Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/14/2019
10:00 AM
Kevin Gosschalk
Kevin Gosschalk
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach

A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.

It's been about two months since one of the biggest data breaches in history was announced: A hacker gained access to more than 100 million Capital One customers' accounts and credit card applications.

The announcement made global headlines and left consumers and businesses reeling, but it did not come as a surprise to us. With the recent increase in attack volumes within the Arkose Labs network, we knew something of this magnitude had occurred. It was clear that fraudsters had gotten access to new, powerful information to weaponize.

When analyzing attack patterns, the impact of any breach is instantly visible, sometimes months and years before the breach is discovered and reported. The size and severity of the Capital One breach, the type of data that was compromised, and the customers that have been affected (subprime borrowers and small and midsize businesses [SMBs]) are having a significant impact on the increasingly complicated — and connected — cybercrime ecosystem.

A colleague of mine worked at Capital One for years and remarked how it was there that she learned the value of data and analytics, how it affects profitability and growth, and how it can help predict customer lifetime value and engagement. She and her colleagues would hold heated, data-driven debates on the best ways to engage with the subprime population and successfully use data to build out the digital acquisition channel to target small-business owners.

She made it clear that Capital One understood — and championed — the value of customer data.

And now the same data — data used by Capital One to strategically fuel growth, target businesses, and identify which consumers would provide the most long-term value — is exposed on the Dark Web. Here, it will continue to be used to strategically grow the business of fraud, putting SMBs, consumers, and even large enterprises at heightened risk of attack.

The grim reality is that in today's digital landscape, it wasn't a matter of if but when we would witness another breach with the impact akin to Equifax in 2017 — where the quality of data exposed paints a frighteningly accurate portrait of one's financial health and where the devastating ripple effects of fraud will be felt by end users even years later.

And now, it's more important than ever that businesses understand the role that each breach plays in advancing a criminal's intel and the larger fraud landscape.

The cybersecurity ecosystem is fueled by data, and there are whole enterprises on the Dark Web dedicated to buying and selling customer data and running identity farms. What companies don't understand is that it takes a village to launch a good attack, and cybercriminals have sophisticated and connected networks that give them easy access to a host of compromised credentials from various disconnected attacks. When combined, fraudsters have a significant amount of customer data at their fingertips — from financial and bankruptcy status to Social Security numbers to even beauty preferences and consumer biometrics, as exposed in the Sephora and Suprema breaches. Criminals have unprecedented levels of insight into customers, which can be weaponized for future cyberattacks.

The Capital One incident underscores the fact that there is an abundance of data available that criminals can — and will — exploit to commit sophisticated fraud attacks, such as account takeover attacks, credential stuffing, and single request attacks. It's also a scary reminder that data and digital identity are the two currencies that matter most in our digital economy.

As we head into the holiday season, it's clear that the Capital One breach will play a big role in holiday retail fraud. The retail industry is very susceptible to seasonal and human-driven fraud. In fact, our recent "Fraud and Abuse Report" uncovered more than half of attacks on retail companies were human-driven. Unlike bot traffic, inauthentic human traffic is harder to detect because human behavior is unpredictable and highly nuanced.

Inauthentic human fraud is also powered by data.

We know that fraudsters are preparing to launch large-scale attacks on vendors by validating and testing stolen identities, credentials, and credit card information compromised in recent breaches.

A company's uphill security battle is not between the company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem. Fraud is evolving, and the longstanding approach of removing a criminal's financial incentive to attack is the only solution.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Works of Art: Cybersecurity Inspires 6 Winning Ideas"

Kevin Gosschalk is the CEO and Cofounder of Arkose Labs, where he leads a team of people focused on telling computers and humans apart on the Internet. Before Arkose Labs, Kevin worked on gaming hardware for the intellectually disabled at the Endeavour Foundation and built a ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVE-2019-18853
PUBLISHED: 2019-11-11
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVE-2019-18854
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVE-2019-18855
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
CVE-2019-18856
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.