Archive for the ‘Device Identification’ Category

There’s an old song that goes “New York, New York. It’s a wonderful town. The fraud is up…” Wait, those aren’t the exact words. They may not be the exact words, but, they are the right ones according to a ThreatMetrix™ study of nearly a billion e-commerce transactions.

New York leads in online fraud origination followed by Atlanta, Chicago, Los Angeles, and Omaha.

ThreatMetrix reviewed the online activity for the first quarter of 2012, evaluating close to a billion transactions from select e-commerce merchants. Each transaction was scored as low, medium or high fraud risk. High risk transactions were typically rejected automatically by merchants while medium risk ones tended to result in a manual review. The top 150 U.S. cities were then ranked based on their percent of high and medium risk transactions.

“New York was ranked No. 1 in e-commerce fraud risk with transactions 1.5 times as likely to be at risk in comparison to second ranked Atlanta, and twice as likely in comparison to No. 3 Chicago,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “As fraudsters grow more sophisticated and expand globally, it’s only natural that large cities with international profiles, easy access to shipping and high connectivity rates will become breeding grounds for new generations of cyber threats, including both fraud and malware.”

In 2011, 25 million new, unique strains of malware were released – a number that is projected to explode to 87 million by the end of 2015, according to the Aite Group. That means cities like New York and Chicago and Los Angeles are a gold mine for cybercriminals that steal identities, passwords and credit cards. “We would expect to see a highly connected city like San Francisco rank higher, but perhaps the relatively high penetration of Apple devices which are largely seen to be less vulnerable to malware explains its relatively low ranking”.

With the recent acquisition of TrustDefender™, ThreatMetrix  offers the only integrated solution combining intelligent device identification with malware detection and remediation. Protecting more than 5,000 websites for some of the world’s largest brands, ThreatMetrix profiles nearly 1 billion devices every month.

Faulkner adds, “ThreatMetrix is committed to identifying and addressing the full range of cyber threats that are being deployed against e-commerce merchants and financial institutions – no matter where they originate. Like our clients, we are relentless in our efforts to stay ahead of the curve and to anticipate the next wave of attacks before they occur.”

Since a high number of cyber attacks originate outside the U.S., ThreatMetrix will release a similar list of the top international cities for fraud origination in future reports.

For more information, please visit the ThreatMetrix Resource Center at http://threatmetrix.com/resource-center/.

From highest in online fraud origination to lowest, the rankings are:

1. New York

2. Atlanta

3. Chicago

4. Los Angeles

5. Omaha

6. Dallas

7. San Francisco

8. Houston

9. Washington D.C.

10. Lexington, KY

Health insurance, workers compensation, a vision plan, dental insurance, life insurance, a pension plan, FICA. And, did we mention vacations and holidays? Good employees don’t come cheap. So, if you only need them occasionally, doesn’t it make sense to just hire temps?

Entrepreneurs Dmitry Naskovets and Sergey Semashko thought so. And, what did they get for their troubles? Sent up the river. That’s what.

To initiate wire transfers, unblock accounts or change account contact information, financial institutions usually require an account holder to authorize the transaction by phone.

So back in June 2007, Dmitry and Sergey got the bright idea to launch CallService.biz, a Russian-language site, which, according to Wired.com “filled a much-needed niche in the criminal world — providing English- and German-speaking ‘stand-ins’ to help crooks (circumvent) bank security screening measures (by impersonating real account holders).”

The thieves, who got victim information from phishing attacks and keystroke logging malware, provided “stolen account information and biographical information of the account holder to CallService.biz, along with instructions about what needed to be authorized. The biographical information sometimes included the account holder’s name, address, Social Security number, e-mail address and answers to security questions the financial institution might ask, such as the age of the victim’s father when the victim was born, the nickname of the victim’s oldest sibling or the city where the victim was married.”

CallService.biz would assign a person from their databank, who matched the legitimate account holder’s gender and was proficient in the required language. That person would pose as the account holder and call the financial institution to authorize the fraudulent transaction.

Authorities said more than 2,000 identity thieves used the service to commit more than 5,000 acts of fraud.

Naskovets, who was arrested in the Czech Republic in 2010, just pleaded guilty in New York State and received 33 months in prison. His partner, Semashko, arrested the same day, has been charged in Belarus.

