top of page
  • Writer's pictureRoy Urrico

Online Payment Fraud, Ransomware Rise Highlight Cybersecurity Reports

By Roy Urrico

Finopotamus aims to highlight white papers, surveys and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.

Reports from Juniper Research and NCC Group respectively warn of a dramatic rise in payment fraud and ransomware threats.

Online Payment Fraud to Exceed $362 Billion Globally Over Next 5 Years

A new study from Juniper Research forecasts that merchant losses from online payment fraud will exceed $362 billion globally between 2023 to 2028, with losses of $91 billion alone in 2028. A rise in e-commerce transactions in emerging markets is driving this growth. Merchants there are facing new threats, such as an increased use of artificial intelligence for attacks. Online payment fraud involves cybercriminals conducting false or illegal transactions online, using a number of different fraud strategies, such as phishing or account takeover.

“Online payments are a large target for fraudsters. This is due to the fact that there are millions of loopholes to exploit, such as card details being stored digitally for eCommerce. Since the pandemic, the e-commerce market has grown exponentially. Indeed, it is expected to rise to $7.95 trillion by 2027,” according to Juniper Research’s eCommerce Payments report.

The report confirmed online payment fraudsters typically take advantage of card not present types of payment, used for e-commerce because they require only the card details and are stored digitally. “However, it is also easier for fraudsters to get away with this, as it is harder for the seller to verify who is making the purchase. There are also alternative payment types, such as digital wallets and (BNPL) (buy now, pay later), which can be subject to ATO (Account Takeover) attempts,” revealed the report.

Source: Juniper Research.

As part of the study, Juniper Research released its latest “Competitor Leaderboard” for 2023, which ranked the top 21 fraud detection and prevention vendors, using criteria such as the relative size of their customer base, completeness of their solutions and their future business prospects.

The top five vendors for 2023, according to Juniper Research Competitor Leaderboard, are:

1. LexisNexis Risk Solutions.

2. Experian.

3. ACI Worldwide.

4. Visa.

5. FICO.

The study also found that the leading players scored well based on the breadth of their anti-fraud orchestration capabilities, as well as their use of artificial intelligence (AI) for analyzing trends in fraudster behavior. To stay ahead of the competition, the study stated, vendors must utilize data collected throughout the whole e-commerce process to further develop their fraud detection and prevention solutions through training and advancing AI models.

Research author Cara Malone remarked: “Fraud detection and prevention providers must educate their clients in the importance of data sharing, in order for the highest accuracy within their solutions. This is increasingly important with the growing use of AI, as it utilizes a variety of data to examine patterns within fraud, which is extremely advantageous in a space where fraudsters usually attack at scale, rather than attacking a specific customer.”

Ransomware Victims Spike 24% In May

United Kingdom-based security consulting firm NCC Group’s Threat Intelligence Report found that ransomware attacks are soaring, with 436 victims in May. The new figures represent a 24% surge compared to April's figure of 352 and a 56% increase compared to May 2022. The Industrials sector remains the most targeted of all for May, representing 131 (30%) of 436 attacks in May, as threat actors continue to target lucrative personally identifiable information (PII) and intellectual property (IP). Technology (15%) saw a 78% increase in attacks compared to April, with 66 victims, whilst consumer cyclicals (11%) was the target of 37 attacks. Within the tech sector, financial technology (fintech) and infrastructure represented less than a handful of attacks.

Top targeted sectors. Source: NCC Group.

The NCC Group’s report also pointed to the spike in total activity was driven, in part, by the emergence of 8base, a new ransomware player that employs extortion attacks against small and midsized businesses (SMBs). 8base was responsible for 15% of the attacks in May, as the group began releasing data from victims breached between April 2022 and May 2023.

8base publicized the data of 67 victims in May. Its attacks typically involved stealing and encrypting data, with more than half its victims (52%) operating in the Industrials sector. Lockbit 3.0 was responsible for 18% (78 victims) of the attacks in May and remains the most active threat actor in 2023, despite a 27% drop in attacks compared to April (107 victims).

Elsewhere, Akira, a threat actor first discovered in March, carried out 28 attacks – its highest on record and a 250% increase compared to April (6 victims). NCC Group’s Global Threat Intelligence team also monitored activity from new ransomware groups BlackSuit, MalasLocker and RAGroup.

By regions, in May 2023, North America was the target of over half (51%) of the monitored incidents, with 222 victims, followed by Europe (24%) with 106 victims. South America (8%) experienced a significant surge with 34 attacks, an 89% increase compared to April.

Other key findings include:

NCC Group's Global Threat Intelligence team also spotlighted two Android-based malware families known as Hook and ERMAC. Hook’s new features include streaming a victim's screen, the ability to take photos using their front facing camera, stealing of cookies related to Google login sessions, and support for stealing recovery seeds from additional cryptocurrency wallets.

Matt Hull, global head of Threat Intelligence at NCC Group, said: “We continue to see heightened levels of ransomware activity in 2023, as each passing month surpasses the volume of attacks witnessed during the same period in the previous year. Whilst Lockbit 3.0 continues to dominate as the most active threat actor, the emergence of new ransomware groups like 8base and Akira raises equal concerns and warrants attention.

Hull added, “Beyond this latest data, another noteworthy development this year has been the volume of attacks targeted towards high profile organizations, predominantly led by Russian-speaking threat actor Cl0p. It has led to greater public attention towards the evolving threat landscape, which contributes to a growing understanding of the severity and impact of ransomware incidents can have, and why organizations must be proactive in their cyber defenses.”

In other ransomware news, the Cybersecurity and Infrastructure Security Agency (CISA) teamed up with the FBI to offer a $10 million reward to anyone that can offer intelligence on the Cl0p ransomware gang. The group, a Russian gang that extorts its victims with threats of publishing private data, has racked up hundreds of victims, including agencies within the United States government itself.


bottom of page