FRM杂谈丨移动终端主流化:网络风险随之增加
行业资讯 | 2019-04-08
67%的金融服务交易 —— 包括网上银行、汇款和股票交易 —— 目前均来自移动设备。根据身份安全公司(Identity Security)ThreatMetrix的数据,这一数字年度同比增长了13%。这一方面说明了移动设备的受欢迎度与日俱增,另一方面却引来了越来越多的网络骗子。
提供风险决策技术的ThreatMetrix的《网络犯罪报告》发现,与上半年相比,2018年下半年移动账户数量增长了107%,大部分的移动设备攻击者以账户登录信息为目标。
该报告分析了2018年下半年进行的170亿次数字交易,发现其中61%来自移动设备。ThreatMetrix公司是LexisNexis Risk Solutions的一部分,也是实时数字交易的认证方,因此它具有得天独厚的优势,能够分析40,000个网站上每日超过1.1亿笔交易。报告称,支付交易被攻击的占比较高,但此类交易的风险实际上同比下降了17%。
与此同时,在所有类型的计算机设备上,针对新注册金融账户交易的网络攻击在最近六个月内增长了35%,其中对移动交易的攻击增长了29%。》》更多金融证书相关问题点我咨询
复杂的安全对手
“Cyber criminals see more opportunity in new bank accounts that can be used to launder money or take out multiple loans,” says the report, adding that the uptick in account takeovers on the mobile channel is the most significant development for financial firms to watch as fraudsters seek immediate access to customer balances and personal credentials.
“Fraudsters are master manipulators, with constantly shifting tactics,” Alisdair Faulkner, a ThreatMetrix co-founder who is now chief identity officer of LexisNexis Risk Solutions, said in the March 5 survey announcement. “They adapt their attack patterns and modus operandi to take advantage of shifting customer trends, evolving regulations and technological changes, always attempting to stay one pace ahead of businesses. We see this through the way in which attack patterns evolve and morph over time.
WiFi并不安全
Understanding the mobile threat landscape in 2019, from mobile security provider Wandera, says that 43% of companies have at least one mobile device amongst employees with no lock screen; 57% of all enterprises have experienced a mobile phishing incident; and 70% of Wi-Fi sessions on employee mobile devices occur over an unsecure, unencrypted connection.
Similarly, in the February 2019 Mobile Security Report published by Pradeo, 91% of mobile devices used in enterprises were found to already have been connected to an unsecure public hotspot. In Pradeo's analysis of 3 million mobile applications and 500,000 devices, 82% of Android devices and 54% of iOS devices were outdated in the corporate environment, and therefore exposed.
Particularly unsettling is Wandera's finding about the number of mobile devices employed by enterprises that are connected to cryptojacking sites and apps. They are subject to takeover by hackers to secretly mine cryptocurrency. The number of enterprise mobile devices infected in this manner grew by 287% month-on-month in 2018.
移动网络风险具有地区差异
According to ThreatMetrix, cyber attack rates can vary by region.
In North America, financial services attack rates have grown 48% year-on-year, and 116% for mobile transactions specifically. By contrast, Asia has seen a drop in financial services attacks on logins and payment transactions in the last year, while new-account creation attacks have grown considerably. There was 78% growth in attacks year-on-year overall, and 105% on mobile new-account creation transactions.
ThreatMetrix also finds that the act of mobile tethering – using a cell phone, for example, as a modem to connect another device to the Internet – is often an indicator of fraud taking place in financial service transactions. Desktop transactions that are carried out with a mobile tether are 2.4 times more likely to be fraudulent than a transaction with a device connected via Wi-Fi or fixed-line broadband.
移动端优势
On a positive note, ThreatMetrix says that overall, mobile transactions are safer than those conducted via a desktop. The former make up 61% of the volume of transactions, but only 42% of the total attacks.
“As 2019 progresses, it is likely that trends seen in the latter half of 2018 will continue to evolve and add to the already complex cybercrime landscape,” the report says, adding that a trend to watch is the growing use of artificial intelligence by fraudsters, taking on the AI defenses of their targets.
One counter-measure, ThreatMatrix says, is to take a more layered approach to authentication. This may involve asking consumers to register data about the device they choose to use for financial transactions and then binding that information to their credentials and behavioral information.
“The onus is very much on businesses to deliver a strong customer authentication journey whilst also maintaining low-friction and unnecessary disruption of a user's login or payments journey,” ThreatMetrix concludes.
完善下表,48小时内查收全套FRM备考资料
.jpg)
.jpg)
FRM官方交流群:909308278(点击直接加群)
▎来源金程FRM,更多内容请关注微信号金程FRM。原创文章,欢迎分享,若需引用或转载请保留此处信息。
相关标签 FRM一级