Manhattan U.S. Attorney Preet Bharara said in a statement: “This case is another example of how cybercrime knows no geographic boundaries and of how we will work with our partners in the United States and around the world to catch and punish cyber criminals.”

Because cybercrime knows no bounds and no boundaries, your company requires protection across all boundaries and time zones. In short, your company needs ThreatMetrix™ security.

ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smartphones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

To track or “Do Not Track.” That is the question. And a damned sight harder to answer than Hamlet’s “to be or not to be” which was only about a matter of life and death.

The Obama administration and advertisers have been working on the knotty problem of protecting consumers’ privacy without stifling the burgeoning online advertising business, which according to Tanzina Vega’s The New York Times’ article is “seen as the savior of media and publishing companies.”

Interactive Advertising Bureau figures put U.S. digital advertising revenues at $7.88 billion for the third quarter of 2011, a 22 percent increase over the same period in 2010. And, nobody wants to throw the baby out with the bathwater or kill the goose that laid the golden egg or hear any more aphorisms.

In The New York Times article, Vega writes, “Until now, methods for opting out of custom advertising varied depending on the privacy settings of a user’s browser or whether a user clicked on the blue triangle icons in the corners of some digital ads.

“Under the new system, browser vendors will build an option into their browser settings that, when selected, will send a signal to companies collecting data that the user does not want to be tracked.” This applies to so-called “third-party” sites, which collect and use data to send ads tailored to specific users. Included are sites like Google-owned DoubleClick, AOL’s Advertising.com, and many smaller ad networks.

The third-party sites, says Vega, “would be restricted in the data they can collect on users if [users] select a Do Not Track option. Such companies would be limited to using data for purposes like market research and analytics but could not create detailed profiles on users or show them ads based on online behavior.”

However, many publishers and search engines, like Google, Amazon and The New York Times, are considered “first-party sites,” which means that the consumer goes to these Web pages directly. “First-party sites can still collect data on visitors and serve them ads based on what is collected.” Seems like Google’s got it both ways. Or either way. ANYWAY…

In The Times article several pro-advertiser voices such as George Pappachen, the chief privacy officer of the Kantar Group, the research and consultant unit of WPP and Mike Zaneis, the senior vice president for public policy and general counsel of the Interactive Advertising Bureau, warned about the severe impact to the industry of a large number of consumer opt outs should the wrong opt-out mechanisms be adopted.

Zaneis offers, “The reality is if you had 50-80 percent of consumers opting out it could have a really significant negative impact on the third-party ad model. There is no eraser button for the Internet. But we can address consumers’ concerns about having certain data about them collected, especially data for advertising and marketing.”

Vega writes, “Google, which is one of the biggest players in online advertising, would also be affected because it is both a first- and third-party publisher. The company earns most of its nearly $40 billion in revenue through search-related advertising, which would not be affected by Do Not Track. But its display advertising business, driven largely by its DoubleClick ad network, representing some $5 billion in revenue, is considered third party and could be affected.”

A Pew Research Center study cited in The New York Times story said “56 percent of the respondents thought the government should not become more involved with regulating how Internet companies handle privacy issues. Yet 59 percent said collection of user data for targeted advertising was an unjustified use of a person’s private information.” Sounds like the dictionary definition of being of two minds on one subject.

And speaking of two minds – Should Facebook whose “like” button is used across multiple Websites be considered a first-party or third-party site? Or maybe it should get the Google two-fer.

Finally, Alex Fowler, the global privacy leader at Mozilla, whose Firefox was the first browser with a Do Not Track option, has the final word, ““When you look at user testing, the expectation for the user for Do Not Track means, don’t behaviorally target me and also don’t collect information on me.”

While that may have been the final word, it’s certain not to be the last word on the subject. However, for the last word in online protection, there’s ThreatMetrix™. Without relying on passwords, user names and cookies to protect clients, ThreatMetrix offers protection from every type of malware for every type of device. ThreatMetrix’s complete package of online protection provides secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

The nation’s longest-running study of identity fraud, with 42,951 respondents surveyed over the past nine years, reported that upwards of 11.6 million adults, became victims of identity fraud in the United States in 2011. That’s an increase of 13 percent over the previous year.

