Posts Tagged ‘fraud’

There’s an old song that goes “New York, New York. It’s a wonderful town. The fraud is up…” Wait, those aren’t the exact words. They may not be the exact words, but, they are the right ones according to a ThreatMetrix™ study of nearly a billion e-commerce transactions.

New York leads in online fraud origination followed by Atlanta, Chicago, Los Angeles, and Omaha.

ThreatMetrix reviewed the online activity for the first quarter of 2012, evaluating close to a billion transactions from select e-commerce merchants. Each transaction was scored as low, medium or high fraud risk. High risk transactions were typically rejected automatically by merchants while medium risk ones tended to result in a manual review. The top 150 U.S. cities were then ranked based on their percent of high and medium risk transactions.

“New York was ranked No. 1 in e-commerce fraud risk with transactions 1.5 times as likely to be at risk in comparison to second ranked Atlanta, and twice as likely in comparison to No. 3 Chicago,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “As fraudsters grow more sophisticated and expand globally, it’s only natural that large cities with international profiles, easy access to shipping and high connectivity rates will become breeding grounds for new generations of cyber threats, including both fraud and malware.”

In 2011, 25 million new, unique strains of malware were released – a number that is projected to explode to 87 million by the end of 2015, according to the Aite Group. That means cities like New York and Chicago and Los Angeles are a gold mine for cybercriminals that steal identities, passwords and credit cards. “We would expect to see a highly connected city like San Francisco rank higher, but perhaps the relatively high penetration of Apple devices which are largely seen to be less vulnerable to malware explains its relatively low ranking”.

With the recent acquisition of TrustDefender™, ThreatMetrix  offers the only integrated solution combining intelligent device identification with malware detection and remediation. Protecting more than 5,000 websites for some of the world’s largest brands, ThreatMetrix profiles nearly 1 billion devices every month.

Faulkner adds, “ThreatMetrix is committed to identifying and addressing the full range of cyber threats that are being deployed against e-commerce merchants and financial institutions – no matter where they originate. Like our clients, we are relentless in our efforts to stay ahead of the curve and to anticipate the next wave of attacks before they occur.”

Since a high number of cyber attacks originate outside the U.S., ThreatMetrix will release a similar list of the top international cities for fraud origination in future reports.

For more information, please visit the ThreatMetrix Resource Center at http://threatmetrix.com/resource-center/.

From highest in online fraud origination to lowest, the rankings are:

1. New York

2. Atlanta

3. Chicago

4. Los Angeles

5. Omaha

6. Dallas

7. San Francisco

8. Houston

9. Washington D.C.

10. Lexington, KY

Health insurance, workers compensation, a vision plan, dental insurance, life insurance, a pension plan, FICA. And, did we mention vacations and holidays? Good employees don’t come cheap. So, if you only need them occasionally, doesn’t it make sense to just hire temps?

Entrepreneurs Dmitry Naskovets and Sergey Semashko thought so. And, what did they get for their troubles? Sent up the river. That’s what.

To initiate wire transfers, unblock accounts or change account contact information, financial institutions usually require an account holder to authorize the transaction by phone.

So back in June 2007, Dmitry and Sergey got the bright idea to launch CallService.biz, a Russian-language site, which, according to Wired.com “filled a much-needed niche in the criminal world — providing English- and German-speaking ‘stand-ins’ to help crooks (circumvent) bank security screening measures (by impersonating real account holders).”

The thieves, who got victim information from phishing attacks and keystroke logging malware, provided “stolen account information and biographical information of the account holder to CallService.biz, along with instructions about what needed to be authorized. The biographical information sometimes included the account holder’s name, address, Social Security number, e-mail address and answers to security questions the financial institution might ask, such as the age of the victim’s father when the victim was born, the nickname of the victim’s oldest sibling or the city where the victim was married.”

CallService.biz would assign a person from their databank, who matched the legitimate account holder’s gender and was proficient in the required language. That person would pose as the account holder and call the financial institution to authorize the fraudulent transaction.

