Human-driven fraud attacks are up almost 90 percent as fraudsters are utilizing so-called “sweatshop” style resources to augment crimes. This is according to a new report from Arkose Labs.
“While automated attacks are still common, the notable rise in human-driven attacks is attributed to fraudsters leveraging sweatshop-like workers to enhance attacks,” said Arkose in a summary of the findings. Sweatshop resources are typically large groups of low-paid workers who carry out launch attacks or make fraudulent transactions at scale on behalf of fraudsters.
The research analyzed more than 1.3 billion transactions spanning account registrations, logins and payments across the financial services, e-commerce, travel, social media, gaming and entertainment sectors from October through December 2019. Arkose said they observed a massive spike over just six months and noted the attack patterns were felt across geographies and industries.
Sweatshop-driven attack levels increased during high online traffic periods as fraudsters attempted to blend in with legitimate traffic, with peak attack levels 50 percent higher than Q2 of 2019.
The key countries where human-driven attacks originated included Venezuela, Vietnam, Thailand, India and Ukraine. Attacks from the Philippines, Russia and Ukraine almost tripled, according to Arkose.
“Notable shifts are occurring in today’s threat landscape, with fraudsters no longer looking to make a quick buck and instead opting to play the long game, implementing multi-step attacks that don’t initially reveal their fraudulent intent,” said Kevin Gosschalk, CEO of Arkose Labs. “Fraudsters are increasingly augmenting their attacks by outsourcing activity to human sweatshop resources, causing a surge in fraud within certain industries such as online gaming and social media.”
Social Media, Online Gaming Both Ripe for Attacks
The research found an upswing in human-driven attacks on social media platforms. Both account registrations and login attack volumes increased. In fact, two in every five login attempts and one in every five new account registrations were fraudulent. The human versus automated attack mix also rose, with more than 50 percent of social media login attacks being human-driven.
“The elevated rate of human-driven login attacks is supported by organized sweatshops, with fraudsters attempting to hack into legitimate users’ accounts to manipulate or steal credentials and disseminate spam,” said Vanita Pandey, vice president of marketing and strategy at Arkose Labs.
Online gaming platforms are also a hot target for fraud, said Arkose. Gaming fraud saw increasingly sophisticated attacks as fraudsters leveraged gaming applications to use stolen payment methods, steal in-game assets, abuse the auction houses and spread malicious content.
Arkose said fraudsters are using bots to build online gaming account profiles and sell accounts with higher levels and assets, while also targeting online currencies used within select games. The report found that online gaming attack rates grew 25 percent last quarter, with most of the growth coming from human-driven attacks on new account registrations and logins.