Javelin Strategy & Research, which provides quantitative and qualitative research focused on the global financial services industry, just released a study, “The 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier,” which found that social media and mobile behaviors could be putting consumers at greater risk for identity fraud.

A Javelin press release explained that in October 2011 the company conducted an address-based survey of 5,022 U.S. consumers to identify the impact of fraud, uncover areas of progress, and determine where consumers should be especially alert.

James Van Dyke, Javelin’s president, noted, “The study found specific opportunities for improvement. Consumers must be vigilant and in control of their personal data as they adopt new mobile and social technologies in order to not make it easier for fraudsters to perpetrate crimes. Our survey found data breaches are increasingly putting consumers at risk. Consumers and organizations should always carefully and actively monitor accounts, but they should pay particular attention after an incident.”

The study showed these trends:

• Identity Fraud Incidents Increased, Amount Stolen Remained Steady—The number of identity fraud incidents increased by 13 percent over the past year, but the dollar amount stolen remained steady. Additionally, consumer out-of-pocket costs have decreased by 44 percent since 2004, likely due to the improved prevention and detection tools that have come available as well as fraud alerts leading to reduced detection time

• Social Behaviors Put Consumers at Risk—For the first time, Javelin examined. social media and mobile phone behaviors and identified certain social and mobile behaviors that had higher incidence rates of fraud than all consumers. LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud although there is no proof of direct causation. The survey found that despite warnings that social networks are a great resource for fraudsters, consumers are still sharing a significant amount of personal information frequently used to authenticate a consumer’s identity. Surprisingly those with public profiles (those visible to everyone) were more likely to expose this personal information. Specifically, 68 percent of people with public social media profiles shared their birthday information (with 45 percent sharing month, date and year); 63 percent shared their high school name; 18 percent shared their phone number; and 12 percent shared their pet’s name—¬all are prime examples of personal information a company would use to verify your identity.

• Smartphone Owners Experience Greater Incidence of Fraud—The survey found seven percent of smartphone owners were victims of identity fraud. This is a 1/3rd higher incidence rate compared to the general public. Part of this increase may be attributable to consumer behavior: 32 percent of smartphone owners do not update to a new operating system when it becomes available; 62 percent do not use a password on their home screen—enabling anyone to access their information if the phone is lost; and 32 percent save login information on their device

• Data Breaches Increasing and More Damaging — One likely contributing factor to the fraud increase was the 67 percent increase in the number of Americans impacted by data breaches compared to 2010. Javelin Strategy & Research found victims of data breaches are 9.5 times more likely to be a victim of identity fraud than consumers who did not receive such a data breach letter.

The survey found a key factor in the increase in identity fraud was the rising number of data breaches. Fully 36 million people or about 15 percent of Americans were notified of a data breach where their credit card or debit numbers or Social Security numbers were compromised, making this group 9.5 times more likely to become victims of identity fraud.

The survey also found that among social networks, LinkedIn users and those who regularly checked-in with GPS-enabled information were more than twice as likely to have reported being victims.

Javelin also passed along this advice:

1. Keep Personal Data Private—At home, at work and on your mobile devices, secure your personal and financial records in a locked storage device or behind a password. Of those consumers who knew how the crimes were committed, nine percent of all identity fraud crimes were committed by someone previously known to the victim in 2011. Avoid mailing checks to pay bills or to deposit funds in your banking account. Use online bill payment on a secure Internet access (not a public Wi-Fi hotspot) instead and direct deposit payroll checks.

2. Be Social, Be Responsible—While social networks are popular, be careful about publicly exposing personal information that is typically used for authentication (full birth date, high school name). This applies to all social networks.

3. Use Mobile Devices Responsibly—Mobile devices are a treasure trove of information for fraudsters. The “always on” functionality of mobile devices provides fraudsters with new avenues for securing information. Be sure of the applications you download, the data you share over public Wi-Fi and where you leave your devices.

4. Ask Questions— Before providing any information on mobile phones, social media sites and transactions sites, question who is asking for the information? Why do they need it? How is the information being used? If volunteering information, ask yourself if you have more to gain or more to lose by sharing personal and unnecessary details.

5. Take Control—In 2011, 43 percent of fraud was first detected by the victims. By monitoring accounts online at bank and credit card websites, and setting up alerts that can be sent via e-mail and to a mobile device, consumers can more quickly detect if they are a victim of identity fraud and stop it early.

