Tired of Hearing about Heartbleed? Do Something About It. ThreatMetrix Strategies for “Staunching” Heartbleed and Any Similar Threats in the Future.

Posted on April 16th, 2014 by Dan Rampe

Heartbleed

After going unnoticed for two years, researchers discovered Heartbleed, the flaw that could let a hacker defeat OpenSSL, the most common encryption technology on the Internet. Another way of saying it is Heartbleed put 66 percent of servers worldwide at the mercy of cybercriminals. And another way of saying that is email, instant messaging, e-commerce transactions and more were being jeopardized in every corner of the planet, exposing passwords, credit card numbers and other personal data.

The Heartbleed security flaw was a danger to websites and the mobile applications and networking equipment that connect homes and businesses to the Internet, including such things as routers and printers. In short, the flaw presented a danger to the entire Internet of Things, i.e., any device from air conditioners to refrigerators that could be connected online.

After putting in a patch to fix the flaw, many, if not most online businesses, only had one strategy to offer users: change your passwords.

“Today it’s Heartbleed and tomorrow it will be another data breach or vulnerability,” said Alisdair Faulkner, chief products officer, ThreatMetrix.

“Passwords are a static means of security and are frankly obsolete as a stand-alone authentication solution in today’s cybersecurity landscape. Once account login information is obtained, cybercriminals have access to personal data used for committing bank fraud or falsifying credit card transactions – the possibilities are endless. Security should not just rely on point-in-time authentication solutions. Instead, continuous evaluation of trust is required based on what the user is attempting to do.”

ThreatMetrix’s preventative cybersecurity strategies offer protection that goes well beyond passwords and other forms of static authentication:

Real-time trust analytics – Move beyond just big-data collection and improve effectiveness of controls with real-time analysis of device, location, identity and behavioral context for every authentication attempt. Real-time trust analytics offer unprecedented identity authentication policies for businesses and enterprises by comparing against global benchmarks derived from peers in their industry, the size and scale of the enterprise, geographic location and more.

Enhanced mobile identification – Detects jailbroken devices and offers location-based authentication, protecting mobile transactions by indicating when the mobile operating system has been breached and the security of applications has been compromised.

“To protect against future attacks like Heartbleed, businesses need to move beyond legacy verification and authentication solutions and recognize the benefits of leveraging a collective approach to cybersecurity,” said Faulkner. “The ThreatMetrix® Global Trust Intelligence Network (The Network) delivers real-time intelligence, providing customers with consistent risk assessments of data and creating a digital persona of users by mapping their online behaviors and devices.”

Consumers can protect their online identities and personal information from threats like Heartbleed by ensuring location information on social networks is encrypted and by using different passwords across sites and never storing them on devices.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Heartbleed Part II: Some Online Passwords That Do and Don’t Need Changing to Relieve Some of the Heartburn Caused by Heartbleed

Posted on April 11th, 2014 by Dan Rampe

Heartbleed

The Heartbleed flaw: In no time, it went from “That the name of a band?” to “The sky is falling. The sky is falling.” Now, if by chance you’ve been on Mars or in a marketing meeting (or in a marketing meeting on Mars) the last few days, Heartbleed is an encryption flaw in the Open SSL cryptographic software library.

Two-thirds of web servers worldwide use the Open SSL cryptographic software library to connect with end users and guard against digital eavesdropping. While the flaw was just discovered, it has been open to hackers for approximately two years. Best of all (that, of course is sarcasm) if a hacker were stealing data, nobody would know because the flaw made it possible to steal logins and passwords without leaving evidence the hacker was even there.

If you’re over 23 (give or take), you’re aware of the Y2K computer flaw when it was predicted that at 12:01 a.m. New Year’s Day 2000, planes would fall out of the sky, commerce would cease and there would be rioting, looting and chaos worldwide. And worst of all: no 2000 Super Bowl!

The point is no one exactly knows if data has been compromised or if hackers even knew about the flaw. Now, there is a fix and affected companies have either implemented it or are in the process of implementing it.