Authorities said more than 2,000 identity thieves used the service to commit more than 5,000 acts of fraud.

Naskovets, who was arrested in the Czech Republic in 2010, just pleaded guilty in New York State and received 33 months in prison. His partner, Semashko, arrested the same day, has been charged in Belarus.

Manhattan U.S. Attorney Preet Bharara said in a statement: “This case is another example of how cybercrime knows no geographic boundaries and of how we will work with our partners in the United States and around the world to catch and punish cyber criminals.”

Because cybercrime knows no bounds and no boundaries, your company requires protection across all boundaries and time zones. In short, your company needs ThreatMetrix™ security.

ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smartphones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

To track or “Do Not Track.” That is the question. And a damned sight harder to answer than Hamlet’s “to be or not to be” which was only about a matter of life and death.

The Obama administration and advertisers have been working on the knotty problem of protecting consumers’ privacy without stifling the burgeoning online advertising business, which according to Tanzina Vega’s The New York Times’ article is “seen as the savior of media and publishing companies.”

Interactive Advertising Bureau figures put U.S. digital advertising revenues at $7.88 billion for the third quarter of 2011, a 22 percent increase over the same period in 2010. And, nobody wants to throw the baby out with the bathwater or kill the goose that laid the golden egg or hear any more aphorisms.

In The New York Times article, Vega writes, “Until now, methods for opting out of custom advertising varied depending on the privacy settings of a user’s browser or whether a user clicked on the blue triangle icons in the corners of some digital ads.

“Under the new system, browser vendors will build an option into their browser settings that, when selected, will send a signal to companies collecting data that the user does not want to be tracked.” This applies to so-called “third-party” sites, which collect and use data to send ads tailored to specific users. Included are sites like Google-owned DoubleClick, AOL’s Advertising.com, and many smaller ad networks.

The third-party sites, says Vega, “would be restricted in the data they can collect on users if [users] select a Do Not Track option. Such companies would be limited to using data for purposes like market research and analytics but could not create detailed profiles on users or show them ads based on online behavior.”

However, many publishers and search engines, like Google, Amazon and The New York Times, are considered “first-party sites,” which means that the consumer goes to these Web pages directly. “First-party sites can still collect data on visitors and serve them ads based on what is collected.” Seems like Google’s got it both ways. Or either way. ANYWAY…

In The Times article several pro-advertiser voices such as George Pappachen, the chief privacy officer of the Kantar Group, the research and consultant unit of WPP and Mike Zaneis, the senior vice president for public policy and general counsel of the Interactive Advertising Bureau, warned about the severe impact to the industry of a large number of consumer opt outs should the wrong opt-out mechanisms be adopted.

Zaneis offers, “The reality is if you had 50-80 percent of consumers opting out it could have a really significant negative impact on the third-party ad model. There is no eraser button for the Internet. But we can address consumers’ concerns about having certain data about them collected, especially data for advertising and marketing.”

Vega writes, “Google, which is one of the biggest players in online advertising, would also be affected because it is both a first- and third-party publisher. The company earns most of its nearly $40 billion in revenue through search-related advertising, which would not be affected by Do Not Track. But its display advertising business, driven largely by its DoubleClick ad network, representing some $5 billion in revenue, is considered third party and could be affected.”

A Pew Research Center study cited in The New York Times story said “56 percent of the respondents thought the government should not become more involved with regulating how Internet companies handle privacy issues. Yet 59 percent said collection of user data for targeted advertising was an unjustified use of a person’s private information.” Sounds like the dictionary definition of being of two minds on one subject.

And speaking of two minds – Should Facebook whose “like” button is used across multiple Websites be considered a first-party or third-party site? Or maybe it should get the Google two-fer.

Finally, Alex Fowler, the global privacy leader at Mozilla, whose Firefox was the first browser with a Do Not Track option, has the final word, ““When you look at user testing, the expectation for the user for Do Not Track means, don’t behaviorally target me and also don’t collect information on me.”

