Significant Drop in Fraud Rates and Chargebacks When Organizations Implement ThreatMetrix Solution

Posted on October 23rd, 2014 by Dan Rampe

Ken

Survey Shows 100 Percent of E-Commerce Execs Using ThreatMetrix TrustDefender Cybercrime Protection Platform See Measurable Decrease in Fraud Rates and Chargebacks

Here they come — both the holidays and the cybercriminals who prey on consumers and retailers during the holidays.

According to the National Retail Federation, the 2014 holiday shopping season is expected to bring in $616.9 billion, representing approximately 19.2 percent of the retail industry’s total annual sales. And what could be more attractive to a cyberthief than a high volume of sales condensed into a very brief time period?

Ken Jochims, ThreatMetrix director of product marketing, observes

“It’s critical that online merchants have a comprehensive solution to decrease fraud without impacting the customer experience, especially with so many customers flooding to e-commerce sites on Black Friday, Cyber Monday and throughout the holiday season,” said Ken Jochims, director of product marketing at ThreatMetrix. “By stopping suspicious account access and transactions, businesses can reduce the number of chargebacks and manual reviews resulting from fraudulent transactions.”

TechValidate survey shows ThreatMetrix gets results

The survey conducted with TechValidate clearly demonstrates that every e-commerce company (100 percent) using the ThreatMetrix TrustDefender Cybercrime Protection Platform reported a decrease in chargebacks. Fifty percent of respondents noted a 40 to 60 percent decrease in chargebacks. Three out of four companies indicated their fraud rates decreased by more than 20 percent. And fully one quarter of respondents saw a 60 to 80 percent decrease in fraud rates. Additionally, 35 percent of customers surveyed experienced more than a 40 percent reduction in manual reviews.

Jochims adds

“E-commerce companies cannot afford to sit back and wait for their business to be hit with increased holiday fraud and then deal with it after the fact,” said Jochims. “The costs of paying for fraud – whether it’s card not present, account takeover or fraudulent account creation – far exceed the costs of preventative solutions that can stop cybercriminals at the front gates. However, solutions that add additional authentication steps for users lead to lost sales due to shopping cart abandonment are less than ideal. Online retailers need to implement a solution that effectively stops fraudulent activity and flags suspicious activity for additional screening, all without changing the customer experience for trusted and returning users.”

No friction. No hassle for the customer

The survey also found that, while the ThreatMetrix TrustDefender Cybercrime Protection Platform dramatically improved its e-commerce customers’ fraud detection, 100 percent of respondents experienced no additional friction to their customer experience with almost 60 percent actually having improved their revenue from 5 to 25 percent.

E-commerce companies can’t be last-minute shoppers

Obviously e-commerce sites can’t wait till November or December to implement new security strategies. The time is now and ThreatMetrix has the solutions —ThreatMetrix’s TrustDefender Cybercrime Protection Platform is powered by the ThreatMetrix Global Trust Intelligence Network, which analyzes more than 850 million monthly transactions and combines device identification, threat assessments, identity and behavioral intelligence to accurately identify cybercriminals without creating friction for good users.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

A New View of Most Major Breaches 2004 – 2014

Posted on October 22nd, 2014 by Dan Rampe

cybercrime-2-large

RAND Corporation Chart Offers Fresh Perspective Comparing Major Breaches Occurring So Frequently — JPMorgan Chase, Home Depot and MBIA Breaches— Were Not Included

News flash — all breaches are bad. Everybody knows that, but did you know… — to paraphrase (steal from?) a current Geico campaign — how bad major breaches were compared to each other?

The amount of data compromised and numbers of individuals affected are often so staggering they’re difficult to visualize. Just look at these numbers: JPMorgan Chase (76 million households and 7 million businesses exposed), Home Depot (56 million credit card holders exposed) and the Municipal Bond Insurance Association or MBIA (thousands of local governments, universities and companies and billions in taxpayer funds exposed). So, it’s unfortunate the RAND report could not have included these massive breaches as well. Still, the visual offers a fascinating new insight.