Mashable.com surveyed some of the most frequented sites on the web to find out the status of their fixes and whether they advised customers to change their passwords. Following is a partial list. You may find their complete list on mashable.com, “The Heartbleed Hit List: The Passwords You Need to Change Now.”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

Let’s Put Our Cards on the Table. U.S. Briefs China on Cyberwarfare Plans.

Posted on April 10th, 2014 by Dan Rampe

China

The U.S. is briefing China’s military how it plans to defend against cyberattacks and use cybertechnology against adversaries. China, for its part, is saying nothing about its plans. Does this sound like playing poker with just your hold card showing? Anyway, you gotta hope somebody’s playing with a full deck.

In his piece in The New York Times, David E. Sanger explains the idea behind the American strategy and what the U.S. hopes to accomplish with the new cyber openness. (The story has been edited to fit our format.)

The idea was to allay Chinese concerns about plans to more than triple the number of American cyberwarriors to 6,000 by the end of 2016, a force that will include new teams the Pentagon plans to deploy to each military combatant command around the world. But the hope was to prompt the Chinese to give Washington a similar briefing about the many People’s Liberation Army units that are believed to be behind the escalating attacks on American corporations and government networks.

So far, the Chinese have not reciprocated.

The effort, senior Pentagon officials say, is to head off what Mr. Hagel and his advisers fear is the growing possibility of a fast-escalating series of cyberattacks and counterattacks between the United States and China. This is a concern especially at a time of mounting tensions over China’s expanding claims of control over what it argues are exclusive territories in the East and South China Seas, and over a new air defense zone. In interviews, American officials say their latest initiatives were inspired by Cold-War-era exchanges held with the Soviets so that each side understood the “red lines” for employing nuclear weapons against each other.

“Think of this in terms of the Cuban missile crisis,” one senior Pentagon official said. While the United States “suffers attacks every day,” he said, “the last thing we would want to do is misinterpret an attack and escalate to a real conflict.”

Mr. Hagel’s concern is spurred by the fact that in the year since President Obama explicitly brought up the barrage of Chinese-origin attacks on the United States with his newly installed counterpart, President Xi Jinping, the pace of those attacks has increased. Most continue to be aimed at stealing technology and other intellectual property from Silicon Valley, military contractors and energy firms. Many are believed to be linked to cyberwarfare units of the People’s Liberation Army acting on behalf of state-owned, or state-affiliated, Chinese companies.

“To the Chinese, this isn’t first and foremost a military weapon, it’s an economic weapon,” said Laura Galante, a former Defense Intelligence Agency cyberspecialist.

Administration officials acknowledge that Mr. Hagel, on his first trip to China as defense secretary, has a very difficult case to make, far more complicated than last year. The Pentagon plans to spend $26 billion on cybertechnology over the next five years — much of it for defense of the military’s networks, but billions for developing offensive weapons — and that sum does not include budgets for the intelligence community’s efforts in more covert operations. It is one of the few areas, along with drones and Special Operations forces, that are getting more investment at a time of overall Pentagon cutbacks.

Moreover, disclosures about America’s own focus on cyberweaponry — including American-led attacks on Iran’s nuclear infrastructure and National Security Agency documents revealed in the trove taken by Edward J. Snowden, the former agency contractor — detail the degree to which the United States has engaged in what the intelligence world calls “cyberexploitation” of targets in China.

The revelation by The New York Times and the German magazine Der Spiegel that the United States has pierced the networks of Huawei, China’s giant networking and telecommunications company, prompted Mr. Xi to raise the issue with Mr. Obama at a meeting in The Hague two weeks ago. The attack on Huawei, called Operation Shotgiant, was intended to determine whether the company was a front for the army, but also focused on learning how to get inside Huawei’s networks to conduct surveillance or cyberattacks against countries — Iran, Cuba, Pakistan and beyond — that buy the Chinese-made equipment. Other cyberattacks revealed in the documents focused on piercing China’s major telecommunications companies and wireless networks, particularly those used by the Chinese leadership and its most sensitive military units.

Mr. Obama told the Chinese president that the United States, unlike China, did not use its technological powers to steal corporate data and give it to its own companies; its spying, one of Mr. Obama’s aides later told reporters, is solely for “national security priorities.” But to the Chinese, for whom national and economic security are one, that argument carries little weight.