6. Learn About Methods to Protect Your Identity—There is a wide array of services available to consumers who want extra protection and peace of mind. These include credit monitoring, fraud alerts, credit freezes and database scanning. Some services can be obtained for a fee and others at no cost. These services can detect potentially fraudulent information from credit reports, public records, and online activity that are difficult to track on your own.

7. Report Problems Immediately—Work with your bank, credit union or protection services provider to take advantage of resolution services, loss protections and methods to secure your accounts. A fast response can enhance the likelihood that losses are reduced, and law enforcement can pursue fraudsters so they experience consequences for their actions.

8. Take Any Data Breach Notification Seriously—If you receive a data breach notification, take it very seriously as you are at much higher risk according to the 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier. If you receive an offer from your financial institution or retailer for a free monitoring service after a breach, you should take advantage of the offer or closely monitor your accounts directly.

We’d like to recommend a ninth step to prevent identity fraud. And, that’s to rely on ThreatMetrix™ to protect your company’s assets.

ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

Mobile transactions and Bring-Your-Own-Device (BYOD) have all proliferated and show no signs of slowing down in 2012. At the same time Trojan attacks and Man-In-The-Browser (MitB) page injections are becoming more innovative and sophisticated.

“In the last year, we have seen a significant increase in sophisticated MitB Trojan activities targeting financial institutions, payment processors, governments and online businesses. Additionally, cybercriminals are evolving beyond their traditional financial institution targets to now include alternative payment methods and digital currencies,” observed Andreas Baumhof, chief technology officer, ThreatMetrix.

“Technologies such as Facebook credits, Amazon gift cards or payment services – where you can transfer money via email – will become the new targets. Based on the high success rates of these targeted attacks, we expect this trend to grow exponentially in 2012, posing significant risks to businesses and institutions – particularly for organizations that continue to rely on traditional solutions for cybercrime prevention,” added Baumhof.

Malware infection rates are rising fast and fresh victims are constantly being targeted. Last year, there were 25 million new, unique strains of malware released. And, according to the Aite Group, that number is projected to grow to 87 million by the end of 2015. The shift toward BYOD workplace practices is increasing the risk to corporations and their assets and adding to traditional attacks on e-commerce.

With malware becoming a growing drag on business and threat to society as a whole, ThreatMetrix has identified other trends and predictions for 2012:

• Malicious Trojans will spread in more innovative ways. Social networks, such as Facebook and Twitter, open up new ways for cybercriminals to spread malware in addition to ‘traditional’ drive-by-downloads, which compromise well-known websites by distributing Trojans automatically. Well-known Twitter accounts are increasingly being infiltrated and used for malware distribution. The Carberp Trojan was distributed in 2010 on a recognized news website in the Netherlands, which pushed infection rates into the hundred-thousands.

• More MitB page injections. More fraudsters will employ MitB techniques to add malicious content – such as JavaScript – to a legitimate website, regardless of the Trojan used. The focus will turn away from solely financial institutions towards alternative payment methods, merchants and government, but also to social networking sites and identity theft in general.

• Mobile is the new target. The growth in mobile banking and mobile commerce will make mobile devices a big target for fraudsters. According to Baumhof he has already seen mobile devices targeted to defeat SMS-based two-factor authentication for Internet banking (Mitmo Trojan). Due to the open nature of the Android operating system, malware can spread quite quickly and Trojans can fairly easily hijack existing applications (DKFBootKit). Furthermore, we see more and more very sophisticated malware such as remote-controlled banking Trojans (Android/FakeToken.A) or even rootkits.

• Bring-Your-Own-Device (BYOD) trend increases risks. The BYOD trend in today’s corporate networks is opening the door for cybercriminals. They are becoming more adept at planting malware that turns employees into unwitting attackers of their own companies or accounts. While historically businesses needed to be vigilant about links from strange emails, BYOD is contributing to today’s malware threats through shared devices, search engine poisoning, image searches, hidden URLs, syndicated advertisements, and more.

• Security and fraud are converging. Many corporate assets are protected behind a corporate firewall with rigorous access control. The advent of cloud computing and an increased use of non-corporate owned computers – such as BYOD – have moved these assets outside of the corporate environment and into the ‘cloud.’ This effectively turns the security paradigm upside-down and shifts it to a fraud problem – which many enterprises haven’t been able to successfully protect.