While that may have been the final word, it’s certain not to be the last word on the subject. However, for the last word in online protection, there’s ThreatMetrix™. Without relying on passwords, user names and cookies to protect clients, ThreatMetrix offers protection from every type of malware for every type of device. ThreatMetrix’s complete package of online protection provides secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

The nation’s longest-running study of identity fraud, with 42,951 respondents surveyed over the past nine years, reported that upwards of 11.6 million adults, became victims of identity fraud in the United States in 2011. That’s an increase of 13 percent over the previous year.

Javelin Strategy & Research, which provides quantitative and qualitative research focused on the global financial services industry, just released a study, “The 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier,” which found that social media and mobile behaviors could be putting consumers at greater risk for identity fraud.

A Javelin press release explained that in October 2011 the company conducted an address-based survey of 5,022 U.S. consumers to identify the impact of fraud, uncover areas of progress, and determine where consumers should be especially alert.

James Van Dyke, Javelin’s president, noted, “The study found specific opportunities for improvement. Consumers must be vigilant and in control of their personal data as they adopt new mobile and social technologies in order to not make it easier for fraudsters to perpetrate crimes. Our survey found data breaches are increasingly putting consumers at risk. Consumers and organizations should always carefully and actively monitor accounts, but they should pay particular attention after an incident.”

The study showed these trends:

• Identity Fraud Incidents Increased, Amount Stolen Remained Steady—The number of identity fraud incidents increased by 13 percent over the past year, but the dollar amount stolen remained steady. Additionally, consumer out-of-pocket costs have decreased by 44 percent since 2004, likely due to the improved prevention and detection tools that have come available as well as fraud alerts leading to reduced detection time

• Social Behaviors Put Consumers at Risk—For the first time, Javelin examined. social media and mobile phone behaviors and identified certain social and mobile behaviors that had higher incidence rates of fraud than all consumers. LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud although there is no proof of direct causation. The survey found that despite warnings that social networks are a great resource for fraudsters, consumers are still sharing a significant amount of personal information frequently used to authenticate a consumer’s identity. Surprisingly those with public profiles (those visible to everyone) were more likely to expose this personal information. Specifically, 68 percent of people with public social media profiles shared their birthday information (with 45 percent sharing month, date and year); 63 percent shared their high school name; 18 percent shared their phone number; and 12 percent shared their pet’s name—¬all are prime examples of personal information a company would use to verify your identity.

• Smartphone Owners Experience Greater Incidence of Fraud—The survey found seven percent of smartphone owners were victims of identity fraud. This is a 1/3rd higher incidence rate compared to the general public. Part of this increase may be attributable to consumer behavior: 32 percent of smartphone owners do not update to a new operating system when it becomes available; 62 percent do not use a password on their home screen—enabling anyone to access their information if the phone is lost; and 32 percent save login information on their device

• Data Breaches Increasing and More Damaging — One likely contributing factor to the fraud increase was the 67 percent increase in the number of Americans impacted by data breaches compared to 2010. Javelin Strategy & Research found victims of data breaches are 9.5 times more likely to be a victim of identity fraud than consumers who did not receive such a data breach letter.

The survey found a key factor in the increase in identity fraud was the rising number of data breaches. Fully 36 million people or about 15 percent of Americans were notified of a data breach where their credit card or debit numbers or Social Security numbers were compromised, making this group 9.5 times more likely to become victims of identity fraud.

The survey also found that among social networks, LinkedIn users and those who regularly checked-in with GPS-enabled information were more than twice as likely to have reported being victims.

Javelin also passed along this advice:

1. Keep Personal Data Private—At home, at work and on your mobile devices, secure your personal and financial records in a locked storage device or behind a password. Of those consumers who knew how the crimes were committed, nine percent of all identity fraud crimes were committed by someone previously known to the victim in 2011. Avoid mailing checks to pay bills or to deposit funds in your banking account. Use online bill payment on a secure Internet access (not a public Wi-Fi hotspot) instead and direct deposit payroll checks.

2. Be Social, Be Responsible—While social networks are popular, be careful about publicly exposing personal information that is typically used for authentication (full birth date, high school name). This applies to all social networks.