“We clearly don’t occupy the moral high ground that we once thought we did,” said one senior administration official.

For that reason, the disclosures changed the discussion between the top officials at the Pentagon and the State Department and their Chinese counterparts in quiet meetings intended to work out what one official called “an understanding of rules of the road, norms of behavior,” for China and the United States.

The decision to conduct a briefing for the Chinese on American military doctrine for the use of cyberweapons was a controversial one, not least because the Obama administration has almost never done that for the American public, though elements of the doctrine can be pieced together from statements by senior officials and a dense “Presidential Decision Directive” on such activities signed by Mr. Obama in 2012. (The White House released declassified excerpts at the time; Mr. Snowden released the whole document.)

Mr. Hagel alluded to the doctrine a week ago when he went to the retirement ceremony for Gen. Keith B. Alexander, the first military officer to jointly command the N.S.A. and the military’s Cyber Command. General Alexander was succeeded last week by Adm. Michael S. Rogers, who as the head of the Navy’s Fleet Cyber Command was a central player in developing a corps of experts who could conduct cyberwarfare alongside more traditional Navy forces.

“The United States does not seek to militarize cyberspace,” Mr. Hagel said at the ceremony, held at the N.S.A.’s headquarters at Fort Meade, Md. He went on to describe a doctrine of “minimal use” of cyberweaponry against other states. The statement was meant to assure other nations — not just China — that the United States would not routinely use its growing arsenal against them.

In Beijing, the defense secretary “is going to stress to the Chinese that we in the military are going to be as transparent as possible,” said Rear Adm. John Kirby, the Pentagon press secretary, “and we want the same openness and transparency and restraint from them.”

Experts here and in China point out that a lot was left out of Mr. Hagel’s statement last week. The United States separates offensive operations of the kind that disabled roughly 1,000 centrifuges in Iran’s nuclear program, America’s best-known (and still unacknowledged) cyberattack against another state, from the far more common computer-enabled espionage of the kind carried out against the Chinese to gather information about a potential adversary.

“It’s clear that cyberspace is already militarized, because we’ve seen countries using cyber for military purposes for 15 years,” said James Lewis, an expert at the Center for Strategic and International Studies. “The Chinese have had offensive capabilities for years as well,” he said, along with “more than a dozen countries that admit they are developing them.”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

It’s Dubbed “Heartbleed” and Is about as Serious as a Heart Attack. Security Flaw Opens Up Two-Thirds of Web Servers Worldwide to Hackers

Posted on April 9th, 2014 by Dan Rampe

Heartbleed

OpenSSL researchers announced the release of a fix for the “glitch” discovered in the Open SSL cryptographic software library that two-thirds of web servers worldwide use to connect with end users and guard against digital eavesdropping. UNFORTUNATELY, the fix may be coming a couple of years too late — because that’s about as long as the flaw has been available to hackers.

In his piece on policymic.com, Tom McKay says that the bug that allows for easy untraceable breaches of secure systems, which control everything from banking to retail to email, was originally discovered by Google researcher Neel Mehta.

The OpenSSL team reports McKay described the difference between this software flaw and others. “Bugs in single software or library come and go and are fixed by new versions. However this bug has left a large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitations and attacks leaving no trace this exposure should be taken seriously.”

Or putting it in language a farmer might use—Is this fix like closing the barn door after the cows have gotten out?

To demonstrate how the flaw could be used, the research team was able to breach Yahoo security and steal email logins and passwords without leaving evidence it was ever there.

In the OpenSSL team’s own words, “We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

“Anyone who noticed and exploited the bug since it was introduced on March 14, 2012 could have easy access to an incomprehensible number of secure systems.”

TechCrunch noted that “even encrypted data illegally stolen from servers could eventually be forced open either with more stolen data or other methods, depending on server configuration.”

Until servers are updated worldwide, data remains at risk. So until the servers are updated does everybody just go fishing (and we mean fishing not phishing)?

Well, Tumblr sent out this alert to its users:

Urgent security update

Bad news. A major vulnerability, known as “Heartbleed,” has been disclosed for the technology that powers encryption across the majority of the internet. That includes Tumblr.

We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue.

But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit.

