According to a new report from cybersecurity firm RSA, smartphones are quickly becoming the main avenue for hacking attempts, with fraud from mobile browsers and mobile applications now accounting for 71 percent of all fraudulent transactions.
The study, covering a period between April and July, found nearly 10,000 rogue apps that were now responsible for 28 percent of all fraud attacks.
The rise in rogue apps and mobile browser hacking attempts coincides with a rapid growth in the number of financial transactions handled on mobile devices. RSA included a chart showing that since 2015, legitimate financial transactions done through mobile browsers or apps grew from only 41 percent of all online transactions to 56 percent.
Hackers have responded accordingly, significantly increasing their attacks through mobile browsers and apps since 2015. RSA found that attacks through apps have grown from only 7 percent of all hacking attempts in 2015 to a whopping 40 percent of all attacks now. Attacks through the web and mobile browsers have fallen as hackers prioritize apps in their attempts to breach systems and steal information.
"In the second quarter, 80 percent of fraud among e-commerce transactions originated from a new device. In the case of known/trusted accounts, 59 percent of fraud transaction value was from a new device, which is indicative of account takeover or password-guessing attacks where fraudsters could be attempting transactions from the same account across multiple merchants," RSA said in their report.
"Twenty-eight percent of fraud originates from a known/trusted account and device, which suggests that there is a high likelihood of devices infected with financial malware capable of performing man-in-the-middle account takeover attacks."
Its research shows that hackers often use cheap burner smartphones to make most of their fraudulent transactions, as only 0.4 percent of all legitimate online financial transactions are done through new devices or accounts.
RSA runs an undercover unit that infiltrates groups of hackers, and it was able to recover almost 5.1 million unique, compromised cards and card previews from reliable online fraud stores and other sources. According to RSA, this number of compromised unique credit cards accounted for a 60 percent increase compared to the previous quarter. With these cards and previews, hackers were able to steal an average of $442 per fraudulent transactions in the Americas and nearly $400 in the EU.
The number of hacking attempts through apps was still dwarfed by phishing attacks, which still constitute more than 40 percent of all fraud attacks. These types of attacks are aiming to steal your personal information through fake emails, calls or texts.
The RSA report also has an interesting breakdown of where phishing attacks are hosted and where their potential victims are located. The US, India, Canada and Russia top the list of countries from where hackers launch their attacks. Surprisingly, India, the US and Canada are also at the top of the list of countries with the most amount of victims along with the Netherlands, which came in at number 6 on the host list for the first time ever.
The rest of the RSA report is alarming in its examination of the growth and sophistication of hacking attempts. They made a point to note that as more companies turn to AI to manage interactions, hackers will have more opportunities to breach systems. They specifically hone in on "human-not-present" transactions, which are quickly becoming the de facto way people handle financial deals online.
"By effectively removing the human from these transactions, transitive trust must carry the burden of identity and decision, and likely with little context and limited oversight by the not-present human, who will be the one to experience the pain when the system inevitably fails," they wrote.
"To be ready for the 'human-not-present' evolution, then, is to be present now, when such foresight and discipline will do the most good."
FOLLOW Download.com on Twitter for all the latest app news.
- According to RSA, hackers are increasing their attempts to breach systems and steal systems through rogue apps and mobile browsers.
- As more companies turn to AI to handle financial transactions, fewer human eyes will be able to monitor and verify transactions to make sure they're legitimate, RSA said.
- How to avoid downloading fake versions of Fortnite for Android so you don't get hacked
- Security researchers claim some WhatsApp messages and usernames can be faked
- How to stop Google from tracking your location on your mobile phone
- Inside the boot camp reforming teenage hackers (CNET)
- Instagram hack is locking hundreds of users out of their accounts (ZDNet)
- Malicious Android apps infected with Windows keyloggers pulled from Google Play (TechRepublic)