Fraudsters Exploit Cloud Access Points to Orchestrate Sophisticated Attacks

Recent data from the Federal Trade Commission (FTC) shows that U.S. fraud losses topped $10 billion in 2023, indicating that the risk of cybercrime has soared to unprecedented heights.

And digital tools have an increasingly important role to play in both perpetuating these threats, “making it easier than ever to target hard-working Americans […],” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, noted in a report

Several industry experts have echoed similar sentiments.

As Erika Dietrich, VP, Global Fraud Prevention Risk Services at ACI Worldwide, told PYMNTS in September, “What has changed is the speed and scale these tools and technologies give fraudsters,” not to mention how “they can educate themselves in open forums and chat channels on how to deploy and use these new technologies.”

In a separate interview last September, Tobias Schweiger, CEO and co-founder of Hawk AI told PYMNTS, “The application of technology isn’t just reserved for the good guys … and bad actors are accelerating what I would call an arms race, using all of those technologies.”

Moreover, with the use of generative artificial intelligence (AI) technologies, criminals can easily produce fake IDs, identities, and convincing deepfakes of business executives, adding another layer of complexity and deception to their fraudulent activities.

As Karen Postma, managing vice president of risk analytics and fraud services at PSCU, told PYMNTS last October fraudsters using GenAI “can effectively mimic a voice within three seconds of having recorded data,” indicating that they are “utilizing AI to not just commit attacks, but to become very good at committing these attacks.” 

These sentiments align with PYMNTS Intelligence research findings which show that fraud techniques have evolved alongside advanced technologies like AI and GenAI, contributing to the rise of sophisticated cyberattacks.

In fact, nearly one-third of firms cited the increasing sophistication of fraud schemes as a challenge to fighting fraud, and more than one-quarter of FinTech and Big Tech firms acknowledge that existing solutions lack the sophistication necessary to detect fraudulent transactions effectively.

Weak Cloud Access Points

Adding to the complexity of the issue, fraudsters are leveraging cloud access points to orchestrate sophisticated attacks, targeting the growing number of organizations storing data in the cloud.

A recent report by the National Security Agency (NSA) highlights this growing concern, particularly shedding light on how Russia-based cyber actors are adapting their tactics, techniques, and procedures (TTPs) to access sensitive information hosted in cloud environments. 

According to the report, the main method used by cyber actors to access cloud-based systems is by using TTPs like password spraying and brute forcing to enter into automated system accounts and dormant accounts. These types of accounts frequently lack multifactor authentication and have weak passwords, making them an easy target for hackers.

After gaining access to the target’s cloud environment, the perpetrators use system-issued tokens or register their own devices to maintain a presence within the system. Subsequently, they employ residential proxies to conceal their access and obscure any suspicious activities, thereby complicating detection efforts.

This trend highlights the need for organizations to strengthen their cloud security measures and adopt advanced threat detection systems to mitigate the risk of such attacks.

PYMNTS Intelligence data shows that more businesses and financial institutions (FIs) are doing so by prioritizing investments in advanced fraud detection and management systems.

Last year, nearly 70% of FIs with assets exceeding $5 billion adopted AI and machine learning (ML) solutions to combat fraud and financial crimes, a significant rise from 34% in 2022. Moreover, the study indicates that 97% of firms with asset sizes of $100 billion or more have followed suit. 

On a positive note, FIs leveraging these technologies are witnessing positive outcomes. According to the report, institutions employing AI or ML are more likely to observe a decrease in overall fraud rates and less likely to experience an increase in fraudulent activities.

“Additionally, FIs see third-party technologies as a way to enhance their in-house processes over the next three years. At least 60% of FIs will rely on third-parties to provide technologies such as cloud-based platforms and ML/AI to combat fraud,” the report noted.