This might be a good day to call in sick and take some time to change your passwords everywhere—especially your high-security services like email, file storage, and banking, which may have been compromised by this bug.

You’ll be hearing more in the news over the coming days.

Take care.

Besides change your passwords, “take care” is always good advice. However, in this situation it may not be all that useful.

Something that is useful to know comes from the technology news and media network, The Verge, which says “Google, Apple, and Microsoft are all unaffected, as well as most major e-banking services.”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

ThreatMetrix to Exhibit Advanced Fraud Prevention Solutions at NACHA PAYMENTS 2014

Posted on April 4th, 2014 by Dan Rampe

The ThreatMetrix Global Trust Intelligence Network Provides Payments Professionals with a Collective Approach to Cybersecurity

San Jose, CA – April 4, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, announced today it is exhibiting in booth 613 at NACHA PAYMENTS 2014, the largest and most comprehensive education event for the payments industry, April 6 – 9 at the Orlando World Center Marriott.

NACHA, The Electronic Payments Association, manages the development, administration and governance of the ACH Network – the backbone for the electronic movement of money and data. The ACH Network provides a safe, secure and reliable network for direct account-to-account consumer, business and government payments.

NACHA PAYMENTS 2014 brings together more than 2,300 payments professionals and nearly 100 industry leaders at an interactive conference that provides attendees with the right tools to drive the right solutions and revenue opportunities.

“Wherever money flows, payment fraud is likely to follow,” said Bert Rankin, chief marketing officer, ThreatMetrix. “Through our participation at NACHA PAYMENTS, attendees can learn how to move beyond legacy verification and authentication solutions and leverage a collective approach to cybersecurity – the ThreatMetrix® Global Trust Intelligence Network (The Network) – to prevent payment fraud.”

The ThreatMetrix TrustDefender™ Cybercrime Protection Platform leverages the collective power of The Network and is the leading payment fraud prevention solution. It enables companies to implement payment fraud prevention and security strategies that drive incremental revenue, increase customer confidence and reduce chargebacks. With the TrustDefender Cybercrime Protection Platform, businesses can:

• Profile devices and identify threats

• Examine users’ identities and activity

• Configure business rules to reflect their exact requirements

• Validate business policies to minimize customer friction

• Generate detailed analysis and reports

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.11178
Email: beth.kempton@walkersands.com

Now Available! The ThreatMetrix Spring 2014 Extension to ThreatMetrix’s TrustDefender Cybercrime Protection Platform — Greatly Improves Telling the Difference between Users You Can Trust and Cybercriminals.

Posted on April 3rd, 2014 by Dan Rampe

Falcon-PR-Blog

Immediately available, the ThreatMetrix® Spring 2014 Release is an extension of ThreatMetrix’s TrustDefender™ Cybercrime Protection Platform that delivers enhanced data collection and real-time trust analytics for improving the process of differentiating between trusted users and cyberthreats.

This next generation in shared global intelligence enhances the recognition of devices, identities and behaviors across the ThreatMetrix® Global Trust Intelligence Network (The Network). And new capabilities offered by the Spring 2014 release add to the types of data that are collected and analyzed for creating an online persona.

“With most of today’s end users conducting business transactions online, cybercrime prevention is all about differentiating between trusted identities and potential fraudsters,” said Mustafa Rassiwala, senior director of product management, ThreatMetrix. “The Network delivers real-time intelligence that’s not available in other solutions, providing customers with consistent risk assessments of data across a global network and creating a digital persona of users by mapping their online personas and devices.”

The Spring 2014 Release enhances ThreatMetrix’s context-based security and advanced fraud prevention solutions through:

• Endpoint Intelligence – Advanced endpoint intelligence enables businesses to detect returning, authentic customers and flag identity and device anomalies indicating malicious behavior. Specifically, enhancements include:

o Next-generation true IP address detection when customers use proxies. This provides a complementary solution to existing proxy-piercing technology.

o Improved font detection for more accurate device identification.

o ThreatMetrix SmartID™ upgrade to enable additional attributes to be integrated into cookieless device ID analysis.

o IP geo upgrade offering more precise, granular geolocation.

o ThreatMetrix TrustDefender™ Client upgrades offering the power of a dedicated endpoint protection client to real-time cybercrime prevention. Using TrustDefender Client, customers are able to create security posture rules with an added protective layer, to their existing rules. Therefore, it’s possible to examine the status of security such as the presence or absence of security software. Additionally, the rules can examine the strength of the password used to authenticate the user on the device and presence of malware, adware, spyware and more.