In her story on businessinsider.com, Natasha Bertrand discusses the RAND Corporation National Security Research Division report including the chart (Figure 6.2 — see page 55 of the PDF or page 36 of the hardcopy) comparing major breaches from AOL to Target.

In her story, Bertrand highlights some fascinating points about breaches. The following has been excerpted from her piece and edited to fit our format. You may find the full article by clicking on this link.

The best-known is not the worst

[The] chart shows, the biggest cyberattacks have not always been on the most high-profile companies. Social application site RockYou! is not particularly well-known, but it had a data breach that exposed over 32 million accounts. By comparison, a hack of the popular shoe website Zappos exposed just 24 million accounts.

Some big breaches are not “newsworthy”

And some of the biggest attacks have not always made for the most interesting, or newsworthy, hacking stories. Over 50 million Evernote users had their passwords stolen last year, but the attack was largely the result of users simply not having strong enough passwords.

What does the future portend?

According to the RAND report, experts disagree on the scale of future attacks. Some believe future hacks will be targeted and persistent, as they have been recently with photo-sharing apps such as iCloud and Snapsave.

Others foresee more opportunistic, mass “smash-and-grab” attacks, like the attack on Target last year when hackers stole 40 million credit card numbers from every one of the company’s 1,797 US stores.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

Three Things Small Businesses Can Learn from High Profile Data Breaches

Posted on October 21st, 2014 by Dan Rampe

Andreas Header

National Cyber Security Awareness Month started off with a bang this year – the news that a breach at JPMorgan Chase compromised accounts of 76 million households and 7 million small businesses. Leading up to National Cyber Security Awareness Month, another high profile data breach was disclosed – Home Depot confirmed that 56 million credit and debit cards were exposed in a recent breach in an attack on the company’s point of sale systems.

In line with this week’s National Cyber Security Awareness Month theme, “Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs,” I’m going to focus here on the special challenges of smaller businesses when it comes to cybersecurity.

If you’re running a small or mid-sized business, or if you are an entrepreneur starting a new venture, this breach holds three important lessons:

  1. As a small or mid-sized business, you are not immune from data breaches.
  2. Your customers may be among those 76 million households or 56 million cardholders with compromised identities – a fraudster is likely trying to do business with you using a stolen identity.
  3. Small businesses are at a disadvantage, with fewer resources to build defenses or ride out the impact of a breach. And as Byron Acohido of ThirdCertainty points out on his guest blog for ThreatMetrix, the legal banking protections are different for small businesses than consumers, resulting in a greater risk exposure.

Let’s look at each of these issues in turn.

Small businesses are in the cross hairs

There is no such thing as a business that’s too small for cybercriminals. Many cybercriminals target smaller businesses precisely because they lack the resources of larger companies to keep systems patched and spot fraudulent access.

One thing we regularly see is that because large institutions are better prepared to deal with cyberciminals, they turn to smaller organizations. I have seen dedicated malware configurations for credit unions as small as 500 members!

Further, how many businesses plan to remain under the radar? If you have a growing business or are a growth-hacking entrepreneur, you want to world to sit up and take notice of your business. You cannot possibly hide from the cybercriminals. In fact (and unfortunately), some businesses see their first cyber attack or breach as an early sign of business growth and recognition.

And even if you have low profile today, you may be collateral damage in breaches of the larger organizations that you do business with. This is the case for the JPMorgan Chase small business customers.

Stolen identities are a growing problem

The latest breach added millions of stolen identities to the ones already available on black markets. Every stolen identity is a risk factor for your business, as attackers may spoof identities of legitimate customers to do business with you.

Identity spoofing is already a big and growing problem for businesses. Businesses in the ThreatMetrix® Global Trust Intelligence Network frequently detect and deter identity spoofing attacks in logins, new account creation and transactions.

We expect the trend to accelerate, particularly for account creation. The adoption of “chip and pin” credit card technology in 2015 in the U.S. will drive credit card fraud into new channels. Because counterfeiting a card is difficult, criminals will turn their focus to online channels and to gaining credit cards using stolen identities. This was one of the lesson learned when Europe moved to “chip and pin” in 2012.

