Portland-based Iovation, a company that protects businesses against online fraud, identity theft, spam and abuse, published a study that reveals that the Linux operating system is the most used by cybercriminals to conduct fraudulent transactions.

Iovation’s solutions are built around a knowledge base containing information for more than one billion physical devices used to conduct online transactions. Iovation protects online gaming businesses and their end users against fraud and abuse through the combination of reputation and risk assessment in real time.

Iovation analytics shows that 2.3 percent of transactions that came from Linux are fraudulent, whereas in Windows that percentage remains at 1.4 percent and Mac comes only 1 percent. Remarkably, no mobile platforms are listed at the top because hackers prefer operating systems that give them greater opportunities to automate their actions.

“Interestingly, we found that 2.3 percent of all transactions from Linux-based machines, 1.4 percent of all transactions from Windows machines and 1 percent of all transactions from Macs were fraudulent,” said Scott Waddell, Vice President of Technology at iovation. “You’ll note that there were no mobile platforms in the top three; we believe this is because fraudsters prefer operating systems that make it easier to automate their schemes.”

The company tracked fraudulent transactions using ReputationManager 360 which assesses risk on transactions from each of the billion mobile and fixed Internet devices that it monitors, such as desktops to laptops, mobile phones to tablets, and handheld gaming devices to gaming consoles and smart TVs.

“Having identified over a billion unique Internet-connected devices is a phenomenal milestone which really highlights the critical mass we’ve reached with our global device reputation service,” said Greg Pierson, CEO at iovation. “Our ability to re-identify unique devices as the same ones regardless of which online business they touch is highly valuable. Understanding how all of those devices and transactions are associated, and combining that with our customer-provided real-time fraud experience, is even more exciting. These capabilities are the key to providing our customers with an invaluable level of insight into anonymous consumer behavior, and allow us to identify risk that no other service can spot.”

In its report, iovation claimed that more than 84 percent of denied transactions involve devices already had experience with the associated devices with the company.

“I am not too surprised that Linux tops the list of operating systems used by scammers to house their malign designs and web software,” says Kyt Dotson, editor of HackANGLE. “Linux has been an open source and free solution for an OS on the market for a very long time, it’s easy to set up, and has many flavors that provide a quick out-of-the-box web-ready presence. In short, it has a very cheap small operation TCO and that’s exactly what scammers need.

“This doesn’t reveal anything we didn’t already know about Linux and it just shows that it’s a great tool for people who otherwise want something quick and dirty. Just as much as it’s an excellent platform for at-home hobbyists, bloggers, or others who want a webserver on the quick; it’ll also be the go-to platform for fly-by-night and small criminal enterprises.”

Fraud rates

The online growth leads to increased exposure to fraud for businesses and their end users. It is estimated that online fraud in Africa is at high level at 7.24 percent compared to rest of the continents. It is followed by South America (4.26 %), Asia (4.1 percent), Europe (1.46 percent) and North America (0.75 percent)

Although iovation report didn’t mention anything about mobile fraud, a new study by Trademob found that 40 percent of mobile ad clicks are either accidental or fraudulent.

Cybercrime associated with mobile viruses particularly on Android devices are much more compared to Apple’s iPhone. In its annual State of Mobile Security report, Lookout found that SMS fraud has grown steadily since July 2011, constituting 62% of all application-based threats.