• Behavior Intelligence – Various contextual factors come together to uniquely identify each identity and ThreatMetrix leverages cross-correlation and analytics across contextual factors to provide better indicators of malicious actions. The Spring 2014 Release enables ThreatMetrix™ Trust Tags to be dynamically updated with values derived from attributes as part of the transaction. For example, a user’s identity can now be tagged with his or her mobile phone number when he or she successfully completes authentication via a mobile phone.

• Trust Analytics – Leveraging global trust analytics, ThreatMetrix examines every transaction across a consistent set of ThreatMetrix-defined identity authentication rules in addition to individual enterprise-defined rules. Analyzing over 500 million transactions a month using a consistent set of rules enables ThreatMetrix to benchmark, baseline and detect long-term trends for fraudulent activities such as identity spoofing, device spoofing, IP address/geolocation spoofing and the presence of malware (man-in-the-browser) attacks. ThreatMetrix can now provide unprecedented analytics to enterprises and improve their identity authentication policies by comparing them against global benchmarks derived from peers in their industry, the size and scale of the enterprise, geographic location and more.

“The ThreatMetrix solution is much more effective than traditional recognition capabilities because it leverages billions of data points from The Network, sharing anonymized information across business boundaries to identify patterns for authentic returning customers and cybercriminals,” said Rassiwala. “Overall, the next-generation solution from ThreatMetrix will effectively reduce friction for returning customers while keeping cybercriminals out in real time.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

New Study Journeys to the Heart of Darknets to Find Out Why a Stolen Twitter Account Is Worth More Than a Stolen Credit Card…Plus Much More.

Posted on April 1st, 2014 by Dan Rampe

Darknet

Brad Chacos on pcworld.com defined Darknets as “small niches of the ‘Deep Web,’ which is itself a catch-all term for the assorted net-connected stuff that isn’t discoverable by the major search engines.” It’s a “hidden underbelly, home to both rogues and political activists… accessed only with the help of specially designed anonymizing software. It’s a secretive place [and] a dangerous place, where a lot of illicit, underground nastiness occurs.”

A new study, “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar” by the RAND Corporation, a research organization that develops solutions to public policy challenges, illuminates the murky world of Darknets and black market deals for both tools such as exploit kits and the booty that’s been plundered by cyberthieves, such as personal information from credit cards.

Interviews were conducted with more than two dozen cybersecurity experts including academics, researchers, reporters, security vendors and law enforcement officials.

Michael Callahan of Juniper Networks, which funded the study, was surprised to learn that “information that traditionally fetched a high price on the black market is decreasing in value, making way for new, high-priced items.

“Traditionally, credit card information was the currency of the black market. It demanded a high price, ranging from $20-$40 on average. However, high-profile breaches have created a recent influx of available credit card data online. As a result the scarcity and value of the stolen information is decreasing. During a large credit card breach, the market becomes flooded with data causing prices to drop from $20 per record to $0.75 per record in a short amount of time.

“Social media and other online accounts are now becoming more valuable. Although prices range widely, RAND found hacked accounts can be worth anywhere from $16 to $325+ depending on the account type.”

Experts agreed that the future held more activity in Darknets including more use of crypto-currencies, malware with improved anonymity, and more attention to encryption for protecting communications and transactions. They also agreed that cyberattacks would probably outpace the ability to defend against them and that there would be more hacking for hire as-a-service.

The same experts disagreed on who would most be affected by the growth of the black market. Would it be small businesses, large businesses or individuals? And they disagreed on what commodities would be the most sought after — data records and credit card information or intellectual property. There was also disagreement on which types of attacks would be most prevalent, persistent targeted attacks; opportunistic or mass “smash-and-grabs.”

Key Findings of the study:

• The cyber black market has evolved from a varied landscape of discrete, ad hoc individuals into a network of highly organized groups, often connected with traditional crime groups (e.g., drug cartels, mafias, terrorist cells) and nation-states.