3. Use Mobile Devices Responsibly—Mobile devices are a treasure trove of information for fraudsters. The “always on” functionality of mobile devices provides fraudsters with new avenues for securing information. Be sure of the applications you download, the data you share over public Wi-Fi and where you leave your devices.

4. Ask Questions— Before providing any information on mobile phones, social media sites and transactions sites, question who is asking for the information? Why do they need it? How is the information being used? If volunteering information, ask yourself if you have more to gain or more to lose by sharing personal and unnecessary details.

5. Take Control—In 2011, 43 percent of fraud was first detected by the victims. By monitoring accounts online at bank and credit card websites, and setting up alerts that can be sent via e-mail and to a mobile device, consumers can more quickly detect if they are a victim of identity fraud and stop it early.

6. Learn About Methods to Protect Your Identity—There is a wide array of services available to consumers who want extra protection and peace of mind. These include credit monitoring, fraud alerts, credit freezes and database scanning. Some services can be obtained for a fee and others at no cost. These services can detect potentially fraudulent information from credit reports, public records, and online activity that are difficult to track on your own.

7. Report Problems Immediately—Work with your bank, credit union or protection services provider to take advantage of resolution services, loss protections and methods to secure your accounts. A fast response can enhance the likelihood that losses are reduced, and law enforcement can pursue fraudsters so they experience consequences for their actions.

8. Take Any Data Breach Notification Seriously—If you receive a data breach notification, take it very seriously as you are at much higher risk according to the 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier. If you receive an offer from your financial institution or retailer for a free monitoring service after a breach, you should take advantage of the offer or closely monitor your accounts directly.

We’d like to recommend a ninth step to prevent identity fraud. And, that’s to rely on ThreatMetrix™ to protect your company’s assets.

ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

Mobile transactions and Bring-Your-Own-Device (BYOD) have all proliferated and show no signs of slowing down in 2012. At the same time Trojan attacks and Man-In-The-Browser (MitB) page injections are becoming more innovative and sophisticated.

“In the last year, we have seen a significant increase in sophisticated MitB Trojan activities targeting financial institutions, payment processors, governments and online businesses. Additionally, cybercriminals are evolving beyond their traditional financial institution targets to now include alternative payment methods and digital currencies,” observed Andreas Baumhof, chief technology officer, ThreatMetrix.

“Technologies such as Facebook credits, Amazon gift cards or payment services – where you can transfer money via email – will become the new targets. Based on the high success rates of these targeted attacks, we expect this trend to grow exponentially in 2012, posing significant risks to businesses and institutions – particularly for organizations that continue to rely on traditional solutions for cybercrime prevention,” added Baumhof.

Malware infection rates are rising fast and fresh victims are constantly being targeted. Last year, there were 25 million new, unique strains of malware released. And, according to the Aite Group, that number is projected to grow to 87 million by the end of 2015. The shift toward BYOD workplace practices is increasing the risk to corporations and their assets and adding to traditional attacks on e-commerce.

With malware becoming a growing drag on business and threat to society as a whole, ThreatMetrix has identified other trends and predictions for 2012:

• Malicious Trojans will spread in more innovative ways. Social networks, such as Facebook and Twitter, open up new ways for cybercriminals to spread malware in addition to ‘traditional’ drive-by-downloads, which compromise well-known websites by distributing Trojans automatically. Well-known Twitter accounts are increasingly being infiltrated and used for malware distribution. The Carberp Trojan was distributed in 2010 on a recognized news website in the Netherlands, which pushed infection rates into the hundred-thousands.

• More MitB page injections. More fraudsters will employ MitB techniques to add malicious content – such as JavaScript – to a legitimate website, regardless of the Trojan used. The focus will turn away from solely financial institutions towards alternative payment methods, merchants and government, but also to social networking sites and identity theft in general.