Smaller businesses have fewer resources

If a financial giant with advanced security measures like JPMorgan Chase cannot protect its customers’ data, how can small businesses do the job with fewer resources? You may not have teams of people dedicated to security, but surviving the damage caused by a data breach has the potential to seriously derail your growth. In addition, new, fast-growing businesses often prioritize business success and revenue while placing fraud prevention on the back burner – and this is a big mistake.

The only way for small and mid-sized businesses – or fast-growing startups – to level the playing field is to collaborate on security. Be part of something larger by sharing threat intelligence and information with other businesses, large and small, around the globe. By participating in a network like the ThreatMetrix Global Trust Intelligence Network, which analyzes and protects more than 850 million monthly transactions, you can build trust into your customer transactions and other activities by placing them in a broader, worldwide context.

The strategic business value of trust

Security may seem like a defensive tactic or cost of doing business, but building trust is strategic. If you want your business to grow, you need customers to trust in their interactions with you and to trust you with their data. And to expand confidently beyond geographic borders, you need to trust that you can do business with overseas entities securely. At ThreatMetrix, our goal is to make that kind of online trust a reality.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

ThreatMetrix Reveals Strategies for Small and Medium-Sized Businesses to Avoid Falling Victim to Data Breaches

Posted on October 21st, 2014 by Dan Rampe

Andreas Header Two

Continuing its Alignment with National Cyber Security Awareness Month, ThreatMetrix Draws on Recent Data Breaches to Outline Cyber Security Lessons for Small Businesses

San Jose, CA – October 21, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced several risks and preventative strategies for small and medium businesses (SMBs) protect against data breaches, continuing its commitment to this year’s National Cyber Security Awareness Month (NCSAM) theme, “Our Shared Responsibility,” as well as the fourth week’s theme of examining cybersecurity for SMBs in addition to entrepreneurs.

The theme of NCSAM’s fourth week is “Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs,” calling attention to the importance of cybersecurity measures for smaller businesses, as well as addressing the special challenges faced by these entities when it comes to cybersecurity. Recent high-profile breaches such as JPMorgan Chase and Home Depot – which have compromised millions of accounts and other sensitive information – make now a more important time than ever for SMB owners and entrepreneurs to educate themselves on cyber security. Several risks these businesses face, along with preventative strategies include:

  • No Business is Too Small

Cybercriminals will target any business, large or small, so long as there is a consistent flow of revenue. Since large companies often have more comprehensive cybercrime prevention strategies in place, cybercriminals often turn to smaller organizations instead. Rapidly-growing, small businesses also risk falling victim to cybercriminals as they increasingly gain recognition. As a result, some SMBs choose not to expand internationally because of the possible increased fraud risk and end up missing out on revenue opportunities.

“The unfortunate fact is that some small businesses see their first cyber attack or breach as an early sign of business growth and recognition,” said Andreas Baumhof, chief technology officer at ThreatMetrix. “The focus for every small business is to grow as fast as possible. The mindset is ‘If I don’t sell anything, I don’t need a fraud solution, so let’s first sell and then figure out the fraud problems later.’ However, this is an ineffective way for businesses to treat their customers’ sensitive information, as these businesses will ultimately be targeted by cybercriminals.”

  • Stolen Identities Are a Growing Problem

The recent JPMorgan Chase, Home Depot and other breaches added millions of stolen identities to the millions already on black markets. The JPMorgan Chase breach alone compromised the accounts of 76 million households and seven million small businesses. These compromised accounts pose the risks of stolen credit card information, personal information sold on black markets and fraud ranging from account takeover to financial fraud to businesses of all sizes.

According to recent data from a ThreatMetrix Cybercrime Index™ Benchmark Report businesses in the ThreatMetrix® Global Trust Intelligence Network have reported frequently detecting and deterring identity spoofing attacks in logins, various transactions and account creation. ThreatMetrix expects this trend will accelerate over the next year as the U.S. adoption of “chip and signature” credit card technology in 2015 drives more fraud online.