• The cyber black market does not differ much from a traditional market or other typical criminal enterprises; participants communicate through various channels, place their orders, and get products.

• Its evolution mirrors the normal evolution of markets with both innovation and growth.

• For many, the cyber black market can be more profitable than the illegal drug trade.

The cyber black market responds to external forces as does the traditional marketplace:

• As suspicion and “paranoia” spike because of an increase in recent takedowns by law enforcement, more transactions move to Darknets; stronger vetting takes place; and greater encryption, obfuscation, and anonymization techniques are employed, restricting access to the most sophisticated parts of the black market.

• The proliferation of as-a-service and point-and-click interfaces lowers the cost to enter the black market.

• Law enforcement efforts are improving as more of them become technologically savvy. Suspects are going after bigger targets, and thus are attracting more attention. More crimes involve a digital component, giving law enforcement more opportunity to encounter crime in cyberspace.

• Still, the cyber black market remains resilient and is growing at an accelerated pace, continually getting more creative and innovative as defenses get stronger, law enforcement gets more sophisticated, and new exploitable technologies and connections appear in the world.

• Products can be highly customized, and players tend to be extremely specialized.

Study recommendations include exploring:

• How computer security and defense companies could shift their approaches to thwarting attackers and attacks.

• How bug bounty programs or better pay and incentives from legitimate companies might shift transactions and talent off the illicit markets into legitimate business operations.

• The costs and benefits of establishing fake credit card shops, fake forums, and sites to increase the number and quality of arrests, and otherwise tarnish the reputation of black markets.

• The ramifications of hacking back, or including an offensive component within law enforcement that denies, degrades, or disrupts black-market business operations.

• The options for banks or merchants to buy back their customers’ stolen data.

• The effects of implementing mandates for encryption on point-of-sale terminals, safer and stronger storage of passwords and user credentials, worldwide implementation of chips and PINs, and regular checks of websites to prevent common vulnerabilities put a dent in the black market, or enforce significant changes to how the market operates.

• How to apply lessons learned from the black market for drugs or arms merchants to the black market for cybercrime.

It also recommends:

• Determining whether it is more effective for law enforcement to go after the small number of top-tier operators or the lower- or open-tier participants.

• Examining whether governments and law enforcement worldwide could work together to prosecute and extradite cybercriminals including coordinating physical arrests and indictments.

“Hacking used to be an activity that was mainly carried out by individuals working alone, but over the last 15 years the world of hacking has become more organized and reliable,” said Lillian Ablon, lead author of the study and an information systems analyst at RAND. “In certain respects, cybercrime can be more lucrative and easier to carry out than the illegal drug trade.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

With 97% of Malware Aimed at Android, Can an Android Device Be as Safe as an iPhone for Example? App-solutely.

Posted on March 31st, 2014 by Dan Rampe

Malware

Two figures leap out of just about every survey on smartphones. Globally, Android has 87 percent of the market and 97 percent of the malware.

In 2012 there were 238 threats to Android. That jumped to 804 in 2013. And, over that same timeframe, threats to Apple iOS, BlackBerry OS and Microsoft Windows Phone were a goose egg, nil, zero, nada, none. These figures come from a piece on Forbes.com, which explains that the 3 percent of malware that didn’t go to Android went to Nokia’s now defunct Symbian platform.

So, if you want to be safe, get ABA (Anything But Android), right? Not so fast says Gordon Kelly in his Forbes.com piece:

Let’s be clear. From a statistical viewpoint researcher and security specialist F-Secure got them right. Android does account for 97% of all mobile malware, but it comes from small, unregulated third party app* stores predominantly in the Middle East and Asia. By contrast the percentage of apps carrying malware on Google’s official Play Store was found to be just 0.1% and F-Secure acknowledges rigorous checks mean “malware encountered there tends to have a short shelf life.”

If you want to stay safe on Android [here’s] the solution: stick to buying apps on the Play Store and every one in 1000 apps you buy may have had malware for a brief period.