• Mobile is the new target. The growth in mobile banking and mobile commerce will make mobile devices a big target for fraudsters. According to Baumhof he has already seen mobile devices targeted to defeat SMS-based two-factor authentication for Internet banking (Mitmo Trojan). Due to the open nature of the Android operating system, malware can spread quite quickly and Trojans can fairly easily hijack existing applications (DKFBootKit). Furthermore, we see more and more very sophisticated malware such as remote-controlled banking Trojans (Android/FakeToken.A) or even rootkits.

• Bring-Your-Own-Device (BYOD) trend increases risks. The BYOD trend in today’s corporate networks is opening the door for cybercriminals. They are becoming more adept at planting malware that turns employees into unwitting attackers of their own companies or accounts. While historically businesses needed to be vigilant about links from strange emails, BYOD is contributing to today’s malware threats through shared devices, search engine poisoning, image searches, hidden URLs, syndicated advertisements, and more.

• Security and fraud are converging. Many corporate assets are protected behind a corporate firewall with rigorous access control. The advent of cloud computing and an increased use of non-corporate owned computers – such as BYOD – have moved these assets outside of the corporate environment and into the ‘cloud.’ This effectively turns the security paradigm upside-down and shifts it to a fraud problem – which many enterprises haven’t been able to successfully protect.

“The best protection against this year’s slate of malware threat is to treat fraud prevention and malware detection in a single context,” said Baumhof. “Apart from the protection itself, one of the biggest benefits is that it provides an early warning system, which produces crucial information for all targeted systems.”

For more information, download the latest ThreatMetrix™ Labs Report.

“In separate non-public alerts sent late last week, Visa and MasterCard began warning banks about specific cards that may have been compromised. The card associations stated that the breached credit card processor was compromised between Jan. 21, 2012 and Feb. 25, 2012. The alerts also said that full Track 1 and Track 2 data was taken – meaning that the information could be used to counterfeit new cards.” That’s what Brian Krebs, Krebs on Security, reports.

If the breaches took place between Jan. 21, 2012 and Feb. 25, 2012, it would be interesting to know when Visa and MasterCard found out about them. Sound too much like editorializing? Yes, you’re probably right. Anyway, if Visa and MasterCard knew for a while before going public, they probably had very good reasons – like not upsetting their cardholders or stockholders or the stock market.

Now Visa and MasterCard have gotten around to alerting the public to what’s being characterized as a massive breach involving some ten million compromised card holders.

Avivah Litan, vice president and distinguished analyst, at Gartner Group, says, “From what I hear, the breach involves a taxi and parking garage company in the New York City area” and she advises, “so if you’ve paid a NYC cab in the last few months with your credit or debit card – be sure to check your card statements for possible fraud.” Talk about being taken for a ride.

Krebs’ sources say that the bulk of the fraudulent activity appears to be centering around commercial credit and debit cards that are issued to businesses. He also says he’s heard that law enforcement officers believe the breach may be connected to Dominican street gangs in and around New York City.

A Visa statement said it was not at Visa, but at a third-party company where the actual breach occurred. “Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands. There has been no breach of Visa systems, including its core processing network VisaNet.”

The Wall Street Journal reported that the third party Visa alluded to was Global Payments Inc., which processes credit and debit cards for banks and merchants.

Avivah Litan lays blame for the breach on knowledge-based authentication (KBA). While she cannot categorically state it as a certainty until all the evidence is in, she heard that, “the crime was perpetrated by a Central American gang that broke into the company’s system by answering the application’s knowledge based authentication questions correctly. Looks like the hackers took over an administrative account that was not protected sufficiently.” She added, “Isn’t that usually the case? So if that’s indeed what happened, we can expect the PCI [(Payment Card Industry)] assessors to say NO to KBA on administrative accounts. They need to say NO to many different types of authentication which are being successfully bypassed by determined crooks.”

Litan’s advice, after thirty years in IT, is, “A layered approach is always best, since you have to assume the bad guys will get through one or two or even three layers.” Which is another way of saying, when all else fails, you can count on ThreatMetrix™.

