China continues to cement its reputation as a global epicentre of online crime, with new analysis blaming Chinese and Russian hackers for most of this year’s attacks, and Chinese cybercriminals driving a 60 percent surge in Black Friday weekend fraud over the last two years.
Fully 63 percent of online retail transactions were completed using a mobile phone over the four-day shopping weekend and suspected online retail fraud increased 29 percent compared with a year ago, according to new research from TransUnion fraud-detection subsidiary Iovation that also found that suspected e-commerce fraud had increased by 60 percent since 2017.
The figures validated concerns identified in TransUnion’s recent 2019 Holiday Retail Fraud Survey, in which 46 percent of surveyed consumers said they were concerned with being victimised by fraudsters this holiday season.
Fully 25 percent of Black Friday purchases were suspected of being fraudulent, as were 21 percent of Cyber Monday purchases – compared with 19 percent and 17 percent, respectively, on the intervening Saturday and Sunday.
The most common source of suspected fraudulent traffic was China, which was flagged as the source of 57 percent of suspected fraud – equal with the Central African Republic (57 percent) and handily ahead of Lebanon (45 percent).
Mobile phones were used in 63 percent of suspected fraudulent transactions, suggesting that fraud levels were consistent regardless of the channel used for holiday shopping.
Cybercrime mirrors changing geopolitical landscape
The high representation of Chinese fraud actors mirrors the findings of VMware Carbon Black’s recent Global Incident Response Threat Report, which named China as the world’s second most-prolific instigator of cyber attacks this year.
Some 18 percent of documented attacks could be traced back to the country, the security specialist firm found in naming Russia – responsible for 29 percent of attacks – topping the list and North America North Korea, Brazil and Iran trailing China.
“The axis of evil in cyberspace is alive and well,” VMware Carbon Black head cybersecurity strategist Tom Kellermann said.
Some 90 percent of attacks were executed for financial gain, the analysis found – “a sharp increase” from the 61 percent of such attacks in the first half of 2019 and in earlier years, when theft of intellectual property and customer information were the primary goals.
Security firm Palo Alto Networks’ Unit 42 cybersecurity threat team recently flagged a single Chinese threat actor, which it called PKPLUG, as a key instigator of a broad range of cyber attacks that have been previously attributed to other groups.
Several key indicators pointed to the increasing sophistication and maliciousness of threat actors during 2019, with the VMware Carbon Black report noting custom malware was used in 41 percent of attacks – up from 33 percent at the beginning of the year – and destructive attacks up 10 percent to comprise 41 percent of attacks. ‘Island hopping’ – jumping between vulnerable intermediaries to reach the ultimate victim – was noted in 41 percent of attacks, up 5 percent since the beginning of this year.
“Advanced hacking capabilities and services for sale on the dark web compound the issue, as does an unprecedented collaboration among nation-states,” the analysis noted. “These realities pose a tremendous risk to targets with decentralised systems protecting high-value assets, including money, intellectual property and state secrets.”