  • Smaller Businesses Have Fewer Resources

Recent high-profile breaches of large enterprises draw attention to the fact that SMBs are at even higher risk with fewer resources available for cybercrime prevention. Not only do many of these organizations not have dedicated cyber security teams, but if for those who are breached, it is extremely difficult to recover from the damage to their business, as growth and profits are stunted post-data breach. Fast-growing SMBs often make the mistake of prioritizing business success and revenue over fraud prevention.

“Small and medium-sized businesses will always have fewer resources than large enterprises to protect themselves, so the focus needs to be on how all enterprises, small and large, can work together to level the playing field and combat fraud altogether,” said Baumhof. “Threat intelligence sharing through an anonymized global network benefits every business involved and helps to build trust on the Internet. It’s the responsibility of small and large businesses alike to collaborate against cybercriminals.”

In order for SMBs to get ahead of the curve on cybersecurity strategies, there needs to be collaboration and information sharing at the business and the government level, while protecting consumer privacy. The ThreatMetrix® Global Trust Intelligence Network anonymizes and encrypts data to enable businesses of all sizes to identify threats and keep their organizations secure without providing any personally identifiable information.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. The remaining the upcoming theme is:

  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix will continue to support each week’s theme through the end of the month. To commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

Massive MBIA Data Leak is “Tip of the Iceberg”

Posted on October 15th, 2014 by Dan Rampe

Byron

(NOTE: The following is used with the permission of Byron Acohido, a Pulitzer Prize-winning journalist and editor-in-chief for ThirdCertainty, an IDt911-sponsored online publication dedicated to helping individuals and companies assess risks and embrace best security practices. Acohido will be speaking at the ThreatMetrix Cybercrime Prevention Summit 2014, November 5 – 7.)

By Byron Acohido, ThirdCertainty

Hundreds of companies, local government agencies and universities—including two Ivy League schools—continue to expose sensitive financial, medical, academic, personal and other records to anyone who knows a few finer points about how to use Google or the Shodan search engine.

These organizations are all in the same boat as MBIA, the nation’s largest bond insurer, which has been scrambling to downplay the revelation that it has not taken very good care with customer accounts.

Ethical hacker Bryan Seely of Seattle-based Seely Security showed how MBIA has long been exposing details of municipal bond and investment management accounts in a way that made it easy for criminals to transfer funds from existing accounts into newly created ones they control. There’s no evidence any theft took place, only because the bad guys appear to have overlooked this freebie.

MBIA’s security lapse came to light in a story posted by security blogger Brian Krebs early last week. But that’s just the tip of the iceberg, Seely tells ThirdCertainty.

Seely has reviewed 25,000 Oracle web servers known to have a vulnerability that can be accessed if the web server owner fails to configure the Oracle server in the proper way.

“In the case of MBIA, it was not at risk because of a flaw in Oracle,” Seely says. “This was simply because the customer did not configure the server correctly when they deployed it, and it caused private banking records to be exposed to the Internet.”

8,000 exposed servers

Seely says he has identified more than 8,000 other servers that are similarly misconfigured and likewise exposing sensitive accounts on the open Internet. These are accounts that should be kept under lock and key.

Seely has been on a one-man campaign to notify organizations, and a few have listened to him. Among those who have heeded Seely’s heads up and locked down their misconfigured Oracle servers are:

  • Texas Department of Family Protective Services
  • Meridian Community College in Mississippi
  • University of Wisconsin
  • Purdue – Calumet Campus
  • Maryland Port Authority

MBIA initially gave Seely the cold shoulder, but took action after they received a phone call from Brian Krebs. Most organizations Seely has tried to alert assume he’s out to hustle them. “They think it’s a ransom attempt or a scam,” he says. “I’m not selling anything, and I’m not asking for money. If they want to hire me to help fix or find more problems, I would welcome it, but it is not a condition by any means.”

