To the press EMC Japan Corporation RSA Business Division RSA Quarterly Fraud Report Vol.111 ………………………………………………………………………… Since the word phishing first…
To the press
EMC Japan Corporation RSA Business Division
RSA Quarterly Fraud Report Vol.111
Since the word phishing first appeared in 1996, the tactics have evolved, and the total amount of damage and the number of victims have steadily risen. RSA has been providing the online crime prevention service “RSA FraudAction” since 2003 (domestic offering since 2006), detecting malware attacks such as Trojans and closing phishing sites. AFCC (Anti-Fraud Command Center), the core of FraudAction, is celebrating its 16th anniversary this year. Flood analysts are available 24/7 to analyze malware in several languages. I am engaged in elucidating criminal methods.
This newsletter summarizes phishing, online criminal information, and statistics from intelligence reports regularly published by the AFCC. Includes data on criminals’ attacks targeting financial and other financial gains, attacks targeting consumers, and analysis by the RSA (R) Fraud & Risk Intelligence team. A snapshot of the cybercrime environment that helps businesses serving consumers of diverse industries and sizes to achieve effective digital risk management. (4th Quarter 2019: Published March 26, 2020)
◆ For a report explaining the special feature in more detail, please refer to https://www.rsa.com/ja-jp/company/news/20200326.
Crime Attack Trends: Q4 2019
Occurrence by attack type
In the fourth quarter of 2019, RSA detected 59,267 frauds worldwide, an increase of approximately 7% quarter-on-quarter. Phishing attacks are increasing by attack method. Social media fraud and brand abuse remained almost unchanged from the previous quarter at 17%, but fraudulent mobile applications have declined significantly. Trojans have increased only slightly. The ratio of each attack method is as follows.
Source: RSA (R) Fraud & Risk Intelligence Service, July 2018-December 2019 Countries targeted by phishing attacks
Phishing attacks targeting Canada almost doubled quarter-on-quarter, accounting for 70% of the total, making it the country most hit by phishing attacks this quarter. Phishing attacks in India increased 30% quarter-on-quarter, while phishing attacks targeting the Philippines and Spain declined 52% and 30% quarter-on-quarter, respectively. [Image 2
Source: RSA (R) Fraud & Risk Intelligence Service, July 2018-December 2019 Countries where phishing attacks were hosted
In the fourth quarter, the Netherlands and Great Britain were once again in the top ten, while Australia and Hong Kong disappeared out of range. The number of attacks hosted in Germany was roughly doubling, accounting for 2% of the total, up from 3% in the third quarter to 5%. [Image 3
Source: RSA (R) Fraud & Risk Intelligence Service, July 2018-December 2019 Trends in crime targeting consumers: Q4 2019
Status of fraudulent transactions
Source: RSA (R) Fraud & Risk Intelligence Service, October 2016-December 2019 Transaction system
Mobile browser and mobile app transactions accounted for 53% of all transactions observed by RSA.
Source: RSA (R) Fraud & Risk Intelligence Service, October 2016-December 2019 Unauthorized trading methods
In the fourth quarter, six months after the spike in fraudulent transactions performed from web browsers, mobile channels * have regained their lead in fraudulent trading methods. 72% of the fraudulent transactions identified by RSA in the fourth quarter came from mobile channels. In particular, almost three out of five fraudulent transactions, or 59%, came from mobile browsers. This 59% ratio is the highest number for mobile browser transactions since the RSA launched the survey.
The average value of fraudulent financial transactions using mobile channels was $ 480.
* Figures for mobile browser and mobile application combined Comparison of legitimate and fraudulent transactions using credit cards (e-commerce / region)
Since stolen credit card information is used to purchase expensive products that are easy to resell and redeem, the average value per fraudulent transaction tends to be higher than regular transactions, depending on the region There is no difference. Comparisons between regions also suggest differences in consumption levels.
The biggest change that took place in the fourth quarter was the observed difference between legitimate and fraudulent trades in Australia and New Zealand. An average of $ 414 for fraudulent transactions is about three times the average for regular transactions ($ 140). In North America, fraudulent averages fell 40%
quarter-over-quarter, and the gap between legitimate and fraudulent averages was much closer. As stores and financial services providers have resolved fraudulent transactions and chargebacks from the (Christmas) holiday shopping season, we are watching how this figure will change in the next quarter.
Stolen credit card information and information recovered by RSA [Image 7
Source: RSA Fraud & Risk Intelligence Service, January 2019-December 2019 analysis
RSA has regained information and a preview of more than 6 million leaked cards without duplication, up 19% sequentially. RSA has more than 32.5 million leaked card information and card previews recovered from trusted sources such as online crime stores and social media in 2019 without duplication. 83% of the leaked credit card information that RSA was able to recover was linked to just five countries: the United States, India, Spain, Brazil, and the United Kingdom. Special Feature: Cyber Attacks Become a Global Organization’s Top Risk to Manage
2020 will be widely remembered as the year when digital transformation (DX) has begun to deliver valuable results among companies who have been boldly investing in long-standing technologies such as cloud, AI and IoT. Is expected Digital transformation is creating innovative risks in traditional risk management, while creating the risks inherent in traditional risk management, in addition to endless opportunities.
