors:
Of course the big news this week was the theft of $40 million in bitcoin from Binance, widely considered the biggest cryptocurrency exchange in the world:
The company’s statement announcing the hack reads like a textbook description of modern fraud:
“The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used … The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time.”
Unfortunately for all that were impacted, the company’s strategies for managing the attack appear classically reactive:
“It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”
In a blog post earlier this week, we were talking about precisely these issues:
“It is by leveraging the power of machine learning that advanced fraud solutions are able to “learn” in real-time. This is the capability that makes it possible to reveal previously unknown fraud patterns — a quantum leap forward from reactive approaches and strictly rules-based systems that can only capture what’s already been previously discovered … legacy detection solutions are too easily outmaneuvered by increasingly sophisticated fraudsters armed with rapid-fire technologies and swarms of invasive bots. Simply detecting known fraud is not enough, and success means uncovering cleverly-disguised patterns and correlating seemingly disparate events.”
The ability for a fraudster to be patient is an emerging development of particular concern, as detection of potentially fraudulent activity and accounts gets exponentially more difficult the longer fraudsters incubate their armies. Proactive approaches such as DataVisor’s — powered by advanced AI and machine learning — can reveal these gathering storms, but as revealed this week by PaymentsSource, Amazon wasn’t equipped, and they paid a heavy price:
It’s been another insightful week in the world of fraud, and we continue to share the news, and advocate for the solutions. Please join us again next week for another edition of This Week in Fraud Trends!