More: 3 steps for figuring out if your business is secure

A one-time U.S. Marine, Seely is no slouch. He has worked as a network engineer at Microsoft and Avanade. Last February, he demonstrated a way to set up and record calls between unwitting citizens and the FBI and Secret Service—by hacking Google Maps. Billionaire Dallas Mavericks owner and Shark Tank TV personality Mark Cuban is a fan.

Last month Seely and fellow ethical hacker Ben Caudill proved LinkedIn does not do a robust job of protecting email addresses by using a low-tech hack to find and manipulate Cuban’s email address, and those of other celebrities.

That hack led to Cuban asking Seely and Caudill to check Cyber Dust, a privacy-centric chat messenger start-up backed by Cuban, for security soft spots.

Seely says it would have been trivial for criminals to steal from MBIA subsidiary Cutwater Asset Management—the company found to have the exposed accounts—but it appears MBIA and Cutwater dodged one big bullet.

MBIA dodged bullet — will others?

“It’s highly unlikely that criminals accessed MBIA’s data because the only thing at risk was the money,” Seely says. “If the money is there, then nothing has been stolen. There were not any Social Security numbers or PINs, but the ability to change or otherwise add and remove signers, additional bank accounts and such. It would have been all too easy to take money from accounts in small or large amounts prior to discovery.”

Cutwater’s server was misconfigured to expose countless account numbers, balances and forms in such a way that the records were being indexed by Google and Shodan, a search engine that looks for specific types of routers and servers connected to the Internet.

Seely personally was able to use Google and Shodan to directly access individual financial accounts, account balances, participant profiles, lists of names, addresses, email addresses, and phone numbers of authorized account users.

“If you needed to add someone, you could just fill out a form and email it,” he says.

Now that the cat is out of the bag, you can bet the attention of organized cyber gangs has been directed to this low-hanging fruit. Companies using misconfigured Oracle servers who are slow to address this exposure are at risk of paying a high price. The two Ivy League schools Seely found to be exposed have not yet fixed the problem, he says.

More on emerging best practices

Encryption rules ease retailers’ burden

Tracking privileged accounts can thwart hackers

Impenetrable encryption locks down Internet of Things

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

Internet of Things – A Consumer Dream or Cybersecurity Nightmare?

Posted on October 14th, 2014 by Dan Rampe

Andreas

Don’t look now, but your life is more online and connected today than it was last year – and the trend is accelerating.

Late last year, we predicted that risks associated with the Internet of Things (IoT) and critical infrastructure would be two emerging cybercrime trends this year. (See our 2014 predictions blog.) These topics are the theme of this third week of the National Cyber Security Awareness Month, “Critical Infrastructure and the Internet of Things.”

IoT and Critical Infrastructure are two sides of the same coin

This year has seen a burst of innovation in the Internet of Things. Intel is getting into the wearable technology field, while the Consumer Electronics Show was filled with wearable devices such heart monitors, sensor-equipped golf gloves and networked pet collars. Other devices already on the market are gaining traction, from cars that email us when they need service to health monitors that publish our glucose levels. The possibilities are endless and so are the products that come to market quickly.

When it ships early next year, the Apple Watch will no doubt expand the wearable technology market beyond the earliest adopters to the broader Apple faithful.

Even if you’re not using these technologies, you are part of a connected world through the public infrastructure around you. Wireless cameras and embedded sensors permeate public facilities and transportation hubs. We all depend on power grids and water delivery systems (also known as critical infrastructure) that are controlled by networked devices. In the near future, drones may zoom around us on city streets.

The increasing connectivity of the world poses a growing cybersecurity threat that we are not securing well. For consumer technologies, personal privacy is often at risk. The public safety risks are higher for critical infrastructure.

All these devices are Internet enabled, but remember: they run software. They run the very same software that is being attacked on a daily bases for high risk applications such as online banking. The only difference is: they cannot be updated – and this has the potential to make these a lethal target.

Point of Sales Systems – The Canary in the Coal Mine
Lest you think I’m being alarmist, let’s consider one of the earliest entrants in the Internet of Things – Point of Sale (POS) systems. You see them everywhere – devices such as cash registers and credit card readers use POS to take payments at retail stores.

