Empowered by big-data analysis, security researchers are finding new ways to pinpoint the sources of botnets, login account hacking and fraud exploits that will allow businesses to proactively evaluate and manage their exposure to financial and other risks.
Ongoing analysis of attack traffic - through correlation of malicious traffic, scraping of login details, geolocation information, usage patterns and more - has helped Akamai security researchers in a new effort to analyse and categorise active botnets that has already classified more than 1300 such attack pathways.
These and other suspicious sites are being monitored for questionable activity and tagged with reputation scores that are helping surface new relationships and attack patterns that show, for example, where a particular attacker has been using scripts to launch automated password-reuse checks across a large number of sites.
"It has taken us many years to get to this point but we have a lot of customer data from around the world and we're feeding that into a big-data engine," the company's APJ security chief technology officer Mike Smith recently told CSO Australia.
"Reputation scores help a business see that someone was, say, attacking the site of a competitor in the same industry or geography," he continued. "You can learn from the attacks against everybody else, but in an abstract way so you don't know who it was."
Many attacks are "really simple stuff" that are more distinctive for the patterns of activity that they generate - large numbers of requests to or from a single IP address in a short period of time, for example - than their actual authorship.
Analysis was starting to show hotspots of activity where fraudsters were leveraging personal information to extract details of loyalty programs to cash them in for gift cards and other negotiable instruments. Other analysis was revealing cases where an online merchant had been shipping items to people who have different names but the same shipping address.
"You start to use big-data techniques on your customer base looking for irregularities," Smith explained. "If you can find out which domains are very popular but shouldn't be popular, that's where your fraudsters are."
Economic crime has emerged as a major and growing problem as online cybercriminals refine techniques for harvesting large volumes of stolen account passwords, cloud-service credentials, personally identifiable information, and other data that can be used to infiltrate additional services and extract some type of financial reward.
PricewaterhouseCoopers' recent Global Economic Crime Survey 2016hinted at the magnitude of the problem, culling responses from more than 6000 respondents across a range of industry sectors to find that existing methods for detecting criminal activity have become less effective over time.
Sign up for MIS Asia eNewsletters.