Without relying on passwords, user names and cookies to protect clients, ThreatMetrix offers protection from every type of malware for every type of device. ThreatMetrix’s complete package of online protection provides secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

Can you account for your whereabouts New Year’s Eve 2011? Why? Because a person or persons unknown swiped approximately 14,000 electronic patient medical records with information that included patient addresses, Social Security numbers and medical diagnoses. As a result, Impairment Resources, the national medical records firm that suffered the breach, has filed for bankruptcy.

The company was required by law to report the breach to the State Attorney General and the Department of Labor’s Office of Inspector General, which are both continuing the investigation.

Impairment Resources filed for Chapter 7 bankruptcy protection, the type of bankruptcy most often chosen by companies that decide to shut their doors and sell off their assets to pay off their debts.

The Wall Street Journal reports that the company’s assets were worth about $226,000. Even after money came in from liquidating sales, there would probably not be enough to pay off a $583,000 loan from the Insurance Recovery Group.

Beyond paying off its outstanding loan, Impairment Resources is faced with the possibility that customers and individuals would sue over the breach because their privacy had been violated.

Impairment Resources, which had offices in California, Massachusetts and Hawaii, reviewed medical records for workers’ compensation and auto casualty claims for approximately 600 insurance companies and other customers.

This single breach was like a pebble thrown into a pond. Its affects keep spreading, reaching out to disrupt the lives and livelihoods of thousands.

In addition to the bankruptcy, who knows what could happen to the people whose records were stolen? The possibilities include everything from identity theft to blackmail.

If protecting your company and its customers are your top priority, go with the company offering the top protection. And, that’s ThreatMetrix™.

Without relying on passwords, user names and cookies to protect clients, ThreatMetrix offers protection from every type of malware for every type of device. ThreatMetrix’s complete package of online protection provides secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

Yes, Verizon we can hear you now. And, those of you responsible for security at your respective companies perhaps might want to listen too, because this is an exhaustive study: 2012 Data Breach Investigations Report (DBIR).  That’s exhaustive, not exhausting — though it runs 78 pages and you might want a break now and then.

The study was done by the Verizon RISK Team in cooperation with the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and United States Secret Service.

In addition to what it called “mainline cybercriminals,” this broadly based study touched on the effects of the Arab Spring, Occupy protests and hacktivism. “Doubly concerning for many organizations and executives was that target selection by these (hacktivist groups) didn’t follow the logical lines of who has money and/or valuable information. Enemies are even scarier when you can’t predict their behavior.”

Another area of great concern was the “continued attacks targeting trade secrets, classified information, and other intellectual property.”

The study pointed out that 2011’s 855 incidents and 174 million compromised records made it “the second-highest data loss total since (DBIR started) keeping track in 2004.”

Ninety-eight percent of the breaches were the result of external attacks either by organized crime, hacktivist groups or others. And breaches were most often the result of hacking and malware:

• 81 percent utilized some form of hacking up 31 percent
• 69 percent incorporated malware up 20 percent
• 10 percent involved physical attacks down19 percent
• 7 percent employed social tactics down 4 percent
• 5 percent  resulted from privilege misuse down12 percent

Not surprising perhaps, the study found that 79 percent of the victims were targets of opportunity. “Most victims fell prey because they were found to possess an (often easily) exploitable weakness rather than because they were pre-identified for attack.”

One thing to note is 85 percent of breaches took weeks or more to discover and 92 percent of incidents were discovered by a third party.

With the leading cause of breaches resulting from hacking (81 percent) and the second leading cause the result of malware (69 percent), it makes sense to look for solutions from the company which offers the greatest protection against those threats. That company is ThreatMetrix™.

ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

….With plenty left over to infect every inhabitant of Luxembourg, Andorra, Liechtenstein, San Marino, Monaco and Vatican City. No. It’s not tulip fever. It’s malware.

According to a McAfee Labs report, last year, more than 75 million unique malware samples hit the Internet, which is more than the entire population of The Netherlands and then some.

Security expert Vincent Weafer said, “Increasingly, we’ve seen that no organization, platform or device is immune to the increasingly sophisticated and targeted threats. On a global basis, we are conducting more of our personal and business transactions through mobile devices, and this is creating new security risks and challenges in how we safeguard our commercial and personal data.” And Android has been the biggest target for mobile malware writers.

