There is a visible shift in attack patterns immediately following a breach, from initial attacks focusing on high-value loan applications at online lenders to low-value identity testing on charities and social media sites to determine if a stolen credential will work.
KRACK, combined with other attacks, allows for the reading of pain text username, passwords, credit card numbers as well as the injection of code including ransomware, writes Timothy Crosby, senior security consultant for Spohn.
The identity theft threat created by the Equifax hack and the growth of online lending have given software makers a platform to pitch products that rely on selfies, scans of driver’s licenses and other nontraditional ID methods.
The breach may result in a huge new dump of names, addresses, Social Security numbers and other personal information that fraudsters can leverage to gain access to a legitimate user’s account, writes Jason Tan, CEO of Sift Science.
One-time passcodes or more complex passwords are not enough, and add friction and potential frustration for the user. The solution is mobile identity authentication, writes Randy Vanderhoof, executive director of the Secure Technology Alliance.
As U.S. counterfeit card fraud declines with the advance of EMV, researchers say fraudsters seeking richer ground are reviving a familiar card scam based on creating fake credentials, known for many years as synthetic identity fraud.