LexisNexis Report Finds Human-Initiated Digital Attack Rate is Rising

LexisNexis Risk Solutions says the global human-initiated digital attack rate increased 19% year over year (YOY) from 2022 to 2023. The information-based analytics and decision tools company also says the expanding scale of cybercriminals’ activity is reflected in the rising attack rate, particularly in e-commerce and across North America.
The findings were contained in the annual LexisNexis Cybercrime report, Confidence Amid Chaosreleased on May 24, 2024. The report draws on data from the 92 billion transactions processed through the LexisNexis Digital Identity Network in 2023.
Key findings from the report include;
  • Third-party account takeover fraud was the leading type of fraud reported by clients in 2023, contributing 29% of fraud classifications reported, aligning with the strong attack rate growth seen at account login in 2023 (up 18% YOY).
  • While bot-initiated attacks maintained a steady 2% YOY growth to reach 3.6 billion, human-initiated attacks surged by 40% in volume to 1.3 billion.
  • Device data, including high-altitude behavioural biometrics telemetry, reveals that parts of Southeast Asia are established homes for dedicated remote scam centres. According to data from the Digital Identity Network, cybercriminals favour border areas in Cambodia, Myanmar, and remote parts of Thailand.
  • Automated bot attack rates remained steady in 2023, partly due to the threat posed by advanced bot detection capabilities to this attack vector. These capabilities involve detecting bot traffic that mimics the locations of legitimate customers via IP proxies and identifying abnormal timing of events and unusual on-page or in-app behaviors. Businesses increasingly employ proxy-piercing technology to break the anonymity of cyber criminals attempting to conceal their behaviour through virtual private networks (VPNs).
The LexisNexis Identity Abuse Index, which records the percentage of attacks per day, shows that attack rates spiked at the beginning and end of 2023. A significant factor was that North America’s attack rate rose to meet and then surpassed that of Latin America throughout the year.
The number of e-commerce transactions increased by 7% in 2023 as rising interest rates and global inflation cooled consumer spending. However, where consumers held back, fraudsters became more active. The volume of human-initiated attacks surged 80% YOY, resulting in an attack rate of 2.8% (up by 59% YOY). A key component of this growth in attacks was a focus by fraudsters on account takeover of e-commerce accounts, with the attack rate at login reaching 3.3% (an increase of 119% YOY).
Greater global adoption of 3D Secure to mitigate the risk of fraud from Card-Not-Present transactions is just one method businesses now employ to confront the heightened threat posed by cybercriminals. Regulatory changes in specific markets, such as establishing clearer liability frameworks, serve as a model for enhanced global cooperation aimed at minimising the impact of digital activities carried out by criminals.
“Cybercriminals continue to increase the scale and complexity of their illegal operations, with dedicated scam centres becoming a permanent fixture to mount digital attacks on consumers worldwide,” said Stephen Topliss from LexisNexis Risk Solutions. “While these scam centres will continue to drive the threat of human-initiated attacks, organisations cannot afford to be complacent about the growing sophistication of bots, which can display more human-like behaviour to evade traditional prevention solutions. By focusing on identifying advanced bots in real-time, businesses can mitigate their ability to create fraudulent accounts or test stolen login credentials for future account takeover attacks.”
You can read the full report here.