UPDATE — Rise of the Cyborg: Arkose Labs Fraud Report Finds Human-Bot Hybrid Attacks Increase in Q1


SAN FRANCISCO, May 05, 2021 (GLOBE NEWSWIRE) — Arkose Labs, provider of online fraud and abuse prevention technology, today released new data on the latest fraud trends, revealing an increase in human-bot hybrid attacks.

The Q2 Arkose Labs Fraud and Abuse Report, released today, indicated an uptick in fraud originating from North America, with the U.S. and Russia vying for the top spot in terms of origination of attacks. Additionally, there was a significant amount of human-driven attacks originating from North America, which could indicate that many who were drawn to fraud to make money during lockdowns have continued on this path.

“Many who dabbled in fraud in 2020 have continued to find the profession profitable and continue on with it instead of returning to legitimate work,” said Vanita Pandey, CMO at Arkose Labs. “There is an increasing amount of people who, while not pursuing fraud as a full-time job, are engaging in activities like fake reviews, disseminating fake information on social media and new user sign-up bonus abuse. This new face of fraud is emerging as a permanent part of the landscape.”

2021 started off busy, with heightened attack volumes carrying over from the end of 2020. However, by the midpoint of Q1 there was a drop off in attacks in most industries – except technology, and media/streaming, which continue to see high fraud levels.

At its peak, the Arkose Labs Network detected 5 million attacks daily during the first half of Q1. The overall attack rate dropped significantly as the quarter went on, from a peak of more than 30% of sessions being identified as malicious, to a much more manageable 17%. This was due to a respite from large-scale, targeted bot attacks. Human-driven fraud however did increase slightly this quarter.

Additional highlights from the report include:

Increase in Human-Driven Fraud – Q1 saw a marked increase in human-based attacks from North America, especially in tech and media, which highlights the continuing presence of fraud farms in carrying out attacks. Humans are required to launch scams on these platforms, which they do by sending phishing messages or malicious links to good users seeking to place malware on their devices or extract sensitive information, which can then be resold at a large profit.

Rise in Malicious Mobile Traffic – Higher levels of fraud originated from mobile devices in Q1, up to 28% of all attacks compared to 16.2% last quarter. This speaks to the importance of protecting the entire digital perimeter.

A Diversification of Attack Type – While 2020 was dominated by account takeovers (ATOs) and login-based attacks, Q1 2021 saw a significant uptick in bots attacks for things like spam, info scraping, in-game abuse, inventory hoarding and API abuse, with a 36% increase in these types of attacks from Q4 2020 to Q1 2021. There was also a 28% increase in payments attacks during that same time period.

Rise of the Cyborgs – The increase in humans launching attacks speaks to the increasing relevance of so-called “cyborg” attacks, with fraudsters deploying a mix of bots and fraud farms to successfully pull off attacks.

Attack of the Smart Devices – In an effort to blend in and appear as legitimate traffic, fraudsters are hijacking the trove of new IPs associated with IoT-connected devices. These IPs are often from a geography not typically known for fraud attacks, such as North America. There were similar levels of attacks originating from Europe and Asia in Q1 2021, with Europe the top attacking geography, with over one third of all attacks. This is largely influenced by the consistent high attack levels seen emanating from Russia.

The Q2 Arkose Labs Fraud and Abuse Report is based on actual user sessions and attack patterns that were analyzed by the Arkose Labs Fraud and Abuse Prevention Platform from January through March 2021. These sessions, spanning account registrations, logins and payments from financial services, ecommerce, travel, social media, gaming and entertainment were analyzed in real-time to provide insights into the evolving fraud and risk landscape. Unsophisticated bot attacks don’t result in a user session and thus have not been included in this report. The report focuses on attacks from fraud outlets that combine state-of-the-art technology with stolen identity credentials and human efforts.

To access the full Q2 2021 Fraud and Abuse Report, please click here.

To learn more about Arkose Labs and its Fraud and Abuse Defense Platform, visit www.arkoselabs.com.

About Arkose Labs

Arkose Labs bankrupts the business model of fraud. Recognized by Gartner as a 2020 Cool Vendor, its innovative approach determines true user intent and remediates attacks in real time. Risk assessments combined with interactive authentication challenges undermine the ROI behind attacks, providing long-term protection while improving good customer throughput. Arkose Labs is based in San Francisco, Calif., with offices in Brisbane, Australia and London, UK. For more information, visit www.arkoselabs.com or on Twitter @ArkoseLabs.

Media Contact:

Paul Wilke



A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/14b71a2c-22e0-4fd4-88a5-f7931f6336fb