Page 148 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 148

Secondly, through device compromise: If a user's device is compromised, either through hacking or
            physical  theft,  perpetrators  can  gain  access  to  sensitive  banking  information  stored  on  the  device,
            enabling them to perpetrate fraud directly from it.



            What are the driving forces behind the rapid proliferation of ODF?

            Advancements in anti-fraud defenses by banks are continually met with corresponding developments in
            fraudster  tactics.  Banks  evolve  their  defenses  during  onboarding  and  device  enrollment  processes,
            leveraging improved device intelligence to identify suspect devices associated with multiple accounts.
            This technological arms race highlights the necessity for ongoing vigilance and adaptation.

            Additionally, the accessibility of artificial intelligence (AI) has lowered the barrier for fraudsters to develop
            targeted technology. The widespread availability of AI tools empowers fraudsters to devise sophisticated
            schemes, thus exploiting vulnerabilities and circumventing traditional security measures. Consequently,
            combating  on-device  fraud  necessitates  proactive  strategies  that  keep  pace  with  emerging  threats.


            Our threat hunting team has recently tracked down an extensive campaign aimed at propagating the
            Copybara, a malware capable of perpetrating ODF, across important banks’ online customers.



            So, how can organizations effectively combat the rising tide of on-device fraud?

            A multifaceted approach is paramount. Conducting app and content integrity checks serves as a frontline
            defense, helping detect any tampering of content transmitted by app servers. Similarly, device integrity
            checks are vital to identifying unauthorized modifications, such as rooting or dangerous access rights
            granted to third-party apps.

            Other  proactive  measures  include  searching  for  known  or  existing  malware  to  swiftly  identify  and
            neutralize  threats.  However,  given  the  dynamic  nature  of  malware,  businesses  need  tools  to  detect
            anomalies indicative of compromise from "zero-day malware"—malware not yet classified.

            Accurate behavioral profiling is crucial in this regard, enabling organizations to spot anomalies in user
            behavior and spending patterns indicative of fraudulent activity. Additionally, predictive mule account
            identification  can  hugely  enhance  security  by  preemptively  flagging  suspicious  accounts  and
            transactions.


            Lastly,  leveraging  data  analytics  and  machine  learning  algorithms  can  be  transformative,  enabling
            organizations to proactively identify and mitigate risks associated with on-device fraud.

            The threat of on-device fraud underscores the critical need for robust security measures and proactive
            strategies. As technology advances, so too must our defenses evolve to counter emerging threats. By
            harnessing the latest advancements in AI, behavioral analytics, and predictive modeling, organizations
            can stay ahead of fraudsters and protect both their assets and customers from harm.







                                                                                                            148
   143   144   145   146   147   148   149   150   151   152   153