Brace for heightened fraud in 2021, experts warn

Shock reverberated nationwide on Dec. 13, 2020, when the Cybersecurity and Infrastructure Security Agency published an advisory detailing how cybercriminals—identified by U.S. National Security analysts as Russian state-sponsored cyber actors—had breached the highest levels of the U.S. government. Analysts, have said, however, that numerous cyber criminals are on the hunt, creating a new normal of heightened cyber assaults on businesses and governments alike.

The advanced persistent threat (APT) began in March 2020, when adversaries employed a series of tactics, techniques and procedures (TTP) to escape detection as they infiltrated numerous government departments.

"The adversary is using a complex network of IP addresses to obscure their activity, which can result in a detection opportunity referred to as 'impossible travel,'" CISA analysts wrote. "Impossible travel occurs when a user logs in from multiple IP addresses that are a significant geographic distance apart (i.e., a person could not realistically travel between the geographic locations of the two IP addresses during the time period between the logins)."

CISA analysts also detected "impossible tokens" that were neither linked to legitimate users nor used within their hour of issuance. These anomalies raised concerns among investigators that key personnel, IT email accounts and operational security agencies had been compromised. An alert, posted Dec. 21, 2020, called for increased operational security measures to ensure all staff members are sufficiently aware of "applicable handling caveats," CISA administrators stated.

Multiple vulnerabilities

A Dec. 7, 2020, bulletin from the U.S. National Security Agency, traced the APT to March 2020, when bad actors exploited vulnerabilities in VMware products. "Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware Access and VMware Manager products, allowing the actors access to protected data and abusing federated authentication," NSA analysts wrote, adding that VMware released a patch for the Command Injection Vulnerability on Dec. 3, 2020, approximately nine months after criminals had gained access to classified government departments and data.

CISA forensic investigators are pursuing evidence of initial access vectors in March 2020, when bad actors injected malware into SolarWinds, an enterprise network software suite used by select government agencies. The audit trail suggests the adversary may have more TTP and attack vectors to deploy, CISA stated.

Formidable enemy

CISA further noted that the attacker collected information from victim environments by "compromising the SAML signing certificate using their escalated Active Directory privileges." Key systems that use SAML include hosted email services, hosted business intelligence applications, travel systems, timecard systems and file storage services such as SharePoint, according to the CISA advisory.

Shelly Palmer, business consultant and technology advisor, published What You Should Know About the SolarWinds Hack, on Dec. 20, 2020, urging organizations to protect internet-facing systems. "A security system is only as secure as the third-party-provided FTE who writes their password on a Post-it note," Palmer wrote.

Palmer added that the high-profile cyberattack highlights the need for formal document classification. Implement cybersecurity protocols to protect the most sensitive documents, he stated, and buy cybersecurity insurance to cover the rest.

New normal fraud

On Dec. 15, 2020, Arkose Labs hosted a webinar titled 7 Top Fraud Trends in 2021 and Beyond. The session featured Johnny Ayers, founder and CEO at Socure and Kevin Gosschalk, founder and CEO at Arkose Labs, who made the following predictions:

• Trend 1: The long tail of COVID-19 has changed the digital world forever.

• Trend 2: New stars of the digital landscape will flourish in 2021.

• Trend 3: Businesses will rewrite customer engagement for a post-COVID world.

• Trend 4: Opportunity knocks: pandemic scams will continue into the new year.

• Trend 5: Vox Populi: social movements will create new businesses vulnerable to fraud.

• Trend 6: Evolving regulatory landscape will drive innovation.

• Trend 7: Heightened fraud attacks will be the new normal.

Ayers proposed that the digital world has created a complex, dynamic landscape for consumers and merchants as well as a potential goldmine for cybercriminals. "I think that you're going to continue to see these really creative phishing and social engineering attacks, just because there's a lot of unsuspecting government agencies and consumers," he said, adding that privacy regulations can make it more difficult for organizations to authenticate legitimate consumers.

Gosschalk agreed, stating, "[T]hat's a fascinating point: as consumers become more privacy centric, it makes the job of identifying bad people that much harder because it's that much easier for them to hide under the radar."

Gosschalk went on to say that as criminals continue to exploit vulnerabilities, individuals and organizations must evaluate their digital assets to determine which products or services present money-making opportunities to criminals. Then they can figure out how to remove the attacker's financial incentive, he stated.

Whether you want to upgrade your POS offerings, find a payment gateway partner, bone up on fintech regs or PCI requirements, find an upcoming trade show, read about faster payments, or discover the latest innovations in merchant acquiring, The Green Sheet is the resource for you. Since 1983, we've helped empower and connect payments professionals, starting with the merchant level salespeople who bring tailored payment acceptance and digital commerce tools, along with a host of other business services to merchants across the globe. The Green Sheet Inc. is also a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals.

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.