This special feature introduces an excerpt from a recently published RSA Digital Risk Report, and discusses what digital initiatives are being invested by companies and other organizations, and how they affect risk management priorities. And discuss the role of security, risk and business leaders in digital risk management.
IDC is estimating that businesses and other organizations will work on digital transformation initiatives in an estimated $ 1.18 trillion in
2019 (https://www.businesswire.com/news/home/20190424005113/en/Businesses-Spend-1.2 Trillion-Digital-Transformation-Year is projected to invest more than $ 6 trillion over the next four years. There are several different types of digital transformations that cover a wide range of technology shifts. According to the RSA Digital Risk Report, 78% of respondents chose to invest in more than two areas, indicating that many organizations are undergoing different transformations.
The fact that multiple technology initiatives are affecting
organizations simultaneously is a powerful indicator that business operations in the digital realm are becoming increasingly complex. For example, 61% of respondents cited cloud initiatives as a key technology initiative for their company, not just forming a technology landscape, but also working with external providers such as SaaS, IaaS, and PaaS. Means that the complexity of “third-party risk” increases.
Another example is extending the app to customers and partners (requiring them to use the apps they provide) and expanding the organization’s digital footprint (collecting historical and location information, etc.). These efforts not only expand the attack surface of cyber threats, but also agile development life cycles (often adopted as part of this) and DevOps (software development methods that combine ) Is increasingly nervous as it continues to ask the risk response and security departments to improve their responsiveness. [Image 9
The types of digital risks prioritized by the organizations surveyed vary by industry and region, but overall the risks of cyber attacks and the “dynamic workforce (work style reform in Japan)” are rapidly increasing. The risk posed by going to was the highest. This is followed by third-party risk management.
Looking at risk management objectives over the next two years, respondents’ views by industry indicate that the strength of the market cultivated in each sector has the greatest impact on the organization’s digital transformation risk management priorities. Suggest to give. The diagram above shows what risk management items are the top priorities for each industry over the next two years. Not only is it important to prioritize digital risk, but it is also important to engage the right people in accountability and
decision-making. As the RSA Digital Risk Report points out, digital risk management remains a problem for IT and security departments with little business involvement. Only 7% of business respondents who are involved in implementing digital technology are also involved in risk management, and involving business stakeholders in solving digital risks remains a challenge It can be said that it is.
Without this business perspective, the risk management strategy could lean toward the technician. For the IT and security departments, the burden is that the business department may think that it’s just a technology problem and can be solved with technology. However, risk management for many digital initiatives requires coordination not only in the area of technology but also in the layers of business processes. Risk and security issues need to be solved with the first line of defense, the business itself. Without a collaborative approach across all departments, risk may sneak into gaps in the defense line. Figure 2 shows which departments are involved in traditional risk management and digital risk management, respectively.
The risks posed by digital initiatives, such as cyber attacks, work style reforms, and third parties, are paramount, but every
organization feels the effects of digital transformation in their own way. Risks in multiple areas need to be addressed with a comprehensive and cohesive strategy. RSA’s findings show how to build a security and risk management process across IT, security and risk response with more business involvement to meet the demands of an evolving digital transformation initiative Indicates that you must. A full version of the RSA Digital Risk Report can be found here
(https://www.rsa.com/en-us/offers/rsa-digital-risk-report-second-edition). Phishing sites hosted in Japan
After the number of phishing sites in Japan surpassed 100 in October 2018, the number has repeatedly fluctuated between a minimum of 3 and a maximum of 37. The phishing attacks on Japanese consumers reported to the Anti-Phishing Council are almost uncorrelated.
Changes in the number of domestic phishing attacks reported to the Anti-Phishing Council have been in contrast to the decline in phishing sites hosted in Japan. From 1,713 cases in January 2019 to 8,208 cases in December, the number has continued to increase almost rightly and has stayed high at almost four times compared to the same period of the previous year. As a result, in just two months this year, the number of reports over the first half of last year, which was an overwhelming record-breaking year, was reported.
It is said that phishing emails that deceive Amazon, Apple, LINE, and Rakuten are repeatedly distributed in large numbers, and there are many phishing e-mails that deceive credit card brands and major banks. Also, although the number is still limited, some phishing sites have been reported to trick local banks.
It is also prominent that people try to steal personal information and credit card information by using a nominee such as applying for a gift or fundraising online.
For more information about this release(Japanese):
Kushiro Renewal of Akan Yukara "Lost Kamui" Renewal started on April 1, 2020 ………………………………………………………………………… -Akan Yukara and Lost Kamui Performance… Read More
Kirin Brewery Co., Ltd. << Event Report Launched “Kirin Greens Free”, a new proposal that goes beyond the non-alcohol and… Read More
Colopla Real event "DREAM! Ing Party! 2020" for women's game "DREAM! Ing" will be held! Held on TACHIKAWA STAGE GARDEN… Read More