State of internet crime in Q1 2022: Bot traffic on the rise, and more

According to this cybersecurity outfit that wants your business, anyway


The fraud industry, in some respects, grew in the first quarter of the year, with crooks putting more human resources into some attacks while increasingly relying on bots to carry out things like credential stuffing and fake account creation.

That's according to Arkose Labs, which claimed in its latest State of Fraud and Account Security report that one in four online accounts created in Q1 2022 were fake and used for fraud, scams, and the like.

The biz, which touts device and network defense software, said it came to this conclusion after analyzing "billions of sessions ... across our global network" during the first three months of the year. These sessions apparently spanned account registrations, logins, and interactions with financial, ecommerce, travel, social media, gaming, and entertainment services. Take all these numbers with a grain of salt as ultimately Arkose wants you to buy its stuff to prevent all this kind of crime.

Arkose said it found a spike in bot traffic, which increased by 25 percent compared to the fourth quarter of 2021. This increase in bot traffic drove up fraud in online gaming, we're told. In total, 93 percent of all attacks against Arkose Labs' customers were bot-driven, it's claimed; data scraping increased by 250 percent while four percent of all logins in Q1 were credential-stuffing attempts. 

Additionally, "fraud-as-a-service" is on the rise, and this lowers the barrier of entry for would-be criminals to conduct attacks at scale, the team reported.

Bots versus humans

Bots are also becoming smarter and more efficient, Arkose Labs found, with automated attack signatures now three-times more complicated than in previous years as they become better at mimicking human behavior. 

"The number of data points that need to be collected, reviewed, and correlated to form a single attack signature makes it harder to detect them," the researchers wrote.

Meanwhile, as some businesses wade into the metaverse, so too do criminals, and they are willing to invest in human capital here to better pull off scams and other fraud in what virtual-reality spaces there are available, according to the report. We're told Arkose saw a 40 percent rise in attacks on metaverse-participating businesses from Q4 to Q1. It's also worth noting that the top targeted sectors — gaming, financial services, and technology — reported as much as 35 percent of traffic coming from human fraudsters.

Arkose Labs also disclosed the top five attacking countries during Q1, from its point of view: US, India, China, the UK, and Vietnam. It found these nations contributed more than 60 percent of the attacks the security shop tracked in the first three months of the year. 

Regional trends

Attack patterns in each region vary, the report claimed. For example, North America, which is responsible for one in five attacks, is more likely to target logins, primarily in the gaming and retails sectors. Additionally, attackers in North America are 30 percent more likely to be human than the global average, the researchers found.

One in three attacks came from Europe. And these attacks are 50 percent less likely to use fraud farms – banks of human fraudsters – than their global counterparts. The UK alone saw at least 52 million attacks to online business in the first quarter of 2022, from Arkose's viewpoint. Meanwhile, 40 percent of attacks in the first quarter came from Asia, and two-thirds of those hit the technology and travel industries. The report also found intrusions from China and India grew 70 percent from Q4 of last year.

Arkose Labs also dived into the growing cybercrime workforce, and while The Register does not condone crime, or encourage anyone to pursue a career in this illicit field, the earnings potential here can't be ignored.

Sadly, cybercrime pays

For this part of the report, the security researchers relied on dark web information sharing. They also pulled from an in-house resource: Brett Johnson, the firm's chief criminal officer, who previously spent seven years in jail for his work developing one of the original cybercrime souks: Shadowcrew. The US Secret Service took down the illegal marketplace in 2004.

Johnson has seen the number of active cybercriminals increase ten-fold since 2019, we're told. "The temptation for committing online fraud is higher than ever simply because the results yield thousands, if not millions of pounds, for even the newest and most junior cybercriminals in the chain," he said in a statement.

According to the report, "rookie fraudsters," individuals with little experience who rely on the growing fraud ecosystem to make money, can earn up to $20,000 per month. 

On the other end of the fraudster spectrum the "master fraudsters," who use multi-pronged attacks and multiple tools alongside fraud-farm workers, earn up to $600,000 per month. ®


Other stories you might like

  • Walmart accused of turning blind eye to transfer fraud totaling millions of dollars
    Store giant brands watchdog's lawsuit 'factually misguided, legally flawed'

    America's Federal Trade Commission has sued Walmart, claiming it turned a blind eye to fraudsters using its money transfer services to con folks out of "hundreds of millions of dollars."

    In a lawsuit [PDF] filed Tuesday, the regulator claimed the superstore giant is "well aware" of telemarketing fraudsters and other scammers convincing victims to part with their hard-earned cash via its services, with the money being funneled to domestic and international crime rings.

    Walmart is accused of allowing these fraudulent money transfers to continue, failing to warn people to be on their guard, and failing to adopt policies and train employees on how to prevent these types of hustles.

    Continue reading
  • Ex-Uber security chief accused of hushing database breach must face fraud charges
    Company execs and their lawyers are paying close attention to this one

    A US judge yesterday threw out an attempt to dismiss wire fraud charges against a former Uber employee accused of trying to cover up a computer crime.

    Former Uber security chief Joseph Sullivan is set to face criminal charges after US District Judge William Orrick yesterday [PDF] rejected his claim that prosecutors did not "adequately" allege that the goal of the claimed misrepresentation of the security breach was to get Uber's drivers to stay with the platform and continue paying service fees.

    In December last year, a federal grand jury handed down a superseding indictment adding wire fraud to the list of charges pending against Sullivan for his role in the alleged attempted cover-up of the 2016 security breach at Uber. The incident led to around 57 million user and driver records being stolen.

    Continue reading
  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading

Biting the hand that feeds IT © 1998–2022