ThreatMetrix Announces 311 Million Bot Attacks Detected and Stopped in Q1 2016; 35 Percent Quarterly Increase

Share Article

Quarterly report examines cybercrime attacks detected by the ThreatMetrix Digital Identity Network, which analyzes more than 20 billion annual transactions

News Image

ThreatMetrix®, The Digital Identity Company™, today released its Q1 2016 installment to the “ThreatMetrix Cybercrime Report.” In addition to the 311 million bot attacks, the ThreatMetrix Digital Identity Network (The Network) also detected and stopped more than 100 million fraud attacks in real time, a 52 percent increase year-on-year.

“Authentication is still key for the digital businesses we serve, but attack vectors are becoming more complex, dispersed and damaging than ever before,” said Vanita Pandey, vice president, strategy and product marketing at ThreatMetrix. “Consumer data is everywhere. Fraudsters can create pitch-perfect attacks because they know so much about us. Businesses must become smarter at detecting the full spectrum of possible attacks, from huge automated identity testing sessions, to advanced social engineering attacks that hijack individual accounts. This starts with really understanding the digital identities of consumers so that high-risk behavior can be detected in real-time.”

Botnet Attacks Evolve to Mimic Legitimate User Behavior:
Botnet attacks are becoming more complex and harder to predict than ever before. Alongside the loud and fast attacks, The Network is seeing low and slow attacks that are designed to evade rate controls and appear more like normal user traffic.

When fraudsters get a new list of user credentials from the dark web, they launch a series of massive credential testing sessions that cause huge transaction spikes over a couple of days. Once a successful hit is made, those curated lists of known password and login combinations are taken to other sites to launch slower velocity attacks, which are harder to detect. A staggering 264 million bot attacks were detected across e-commerce merchants this quarter alone.

“These attacks are particularly hard to detect because they aren’t always picked up by traditional rate control measures. Our normal lines of defense just aren’t working. Businesses need a smarter approach that can differentiate between a human and a bot the moment they start to transact,” added Pandey.

New Forms of Identity and Credential Testing:
In addition to botnets testing the validity of stolen identities, The Network is seeing new ways to test credentials obtained through the dark web. Online businesses are inadvertently providing a perfect way for fraudsters to anonymously test stolen payment credentials, such as credit cards, before making a big ticket purchase.

Industries with low digital sophistication are easy targets. ThreatMetrix detected a series of $5 payments made with stolen credit cards targeting the charity sector.

Identity spoofing was also a strong attack vector in the FinTech space with fraudsters using cloaking technologies such as proxies or spoofed locations to mask their true identities and locations. This has given rise to an increase in fraudulent new loan applications.

“The challenge for digital businesses today is that cybercriminals are becoming so sophisticated at building convincing identities using a jigsaw of stolen credential pieces, it is becoming harder than ever to distinguish them from legitimate customers,” continued Pandey. “It is only by looking holistically at the context of the transaction, along with all the information we know about the user, that organizations have the power to stop fraudsters in their tracks.”     

Mobile Drives Massive Growth in Financial Services Transactions:
Mobile transactions grew 200 percent compared to the previous year and now make up one-third of the overall transactions volume in The Network. This is primarily driven by the increase in account logins via mobile devices. Growth is particularly strong in the financial services sector, where digital banking transactions have increased by more than 150 percent over the last year, with 42 percent coming from mobile.

“A lot of users we see in The Network are now mobile only, reflecting how reliant we have become on mobile devices,” said Pandey. “Users enjoy the freedom that mobile apps give them to log in to their accounts whenever and wherever they please, sometimes replacing the need for a desktop. This highlights just how important mobile security is when people transact across locations, on multiple apps and on different WiFis. Attacks are steadily rising and businesses must be prepared for these to increase further.”

Device spoofing and identity spoofing are the most prevalent mobile attack vectors in The Network as fraudsters hack in to devices to access personal credentials. Fraudsters are also capitalizing on unsecured wireless networks to intercept user credentials or are encouraging users to download hacked versions of legitimate apps via third party stores.

Digital Identities, Powered by The Network:
The ThreatMetrix Digital Identity Network analyzes the myriad connections between a user’s devices, locations and anonymized personal information as they transact online. This builds a unique and trusted digital identity that fraudsters can’t fake. Leveraging the power of digital identities to establish trusted user behavior is the best way to authenticate user identity.

To learn more, download the “ThreatMetrix Cybercrime Report: Q1 2016” here.

ThreatMetrix Resources:

  •     Share this news on Twitter: @ThreatMetrix released its latest cybercrime report, showing key trends in #botnets, identity spoofing & #mobile:

About ThreatMetrix:
ThreatMetrix®, The Digital Identity Company™, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix® Digital Identity Network, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain, and lower fraud and operational costs. The ThreatMetrix solution is deployed across a variety of industries, including financial services, e-commerce, payments and lending, media, government, and insurance.

For more information, visit or call 1-408-200-5755. Join the cybersecurity conversation by visiting the ThreatMetrix blog, Facebook, LinkedIn and Twitter pages.

© 2016 ThreatMetrix. All rights reserved. ThreatMetrix and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts:
Jaci Robbins
Tel: 408-200-5718
Email: jrobbins(at)

Allison Ward
Walker Sands Communications
Tel: 312-648-6010
Email: allison.ward(at)

Share article on social media or email:

View article via:

Pdf Print

Contact Author

John Everette
Walker Sands Communications
+1 (312) 964-9102
Email >