You would think that POS systems would be secure, for several reasons.

  • They’ve been around for a while, so we’ve had time to figure out how to make them safe.
  • They handle financial transactions, therefore we are extra motivated to keep theme secure.
  • They are locked down and run in dedicated networks

Yet POS exploits were responsible for two of the largest data breaches in the past year – the Target and the Home Depot breaches.

If we cannot manage to protect those network-attached devices that we know are targeted by thieves, how much better will we be at protecting the various technologies we’re embedding in our personal lives? Or the devices controlling critical infrastructure? Even our highway signs have been hacked. (See http://www.threatmetrix.com/a-sign-of-the-times-hacking-signs-electronic-road-sign-hackers-reveal-a-downside-to-the-internet-of-things/)

A roadmap to a more secure connected world

We can address these risks, but only with concerted and collaborative efforts. My recommendations for connected devices are as follows:

  1. Think twice about what goes on public networks. Network segmentation and isolation are critical, particularly for critical infrastructure.
  2. Strengthen authentication to these devices and the systems that manage them. Logins continue to be the weakest point in most systems. We’re reaching a point at which it is irresponsible to protect critical systems with passwords alone. Use multiple authentication factors or context-based authentication to reduce risk of stolen identities and unauthorized access.
  3. Look for anomalies at all levels, including patterns that represent known threats or never-before-seen patterns that may indicate an emerging threat.
  4. Provide a mechanism to securely update these devices. In order to do so, many of the previous points need to be considered.

To put these strategies in place, we must exchange and share threat information at both the business and government level. The federal government is committed to sharing information with the private sector related to critical infrastructure. (See Executive Order 13636)

For businesses that handle personal or consumer-based products, sharing information must be balanced with protecting consumer privacy. As the data collected about us from devices continues to grow, privacy will be more important than ever before. That’s why we’ve built data anonymization and encryption into the ThreatMetrix® Global Trust Intelligence Network.

As new technologies continue to reshape our future at a rapid pace, we have to act quickly to make sure that the future we’re building is secure and private, not dystopian.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

ThreatMetrix Announces Strategies to Combat Growing Threats to Critical Infrastructure and the Internet of Things

Posted on October 14th, 2014 by Dan Rampe

Andreas2

In Conjunction with National Cyber Security Awareness Month, ThreatMetrix Outlines Security Measures to Properly Secure Web-Connected Devices and Critical Infrastructure

San Jose, CA – October 14, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced strategies to combat security risks for the Internet of Things (IoT) and critical infrastructure, continuing its commitment to this year’s National Cyber Security Awareness Month (NCSAM) theme, “Our Shared Responsibility,” as well as the third week’s theme of examining potential security implications associated with critical infrastructure and the IoT.

The theme of NCSAM’s third week is “Critical Infrastructure and the Internet of Things,” calling out the risks faced by devices and critical utilities as they increasingly connect to the Internet. As devices ranging from watches and heart monitors to refrigerators, as well as critical utilities such as water and power, continue to connect online, our everyday lives are placed at an increased risk to of being compromised by fraudsters.

In the past year alone, innovations in wearable technology and other fields have included a burst in Internet-connected devices. From cars that can send email reminders when they need service to health monitors that publish heart rate and glucose level to online tracking tools, the inter-connected world is growing and not slowing down, creating significant risks for consumers’ privacy and cyber security.

However, the users of these new technologies are not the only ones affected by the increasing connectivity of the world. Public infrastructure is all connected online, from power grids to water delivery systems, all controlled by networked devices. This is critical infrastructure, and it opens the door to individual cybercriminals or nation states to wage a new form of online warfare if proper security measures are not immediately set in place.