Strangely F-Secure didn’t reveal figures for Amazon’s Apps for Android store, but other third party Android stores didn’t fare so well. Mumayi, AnZhi, Baidu, eoeMarket and liqucn were found to have 6%, 5%, 8%, 7% and 8% malware penetration respectively and an appalling 33% of apps were infected in Android159. Repacked or faked games were the big target and since it isn’t difficult to taint an app with malware the message is simple: steer clear of third party app stores that don’t have the resources to effectively scan and police their libraries.

Despite these figures, F-Secure … stressed each new version “has included a number of security-related changes that help mitigate the effects of malware. “ Consequently rather than laying the blame at Google’s feet, it stressed the real problem was fragmentation caused by hardware manufacturers failing to update their devices to the latest version of Android.

But Google doesn’t get off scot-free. Google lags a long way behind Apple when making its app store available around the world. The most notable omission is China, where Apple has made significant progress in recent years.

Furthermore, while Google Play users in most countries can now purchase apps, the countries where developers can sell apps remains hopelessly restrictive. For example there is no developer support in Africa and only Argentinian and Brazilian developers can sell apps through the Play Store in South America.

It is worse when it comes to media content with only Australia, Japan, the UK and US currently able to buy TV shows while music purchases only expand that list within European countries. As such the countries where customers and developers are most likely to be attracted by the cheap prices of budget Android handsets are the least well served.

Which leaves us with the all too familiar scenario that Android’s malware problem isn’t as black and white as many would have you believe. The truth is it is easy to stay safe on Android. The problem is that sentence relies on where you live.

One nagging question remains. Does Kelly himself use an Android smartphone? We guess that must depend on where he lives.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

ThreatMetrix Secures $20 Million Series E Financing

Posted on March 27th, 2014 by Dan Rampe

Company Reveals Aggressive Plans to Expand the Largest Shared Global Identity Network

ThreatMetrix-Financing-InfographicSan Jose, Calif. – March 27, 2014 – ThreatMetrix™, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced that it has closed a Series E round of financing. Adams Street Partners led the investment round of $20 million in capital, with all existing ThreatMetrix institutional investors also participating in the investment.

In a 12-month period ending September 2013, investors poured more than $1.4 billion into the cybersecurity market, up 29 percent over the previous year. While many cybersecurity startups are in the early stages of business, ThreatMetrix has a proven business strategy and is uniquely positioned to protect online entities – including businesses, governments and individuals – through the ThreatMetrix™ Global Trust Intelligence Network (The Network). As the world’s largest identity network of shared intelligence, The Network enables companies and government agencies to share anonymized information across business boundaries to deliver the most comprehensive risk assessment in real time.

“ThreatMetrix has a trusted, compelling cybersecurity solution and extensive market traction that stand out compared to other unproven startups in the industry,” said Dave Welsh, Partner, Adams Street Partners. “The cybersecurity industry will only continue to grow in the coming years and ThreatMetrix offers comprehensive technology to protect against evolving risks. Given its already strong base of more than 2,500 customers, we are confident that this financing will position ThreatMetrix for further growth and success across industries and geographies.”

As part of the financing round, Welsh joins the ThreatMetrix board of directors. Welsh is a strategic fit as an investor as he has extensive experience in the cybersecurity industry and formerly served as the chief strategy officer at McAfee, the world’s largest dedicated security company. Adams Street Partners is also an investor in two of ThreatMetrix’s largest investors, USVP and August Capital, and has comprehensive working knowledge of ThreatMetrix and the market opportunity it is addressing.

“Adams Street Partners is an ideal fit to lead our latest round of financing, due to its expertise in the cybersecurity industry and familiarity with our existing investors,” said Reed Taussig, president and CEO, ThreatMetrix. “Today’s cybercriminals are more sophisticated than ever before and include talented, well-funded, international crime rings and nation states. This financing will enable us to expand the depth and breadth of The Network, grow our customer base and continuously build new capabilities into the TrustDefender™ Cybercrime Protection Platform to protect against rapidly evolving cyber threats.”

