The global spend on digital identity verification will approach $21 billion in 2027, up from $11.6 billion in 2022, reported Juniper Research Tuesday. The increasing prevalence of digital services requiring “digital onboarding journeys,” plus the growing requirement for more advanced and robust identity verification systems amid rising fraud are the key factors that will drive the nearly 80% increase over the next five years, it said: “Digital identity verification is where identity is checked using digitally verifiable elements, such as selfie scans, address checks and knowledge-based authentication.”
DoubleVerify’s fraud lab detected a new variant of LeoTerra, the connected TV advertising fraud scheme, that impersonates IoT devices and hides fraudulent behavior, said the digital media measurement software platform on Wednesday. The three LeoTerra variants detected thus far have spoofed more than 92 million devices during 2022's first half and up to 3.5 million device signatures a day, it said. LeoTerra is a server-side ad insertion tool that fraudsters use to spoof large numbers of devices, it said. Bad actors use online device information sources, where they download lists of devices and incorporate the device information inside their falsified ad requests, it said: “This makes it appear as if their fraudulent traffic is coming from millions of different devices.”
The MPA hired TMT Insights to build, implement and support a new “security assessment platform” for MPA's “trusted partner network,” the association’s global, industrywide film and TV content protection initiative, said the services and software development company on Wednesday. The TPN program helps companies prevent leaks, breaches and hacks of their customers' movies and TV shows before their intended release, “and seeks to raise security awareness, preparedness, and capabilities within the industry,” said TMT.
The FTC should investigate whether Twitter misled users about its security risks and violated a 2011 consent decree with the commission (see 2205260054), Sens. Richard Blumenthal, D-Conn., and Ed Markey, D-Mass., wrote in separate letters Tuesday. Senate Judiciary Committee Chairman Dick Durbin, D-Ill., also sounded the alarm on reports about how Twitter, according to Markey, “systematically and repeatedly failed to take basic security measures to protect its user data and has misled investors, regulators, and the public about the strength of its security systems.” Blumenthal cited information from whistleblower Peiter Zatko, a senior cyber executive for the company 2020-22: “These troubling disclosures paint the picture of a company that has consistently and repeatedly prioritized profits over the safety of its users and its responsibility to the public, as Twitter executives appeared to ignore or hinder efforts to address threats to user security and privacy.” Zatko was fired in January for “ineffective leadership and poor performance,” a Twitter spokesperson said Tuesday. “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context.” His “allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.” Allegations of “widespread security failures at Twitter, willful misrepresentations by top executives to government agencies, and penetration of the company by foreign intelligence raise serious concerns,” said Durbin. Durbin said he will continue investigating and take further steps as needed. The company entered into its 2011 consent decree with the FTC and DOJ. The FTC confirmed receiving the letters but didn’t comment.
Nearly seven in 10 cybersecurity professionals cite an increasing number of cyberattacks since Russia invaded Ukraine in late February, reported VMware Monday. The company canvassed 125 “incident responders” in June, finding two out of three reporting “malicious deepfakes” used as part of an attack, a 13% increase from last year, “with email as the top delivery method,” it said. Deepfake attacks use AI to create realistic video and audio content to trick victims into disclosing sensitive information. VMware said “burnout” among cybersecurity professionals “remains a critical issue.” Slightly fewer than half of respondents reported having experienced burnout or extreme stress in the past 12 months, down slightly from 51% in a similar survey last year, it said: “Of this group, 69% (versus 65% in 2021) of respondents have considered leaving their job as a result.”
Google Global Head-Product Security Strategy Camille Stewart Gloster will be deputy national cyber director-technology and ecosystem security, the White House announced Monday. She will lead the Office of National Cyber Director’s efforts to “strengthen the security and development of our Nation’s cyber ecosystem -- across people, processes, and technology,” the White House said. Gloster previously worked for the Obama administration as a senior cybersecurity policy adviser at the Department of Homeland Security.
Schools, from primary through university, are increasingly being hit with ransomware, with 60% suffering attacks in 2021 compared with 44% in 2020, reported Sophos Tuesday. The cybersecurity company canvassed 730 educators in 31 countries, finding only 2% were able to recover all their encrypted data after paying a ransom, down from 4% in 2020, it said. Schools, on average, were able to recover 62% of encrypted data after paying ransoms, down from 68% in 2020, it said. Colleges and universities reported the longest ransomware recovery time among all types of schools canvassed, with 40% saying it took them at least a month to recover, compared with 20% for other sectors, and 9% reporting it took three to six months to recover. Schools are “prime targets for attackers because of their overall lack of strong cybersecurity defenses and the gold mine of personal data they hold,” said Sophos analyst Chester Wisniewski. “Education institutions are less likely than others to detect in-progress attacks, which naturally leads to higher attack success.”
Global merchant losses to online payment fraud will exceed $343 billion 2023-2027, reported Juniper Research Monday. The number includes sales of digital and physical goods, money transfer transactions, and banking and airline ticketing via fraudster attacks including phishing, business email compromise and socially engineered fraud, it said. A key driver is fraudster innovation such as account takeover fraud, where a user’s account is hijacked, despite identity verification measures, Juniper said. To combat rising fraud, fraud prevention vendors need to orchestrate the right mix of verification tools, at the most effective time. “No two online transactions are the same, so the way transactions are secured cannot follow a one-size-fits-all solution,” said analyst Nick Maynard. Fraud prevention requires several verification capabilities, intelligently orchestrated, to protect merchants and users, Maynard said. Physical goods purchases will be the largest source of losses, at an expected 49% of online payment fraud losses globally over the next five years, Juniper said. Lax address verification processes in developing markets are a major risk, with fraudsters targeting physical goods specifically, due to their resell potential, Juniper said.
U.S. cyber victims shouldn’t make ransomware payments, the FBI, Cybersecurity and Infrastructure Security Agency and Treasury Department said Wednesday in an advisory on Maui ransomware, a common North Korean state-sponsored cyberthreat. Paying ransom doesn’t “guarantee files and records will be recovered and may pose sanctions risks,” the agencies said. U.S. companies should “adopt and improve cybersecurity practices and report ransomware attacks to, and fully cooperate with, law enforcement,” the agencies said.
Deputy Attorney General Lisa Monaco met Thursday with retail CEOs at the Retail Industry Leaders Association (RILA) annual summit in Washington, where she cautioned them to be “mindful” about the “blended threat” of sophisticated "cyber-criminal groups" and "nation-state actors" forming “alliances of convenience,” said a DOJ readout Friday. She encouraged retailers to bolster their cyber defenses and "proactively develop" relationships with their local FBI field offices, it said. Monaco also addressed “organized retail crime” with the CEOs, including how U.S. attorneys across the country are bringing federal charges to punish and thwart “aggravated retail theft,” said DOJ. Retailers "appreciated the opportunity to discuss a number of high priority issues with Deputy AG Monaco, including cybersecurity," emailed RILA President Brian Dodge. "We appreciate the department’s attention to organized retail crime and the role they are playing investigating and prosecuting large cases," he said. RILA represents Best Buy, Target, Walmart and other big-box retailers.