As consumers and businesses increasingly use mobile devices for e-commerce, banking and other payment transactions, experts in the cybersecurity industry are being forced to shift their technology and tactics to better identify new methods being used to access vulnerable data.

A new report from ThreatMatrix showed that cybercriminals are increasingly targeting mobile as a means of attacking vulnerable endpoints, particularly in the banking space. The biannual report showed that attacks on mobile account logins have jumped 107 percent in just the prior six-month period, as financial services continues to grow as a primary target.

In the research, account logins showed the highest growth rate of all, as fraudsters are using brute force attacks,  bots, or stealth remote access attacks as methods to obtain account data.

The report shows that North American financial services firms saw a 48 percent increase in attack rates, a 116 percent increase in mobile transactions and a 35 percent increase in mobile attacks.

"Fraudsters are master manipulators, with constantly shifting tactics," Alisdair Faulkner, chief identity officer at LexisNexus Risk Solutions, which shares the same parent firm as ThreatMatrix, said in the report announcement.

"They adapt their attack patterns and modus operandi to take advantage of shifting consumer trends, evolving regulations and technological changes, always attempting to stay one pace ahead of business."

E-commerce sites continued to be a major source of fraudulent activity, ranging from card not present attacks as as as well as other forms of stealing user identity or accessing payment information.

E-Commerce fraud 

NuData, a unit of Mastercard, announced earlier this month that it had helped retailers detect more than a billion irregular activities during the holiday season. Retailers typically are vulnerable during holiday shopping periods as new customers access their e-commerce sites and user information has to be authenticated.

"The shopping frenzy becomes a perfect cover for fraudsters, who try and take advantage during this time of heightened activity, taking a chance that any irregular activity would go unnoticed," Chris Reid, executive vice president, cyber and intelligence services at Mastercard North America, said in an email.

He said the number of fraudulent card not present attempts rose 35 percent in the fourth quarter, compared with the year-ago period. The number of fraudulent purchase attempts rose about 20 percent during the holiday period 2018, compared with year-ago figures.

Enterprises vulnerable

CrowdStrike Inc. announced this week the launch of CrowdStrike Falcon, which it calls the first enterprise endpoint detection and response solution in the cybersecurity industry.

The technology is designed to hunt for malicious, unwanted or accidental threats found on mobile enterprise devices that can lead to the compromise of company data, which bad actors have increasingly targeted in order to steal identities and access sensitive financial data.

"The unique challenge with securing mobile is user privacy," Dan Larsen, vice president of product marketing at CrowdStrike, told Mobile Payments Today via email. "Many users own their own device and then choose to opt in to limited management by their employer so they can use enterprise email and apps on their device."

He said that employees are increasingly using apps like Slack, Salesforce and Workday on a daily basis and those apps often contain sensitive corporate data, but the existing security systems don’t have the ability to gain visibility into how that data is being used.

Cover photo: iStock