Sleeper accounts wait for at least a week before launching cyber attacks


Sleeper cell accounts which appear normal and hide among normal users, waiting for long periods of time to age the account before striking, are the latest technique being used by cyber attackers.

These accounts are often used for testing or carrying out the attack in stages, according to fraud and financial crime detection service DataVisor.

According to the DataVisor Online Fraud Report, 44 percent of fraudulent accounts sleep for at least seven days before an attack. In addition 37 percent of malicious accounts have still to attack even after three months.

Fraudsters are using cloud hosting providers to create armies of fake accounts from unique machines and IP addresses. The cloud allows fraudsters to both significantly increase the number of attack campaigns they can conduct, as well as evade detection by remaining anonymous. DataVisor observed that 18 percent of accounts originating from cloud service IP ranges are fraudulent. Also, malicious accounts are seven times more likely to use cloud services than normal users.

View more  Companies miss basic precautions that could prevent data breaches

“The Fraud Economy is flush with billions of dollars in resources. It’s no longer just one malicious user causing trouble, but rather massively funded armies numbering in the hundreds who are providing a big payout for these bad actors,” says Yinglian Xie, CEO and co-founder of DataVisor. “The fraudsters are becoming adept at looking like normal users and it’s clear from our research that they are increasingly sophisticated and using the latest technologies available to skirt detection. The DataVisor Online Fraud Report will hopefully serve to help inform and empower the fraud fighting community in our war against a common enemy, one sleeper cell at a time.”

Among other findings are that desktop is the preferred platform for fraudsters with 82 percent of fake accounts originating from desktop machines, compared to only 18 percent from mobile platforms. However, a user from the Android platform is eight times more likely to be fraudulent than a user from an iOS device.

View more  Enterprises have the wrong priorities on security spending

The report shows that 53 percent of fraudulent accounts are registered with email addresses from popular email services like Google, Microsoft or Yahoo in order to blend in with good users. Social networks are the most popular targets, with fraudulent account armies targeting social platforms being 17 times larger than those targeting financial services — averaging 160 accounts per campaign.

You can find out more in the full report which is available to download from the DataVisor website.

Photo Credit: Dan Kosmayer/Shutterstock