According to Taussig, the company will use the additional financing to continue its successful global expansion in context-based security and advanced fraud prevention. Specifically, the financing will enable ThreatMetrix to do the following:

• Broaden the reach of The Network, which currently analyzes more than 500 million transactions each month and protects over 160 million active user accounts across 2,500 customers and 10,000 websites. In today’s world, no company can stand alone in the fight against cybercriminals. The Network is a unique differentiator that offers all ThreatMetrix customers worldwide a collective approach to cybersecurity by enabling shared anonymized identity and threat data for real-time analysis of cybercrime risks.

• Build new capabilities in the TrustDefender Cybercrime Protection Platform – ThreatMetrix launched several breakthrough products and technologies in 2013, including ThreatMetrix™ Persona ID, ThreatMetrix™ Trust Tags and the ThreatMetrix™ Global Policy Engine. These capabilities substantially improve the ability to differentiate between trusted and criminal events and stay one step ahead of cybercriminals.

• Enhance its frictionless context-based authentication solutions, which enables enterprises to establish trust for each account login based on fully anonymous user identity, device usage, geolocation, behavior and other factors without compromising user identity or workforce efficiency. “As the bring-your-own-device (BYOD) trend accelerates, Gartner estimates that by year-end 2016, more than 30 percent of enterprises will use contextual authentication for remote workforce access.” [Source: Gartner Magic Quadrant for User Authentication, December, 2013]

• Increase mobile cybersecurity to protect the rising number of mobile transactions across industries. In 2013, mobile represented one-third of all transactions on The Network, and this number is projected to reach 50 percent by the end of 2014. ThreatMetrix recently reinforced its commitment to protect mobile computing by announcing an update that offers jailbreak detection and location-based authentication for mobile transactions.

• Expand into new markets, including enterprise security, healthcare, gaming and insurance in addition to the success it has already experienced in the financial service and e-commerce markets. Enterprise security professionals realize that incorporating fraud prevention tools to protect access to mission critical applications is vital to thwart hackers. During 2014 ThreatMetrix expects to make significant inroads into the traditional enterprise security market.

• Continue its expansion in European and Asian markets in addition to continued growth in North America.

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.11178
Email: beth.kempton@walkersands.com

 

California Is Famous for Sunshine, Hollywood, Silicon Valley, Surfing, Oranges and…International Cybercrime. AG Reports State Number One Target.

Posted on March 24th, 2014 by Dan Rampe

California Welcome

To paraphrase the song that at one time was the state’s de facto anthem, “California here they come.” However, according to a report by the state’s Attorney General, Kamala Harris, it’s more like “California, they’re already here.” “They” are the international criminal enterprises targeting California from Eastern Europe, Africa and China.

The Associated Press quotes the 181-page report as saying, “These organizations have taken advantage of the technological revolution of the last two decades, as well as advancements in trade, transport and global money transfers, to substantially increase the scale and profitability of their criminal activities in California.”

It goes on to state that California leads the nation in the number of computer systems hacked or infected by malware; victims of Internet crimes and identity theft; and the amount of financial losses suffered as a result of online crimes. And, the state is especially vulnerable to intellectual property theft because of its role in developing new technology and mass-media entertainment.

The report says, “Many of these breaches have been tied to transnational criminal organizations operating from Russia, Ukraine, Romania, Israel, Egypt, China, and Nigeria, among other places.”

California’s $2 trillion GDP (gross domestic product), foreign activity and border with Mexico make it ripe for international money-laundering. The report estimates that each year more than $30 billion is laundered through the state’s economy.

Different schemes include filtering money through legitimate businesses or using virtual currencies, e.g., Bitcoin. Less sophisticated efforts included backpacks and duffel bags stuffed with cash. Today, California leads the USA in the number of currency seizures.

Unlike federal law, California state law requires prosecutors to prove a suspect deliberately carried out a financial transaction in a way designed to hide the fact that the money came from or was used for a criminal activity. The Associated Press’s Don Thompson notes that the report says California should change its law to make it easier for prosecutors to crack down on money launderers.

It recommends letting prosecutors temporarily freeze the assets of transnational criminal organizations and associated gangs before seeking an indictment.

And it recommends the state mirror federal law by increasing punishment for people convicted of supervising, managing or financing transnational criminal organizations. In addition, it calls for the state to devote more money to the state Department of Justice, including $7.5 million to fund five new teams to target international criminals.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.