“The best protection against this year’s slate of malware threat is to treat fraud prevention and malware detection in a single context,” said Baumhof. “Apart from the protection itself, one of the biggest benefits is that it provides an early warning system, which produces crucial information for all targeted systems.”

For more information, download the latest ThreatMetrix™ Labs Report.

Dmitri Alperovitch, who has consulted with the U.S. intelligence community, is the cybersecurity researcher who identified the China-based cyberespionage operation, Shady Rat, which stole confidential information from 72 government and corporate organizations over a five year period.

Recently, Alperovitch decided to conduct an experiment to see if he could load “Chinese malware” on a Google Android operating system. Noting iPhones would be just as vulnerable as Androids, Alperovitch exploited a previously unknown hole in smartphone browsers to plant the China-based malware, which was able to commandeer a device, record its calls, pinpoint its location and access user texts and emails. The “unknown hole” he exploited is known as a “zero-day vulnerability.” That is, manufacturers and anti-virus companies are unaware of it.

According to GulfNews.com, the malware Alperovitch and his team used had been reverse engineered from malware that had been disguised as a Google+ downloadable app. (Some time before, Google had removed the app from its Android Market app store when it learned of the malware.) Alperovitch was able to deliver the malware through a classic “spear phishing” attack. In this case, it was a text message from what looked like a mobile phone carrier, asking the user to click on a link.

Though China (and also Russia) deny they’re doing state-sponsored cyberespionage, James Clapper, a top U.S. Intelligence official, accused those countries of the “wholesale plunder of our intellectual property.”

No matter what the device or who’s conducting the spying, you can count on ThreatMetrix™ to protect your company and your customers. ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

Can you account for your whereabouts New Year’s Eve 2011? Why? Because a person or persons unknown swiped approximately 14,000 electronic patient medical records with information that included patient addresses, Social Security numbers and medical diagnoses. As a result, Impairment Resources, the national medical records firm that suffered the breach, has filed for bankruptcy.

The company was required by law to report the breach to the State Attorney General and the Department of Labor’s Office of Inspector General, which are both continuing the investigation.

Impairment Resources filed for Chapter 7 bankruptcy protection, the type of bankruptcy most often chosen by companies that decide to shut their doors and sell off their assets to pay off their debts.

The Wall Street Journal reports that the company’s assets were worth about $226,000. Even after money came in from liquidating sales, there would probably not be enough to pay off a $583,000 loan from the Insurance Recovery Group.

Beyond paying off its outstanding loan, Impairment Resources is faced with the possibility that customers and individuals would sue over the breach because their privacy had been violated.

Impairment Resources, which had offices in California, Massachusetts and Hawaii, reviewed medical records for workers’ compensation and auto casualty claims for approximately 600 insurance companies and other customers.

This single breach was like a pebble thrown into a pond. Its affects keep spreading, reaching out to disrupt the lives and livelihoods of thousands.

In addition to the bankruptcy, who knows what could happen to the people whose records were stolen? The possibilities include everything from identity theft to blackmail.

If protecting your company and its customers are your top priority, go with the company offering the top protection. And, that’s ThreatMetrix™.

Without relying on passwords, user names and cookies to protect clients, ThreatMetrix offers protection from every type of malware for every type of device. ThreatMetrix’s complete package of online protection provides secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

Yes, Verizon we can hear you now. And, those of you responsible for security at your respective companies perhaps might want to listen too, because this is an exhaustive study: 2012 Data Breach Investigations Report (DBIR).  That’s exhaustive, not exhausting — though it runs 78 pages and you might want a break now and then.

The study was done by the Verizon RISK Team in cooperation with the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and United States Secret Service.

In addition to what it called “mainline cybercriminals,” this broadly based study touched on the effects of the Arab Spring, Occupy protests and hacktivism. “Doubly concerning for many organizations and executives was that target selection by these (hacktivist groups) didn’t follow the logical lines of who has money and/or valuable information. Enemies are even scarier when you can’t predict their behavior.”

Another area of great concern was the “continued attacks targeting trade secrets, classified information, and other intellectual property.”

The study pointed out that 2011’s 855 incidents and 174 million compromised records made it “the second-highest data loss total since (DBIR started) keeping track in 2004.”

