Botnets that mimic humans being used by cybercriminals to access accounts
Cybercriminals are using increasingly more advanced botnet attacks to raid online banking and shopping accounts. After buying stolen details on the dark web, fraudsters have started using massive automated attacks to verify usernames and passwords, allowing them to access accounts, according to Britain's National Crime Agency (NCA).
Among the top threats are Remote Access Trojans (RATS) aimed at both individual and company finances. Designed to look like legitimate software, they allow people to remotely monitor and take control of another computer, gaining access to confidential files and information.
Distributed denial of service (Ddos) attacks aimed at shutting down or disabling online functions during hacking attacks were also prevalent.
"These style of attacks can also attempt to mimic human-user behaviour, making them much more difficult to detect," an NCA spokesman told The Times newspaper.
"Fraudsters can create pitch-perfect attacks because they know so much about us," Vanita Pandey, a vice president at the cybersecurity company ThreatMetrix said in a statement last month.
The company, which authenticates transactions on behalf of 4,000 customers across the world, found that attacks had tripled to 264 million in the first quarter of 2016, compared with last year.
"Our normal lines of defence just aren't working," Pandey said, adding that the attacks are particularly hard to detect because they aren't always picked up by traditional measures.
Along with sophisticated attacks, ThreatMetrix, which analyses one billion transactions each month, reported that online businesses were inadvertently providing ways to anonymously test stolen payment credential, citing the example of "a series of $5 payments made with stolen credit cards targeting the charity sector".
The stark warnings lands in the wake of several high-profile cyberattacks on British companies in the last year.
In November 2015 telecoms giant TalkTalk suffered a security breach, which exposed the personal details of more than 150,000 customers.
A month before that Vodafone said that nearly 2,000 customer accounts had been accessed by hackers, potentially providing criminals with customers' names, mobile numbers, bank sort codes and the last four digits of their bank accounts.
In early 2015, hackers bombarded Carphone Warehouse with online traffic as a smokescreen while they stole the personal and banking details of 2.4m people.
Despite a seeming increase in the number of crimes, analysis of investigations involving the NCA's National Cyber Crime Unit over 2015 found the average age of suspects to be 17.
Research commissioned by the agency indicated that the majority of young people and their parents are not aware of what constitutes a cybercrime or the consequences of engaging in it.
Speaking at the launch of the #CyberChoices campaign in December 2015 Richard Jones, Head of the National Cyber Crime Unit's Prevent team said: "We know that simply criminalising young people cannot be the solution to this and so the campaign seeks to help motivate children to use their skills more positively."
He added: These individuals are really bright and have real potential to go on to exciting and fulfilling jobs. But by choosing the criminal path they can move from low level 'pranking' to higher level cybercrime quite quickly, sometimes without even considering that what they're doing is against the law."
© Copyright IBTimes 2024. All rights reserved.