On the Web, Business-Standard.com reports that in the last quarter of 2011, the total number of active malicious URLs was more than 700,000. “The vast majority of new malicious sites are located in the United States, followed by The Netherlands, Canada, South Korea and Germany. Overall, North America housed the largest amount of servers hosting malicious content, at more than 73 percent, followed by Europe-Middle East at more than 17 percent and Asia Pacific at 7 percent.”

In another study, PrivacyRights.org observed that the number of reports of data breaches via hacking, malware, fraud and insiders more than doubled since 2009 with more than 40 breaches reported in just the fourth quarter of 2011. The leading network threat was from vulnerabilities in Microsoft Windows remote procedure calls. This was followed closely by SQL injection and cross-site scripting attack; remote attacks that could be launched at selected targets anywhere around the globe.

So what’s the good news? The Netherlands, Luxembourg, Andorra, Liechtenstein, San Marino, Monaco and Vatican City are small countries; there could’ve been so many unique malware samples hitting the Internet that we would’ve had to use the populations of China and India as metaphors. While comparatively speaking that’s good news.

Uh, no. That’s not the good news.

The good news is ThreatMetrix™ “has your back.” ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

The old saying goes that “you can’t teach an old dog new tricks.” But, nothing says “you can’t teach a new dog old tricks.” Which is what cybercriminals are doing by borrowing a trick or two from desktop days and applying them to smartphones. At least that’s the import of an article by Michael Lee’s on ZDNet.com.

Now, in previous blogs, we’ve talked about how cybercriminals use Twitter to steer smart phone users to places online where cybercrooks have malware stashed. Though it can be used for other nasty things, this malware is often used to force a phone to send SMS texts to premium-rate numbers with the cybercriminal getting a chunk of the action for the higher fees.

“During a single eight-hour operation, [security expert Joji Hamada] witnessed over 130,000 malicious tweets from about 100 Twitter accounts. Another operation saw over 1500 tweets from over 50 accounts in one hour. He said that this could just be the tip of the iceberg as several operations are typically conducted at the same time.”

Here’s an interesting sidelight. Cybercriminals use malware against smartphones the same way they used to use it against desktops. In the days of the desktop (apologies to everybody still using desktops), whenever the user’s antivirus found a cure for a particular strain of malware, the cybercriminal would develop a new strain or new virus. This one-upmanship arms race is now taking place on smartphones with cybercriminals getting an added advantage by trading on one of the smartphone’s major attractions. And, that is the ability to have access to the Internet anytime, anywhere 24/7/365. This offers cybercriminals, as Hamada puts it, to “mix their game around, thereby making it difficult to recognize all bad tweets.”

Research and security professional, Dinesh Venkatesan, found another anti-detection technique that cybercriminals use that’s borrowed from desktop days. It’s called reflection and allows the executing program to examine classes and, among other abilities, find particular functions to execute at runtime without necessarily knowing what the code is at compile time.

As a matter of course, when malware calls a sendTextMessage() function in Android for example, anti-malware applications are warned there’s a suspicious activity going on.

Based on reflection Venkatesan said, “Instead of directly calling the sendTextMessage() function, the malware stores the name of the function as a presumably harmless string and, after searching the API[*] for the function by this name, stores its location as a reference. When the malware then wants to execute the sendTextMessage() function, it will call on this reference rather than its direct name. For static code analysis tools, this is typically enough for the malware to escape detection.”

* If you’re not into programming, an API or application programming interface is used as an interface by software components to communicate with each other.

Additionally, Venkatesan “found that these particular samples were taking steps to encrypt the data they used. In particular, criminals had taken steps to ensure that the data was only decrypted at runtime. From here, the data was stored in memory as an XML file and used to determine which number to send SMS messages to and their content.” So it seems new dogs not only learn old tricks, they can also come up with new ones.

Desktops to smartphones and all devices in between – ThreatMetrix™ has solutions for fighting cybercriminals wherever they choose to wage crime.

ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.