Ninety-eight percent of the breaches were the result of external attacks either by organized crime, hacktivist groups or others. And breaches were most often the result of hacking and malware:

• 81 percent utilized some form of hacking up 31 percent
• 69 percent incorporated malware up 20 percent
• 10 percent involved physical attacks down19 percent
• 7 percent employed social tactics down 4 percent
• 5 percent  resulted from privilege misuse down12 percent

Not surprising perhaps, the study found that 79 percent of the victims were targets of opportunity. “Most victims fell prey because they were found to possess an (often easily) exploitable weakness rather than because they were pre-identified for attack.”

One thing to note is 85 percent of breaches took weeks or more to discover and 92 percent of incidents were discovered by a third party.

With the leading cause of breaches resulting from hacking (81 percent) and the second leading cause the result of malware (69 percent), it makes sense to look for solutions from the company which offers the greatest protection against those threats. That company is ThreatMetrix™.

ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

….With plenty left over to infect every inhabitant of Luxembourg, Andorra, Liechtenstein, San Marino, Monaco and Vatican City. No. It’s not tulip fever. It’s malware.

According to a McAfee Labs report, last year, more than 75 million unique malware samples hit the Internet, which is more than the entire population of The Netherlands and then some.

Security expert Vincent Weafer said, “Increasingly, we’ve seen that no organization, platform or device is immune to the increasingly sophisticated and targeted threats. On a global basis, we are conducting more of our personal and business transactions through mobile devices, and this is creating new security risks and challenges in how we safeguard our commercial and personal data.” And Android has been the biggest target for mobile malware writers.

On the Web, Business-Standard.com reports that in the last quarter of 2011, the total number of active malicious URLs was more than 700,000. “The vast majority of new malicious sites are located in the United States, followed by The Netherlands, Canada, South Korea and Germany. Overall, North America housed the largest amount of servers hosting malicious content, at more than 73 percent, followed by Europe-Middle East at more than 17 percent and Asia Pacific at 7 percent.”

In another study, PrivacyRights.org observed that the number of reports of data breaches via hacking, malware, fraud and insiders more than doubled since 2009 with more than 40 breaches reported in just the fourth quarter of 2011. The leading network threat was from vulnerabilities in Microsoft Windows remote procedure calls. This was followed closely by SQL injection and cross-site scripting attack; remote attacks that could be launched at selected targets anywhere around the globe.

So what’s the good news? The Netherlands, Luxembourg, Andorra, Liechtenstein, San Marino, Monaco and Vatican City are small countries; there could’ve been so many unique malware samples hitting the Internet that we would’ve had to use the populations of China and India as metaphors. While comparatively speaking that’s good news.

Uh, no. That’s not the good news.

The good news is ThreatMetrix™ “has your back.” ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

ThreatMetrix™, the fastest-growing provider of integrated cybercrime prevention solutions in the world with 300% year-over-year growth, closed a Series D financing round. Leading the investment round of $18 million in capital is August Capital with existing investors Tenaya Capital, US Venture Partners and CM Capital full participants.

“The previously separate worlds of fraud [prevention] and security are converging and ThreatMetrix is ideally situated to help companies and government entities reduce fraud losses while preventing data breaches from stolen identities,” said Vivek Mehra, general partner, August Capital. “Our confidence in ThreatMetrix is demonstrated by their impressive track record of rapid customer adoption, new market expansion and global growth. With today’s financing announcement, we hope to further accelerate that growth.”

As part of the financing round, Mehra joins the ThreatMetrix board of directors. The partners of August Capital have invested in leading companies such as Atheros, Microsoft, Postini, Sun, Symantec, Seagate, Skype and Splunk.

“We’re extremely pleased to have August Capital, one of the preeminent Silicon Valley venture capital firms, lead this round,” said Reed Taussig, president and CEO, ThreatMetrix. “ThreatMetrix is expanding on all fronts including new products, applications, markets and geographies. Our customers are deploying ThreatMetrix solutions across the enterprise on a global basis. Our recent TrustDefender acquisition has provided ThreatMetrix with the only integrated solution combining intelligent device identification with malware man-in-the-browser (MitB) detection and remediation available in the market today. This combination of products has positioned ThreatMetrix as the leader for device centric fraud prevention and as a competitive vendor for the evolving market of remote employee authentication popularly referred to as ‘bring your own device’ (BYOD).”

