Digital Transactions Authoritative, insightful and timely information for payments professionals
Despite the number of data breaches during the third-quarter of 2024 declining 8% from the previous quarter, criminals are better armed than ever for carrying out these nefarious attacks, according to the Identity Theft Resource Center.
One factor making it easier for criminals to initiate a data breach is the emergence of new technologies that make it possible for anyone without any real technical skills or coding expertise to hack into a data base.
“If you can operate a mobile phone, you can operate these tools,” says James Lee, chief operating officer for the IRTC. “Just about anybody can be a data thief now.”
Another tool aiding hackers is artificial intelligence. AI can make phishing attacks in which criminals seek to obtain an individual’s log-in credentials more effective by creating more realistic pitches and eliminating spelling errors that tip consumers the message is a scam, Lee says.
Phishing attacks are typically used to gather an employee’s or individual consumer’s log-in credentials via email or text. Criminals then use those credentials to gain access to a server and launch an attack against a database.
“Automation helps criminals become more efficient in their attacks and AI is a tool that makes criminals more efficient through automation,” Lee says.
In addition to helping criminals create more convincing scams, it is helping them identify businesses and consumers more likely to be susceptible to scams, which improves the success rate.
“AI helps with targeting to identify potential victims that are more lucrative,” Lee adds. “Attacks affect fewer people, but the attacks are more effective.”
Other trends to emerge during the third quarter include the return of mega-data breaches that impact more than 100 million people and companies reporting multiple attacks.
Helping fuel the return of mega-data breaches is that the tactic creates more potential victims for criminals, even if the accounts hacked are not as lucrative on an individual basis. During the second quarter, for example, Ticketmaster Entertainment LLC was breached, affecting 560 million Ticketmaster accounts.
After gaining access to Ticketmaster accounts criminals would abscond with any tickets in the account and resell them. “Each sale is not a lot of money, by when you add up the volume of accounts, it makes Ticketmaster a worthwhile target,” Lee says.
The number of companies being hit multiple times is on the rise largely from better data sharing among criminals about which companies are vulnerable to an attack. In many cases, the attacks come is rapid succession, leaving the victimized company little time after being hacked to implement changes to guard against future attacks.
“We are seeing attacks follow one another by weeks, even days,” Lee says. “That makes it tough for companies [that have been hacked] to defend themselves.”
