Digital Transactions Authoritative, insightful and timely information for payments professionals
Monthly global ransomware attacks hit an all-time high in March, totaling 460. That’s a 62% increase from the same period a year earlier, and a 91% increase from the prior month, according to the fall edition of Visa Inc.’s 2023 Biannual Threats Report.
Leading causes for ransomware attacks are criminals exploiting vulnerabilities in cyber defenses (36%) and compromised credentials (29%).
One trend to emerge is that ransomware attackers and related threat actors do not always target payment data specifically but will instead compromise any data accessible during their attacks, including payment data or personal identifiable information, the report says.
Enumeration attacks, which occur when criminals gain access to Web applications through brute-force tactics—such as using consumer credentials exposed in previous breaches or social-engineering scams to attempt access to other Web sites and applications where users may have used the same login information—increased 40% from January to June, compared to the previous six months.
Online merchants are favored targets for cyber attackers, accounting for 58% of total fraud and breach investigations during the reporting period, compared to 20% for brick and mortar merchants.
Favored scams used by cybercriminals include setting up spoofed or fake merchant Web sites that steal consumers’ payment-account information by pretending to accept orders and not fulfilling them. Many consumers fall prey to these scams through Web searches, according to Visa.
Another scam on the rise is the creation of so-called flash-fraud merchants, in which criminals establish a legitimate merchant, process a small number of legitimate payments to establish credibility with processors, then submit a large number of fraudulent transactions, often using stolen payment-account data. Once payment for the fraudulent transaction is received, the criminal folds his tent and vanishes.
In related news, HTML attachments make up 50% of the file types being used for email-borne malware attachments in the hospitality industry, according to a report from Trustwave Holdings Inc.’s SpiderLabs security team. HTML file attachments are being used in phishing schemes to facilitate credential theft and the delivery of malware through what’s known as HTML Smuggling, a new attack technique that helps criminals “smuggle” encoded malicious script embedded in an HTML attachment or Web page.
In addition, brute-force attacks launched to obtain credentials accounted for 26% of all reported fraud-threat incidents in the hospitality industry, according to the report.
“With unique considerations, such as the adoption of contactless technology and the steady turnover of customers and employees, the hospitality industry faces a complex security landscape with distinct challenges,” Kory Daniels, Trustwave’s chief information security officer, says in a statement. “In an industry where guest satisfaction and reputation are paramount, staying secure while offering cutting-edge technology is a delicate balancing act.”