Taussig explains that the company will use the additional funding to continue its global expansion into e-commerce, financial services and the enterprise remote employee access markets.

What’s ThreatMetrix’s success based on? Here are some highlights:

• Achieved Record Growth: ThreatMetrix recorded 300 percent growth year-over-year in 2011. The company protects more than 5,000 Web sites from some of the largest global brands profiling nearly 1 billion devices on a monthly basis.

• Completed Strategic Acquisition: In December 2011, ThreatMetrix completed the acquisition of TrustDefender™, a recognized leader of malware detection and prevention technologies. With the acquisition, ThreatMetrix is the first company to combine advanced device identification and malware detection in a single platform backed by a global network of shared intelligence.

• Acquired New Customers: ThreatMetrix grew its customer base in excess of 700 customers worldwide, both direct and through its reseller channel. Financial services customers – many of whom use ThreatMetrix solutions to meet FFIEC guidance for a layered security program that combines complex device identification and anti-malware controls – represent over 40 percent of ThreatMetrix’s installed base with e-commerce, social networks, government, and healthcare completing the mix.

• Released New Products: In January 2012, ThreatMetrix launched the ThreatMetrix™ Cybercrime Defender Platform – incorporating TrustDefender™ ID, TrustDefender™ Cloud, TrustDefender™ Client and TrustDefender™ Mobile – that enables the company to address fraud prevention and malware protection as a single problem, delivering real benefits to customers at a lower cost.

• Expanded International Presence: ThreatMetrix opened new sales and engineering offices in Australia and EMEA headquarters in the Netherlands. Nearly 40 percent of ThreatMetrix’s business is international with Europe leading the way. Additionally, ThreatMetrix operates a European data center to provide faster and more accurate fraud screening. It has also secured European Safe Harbor Certification that highlights ThreatMetrix’s ongoing commitment to protect the privacy of individuals in Europe, the U.S. and wherever the company conducts business around the globe.

• Expanded Use Cases: ThreatMetrix expanded its customer use case scenarios beyond account origination, account logins, and payments and transactions into the remote employee access market for major corporations. In an evolving BYOD world, enterprises can’t ignore the evolving threats of allowing unknown devices connecting into their corporate networks.

• Hired Strategic Leaders: ThreatMetrix made several strategic hires including Andreas Baumhof, CTO (formerly CEO of TrustDefender); Bert Rankin, vice president of marketing; Bruce Scott, vice president of worldwide engineering and Frank Teruel, CFO.

• Expanded Partner Ecosystem: ThreatMetrix expanded its partner ecosystem with TransUnion, a global leader in information and risk management, to help customers validate name, phone number and address information. ThreatMetrix also partnered with ActivIdentity™ Corporation to enable the ActivIdentity 4TRESS™ Authentication Appliance customers to connect with the ThreatMetrix Cybercrime Defender Platform to support secure authentication without the use of physical credentials such as smart cards or tokens.

• Secured Analyst Recognition: ThreatMetrix was positioned by Gartner in the “Visionaries” quadrant of the “Magic Quadrant for Web Fraud Detection;” a “strong performer” in “The Forrester Wave™: Risk-Based Authentication, Q1 2012” and was highlighted in Aite Group’s recent “Complex Device-Printing: A Front-Line Essential.”

• Secured Industry Recognition: ThreatMetrix was named to Gartner’s list of “Cool Vendors” in the Gartner “Cool Vendors in Context-Aware Computing, 20113” and received a Red Herring 100 Global and a Top 100 North America company award.

• Launched ThreatMetrix Labs: In February 2012, ThreatMetrix launched ThreatMetrix™ Labs, which generates in-depth reports on the latest capabilities of malware that target financial institutions, merchants and online businesses.

• Hosted Inaugural User Conference: ThreatMetrix held its inaugural 2011 ThreatMetrix™ Fraud Fighters Summit, October 9 – 10 in Monterey, California with more than 175 registrants.

• Enhanced Corporate Infrastructure: In late 2011, ThreatMetrix moved its worldwide headquarters to San Jose, California to accommodate the company’s growing workforce. Employee headcount grew 20 percent in 2011.