“The rapid growth of the Internet of Things creates a new wealth of information for cybercriminals to compromise, from our everyday appliances to critical operations, allowing them to steal personal information and cripple resources,” said Andreas Baumhof, chief technology officer at ThreatMetrix. “Apple will soon launch the Apple Watch, taking wearable tech from obscurity to the consumer forefront. It is becoming increasingly imperative that we ensure the information shared through these devices is secure as they will contain, collect, and track sensitive information about our personal physical lives, as well as elements tied directly to our financial being. In addition, point-of-sale system hacks have caused massive damage to major retailers over the past year, as we saw in the Target and Home Depot breaches, among others. Imagine what harm the mass distribution of health and critical infrastructure information can bring to the lives of millions.”

As the Internet of Things and online connectivity of our nation’s critical infrastructure shows no signs of slowing down, ThreatMetrix has outlined several security strategies to address some of the associated risks:

  • Network Segmentation and Isolation – Network segmentation or “zoning” is a popular practice in Internet security. Through network segmentation the possibility of limiting the risk of a data breach to your entire network maximizes. It also can help businesses determine what information to keep on public or private networks.
  • Account Authentication – Username and password authentication is the weakest point of entry for most businesses operating online, often making businesses an easy target for hackers. At this stage, it is irresponsible to protect any information stored online with passwords alone. The use of multiple authentication factors, such as context-based authentication and real-time fraud prevention can help reduce the risk of stolen user identities and fraudulent transactions without disrupting the user experience for authentic customers.
  • Tracking – Tracking data enables businesses across industries to differentiate between authentic and fraudulent transactions and other activity. By identifying anomalies such as hiding behind proxies and virtual private networks or change in shipping address through a global network of shared intelligence, businesses can recognize patterns that represent known threats or never-before-seen patterns that show a potential threat.
  • Secure Updates – It is important that Internet-connected devices are updated on a regular basis to stay one step ahead of cybercriminals as they become increasingly sophisticated.

For comprehensive cybersecurity strategies to be effective and protect Internet of Things devices as well as critical infrastructure, there needs to be collaboration and sharing of information at both the business and the government level, while protecting consumer privacy. The ThreatMetrix® Global Trust Intelligence Network anonymizes and encrypts data to enable businesses to identify threats and keep their business secure without providing any personally identifiable information.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. The remaining upcoming themes include:

  • Week Four – Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs
  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix will continue to support each week’s theme throughout the month. To commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

 

FBI Provides Tool for Checking Out Suspicious Files

Posted on October 13th, 2014 by Dan Rampe

FBI

Businesses, Researchers and Academics Will Soon Be Able to Upload Files to FBI Portal to Ensure They Don’t Contain Malware

The FBI offers a portal for law enforcement agencies to check out files. Now a separate FBI portal will be made available for a much wider audience. Called Malware Investigator, the portal will be accessible to established FBI partnerships, including members of the U.S. Intelligence Community (USIC), domestic and foreign law enforcement, academia, and private industry.

How it works

According to Charlie Osborne’s article on zdnet.com (link to article), here’s how it works. “Once a file is uploaded, the system pushes [it] through antimalware engines to [extract] information…whether it is malicious, what the malware does, and [whom it affects.]

“The Malware Investigator analyses threats through sandboxing, file modification, section hashing, correlation against other submissions and the FBI’s own entries concerning viruses and malware reports. Windows files and common file types can currently be analyzed, but this will expand to include other file types in the near future.”

The FBI’s Jonathan Burns noted that API access has been granted for businesses that want to integrate the engine into their platforms. Personal details of submitters would not be disclosed.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

Largest U.S. Bond Insurer Learns of Exposed Customer Accounts — from Blog

Posted on October 10th, 2014 by Dan Rampe

MBIA

Security Guru Brian Krebs of KrebsOnSecurity Notifies Municipal Bond Insurance Association (MBIA) of Web Server Misconfiguration That Put Customer Accounts at Risk

MBIA is a public holding company that offers municipal bond insurance and investment management products to diversify the holdings of insurance companies that include Aetna, Fireman’s Fund, Travelers, Cigna and Continental.

In his piece on KrebsOnSecurity.com, Brian Krebs reports how he learned that MBIA had exposed countless customer account numbers, balances and other sensitive data to potential attackers. The following has been excerpted from Krebs’ blog and edited to fit our format. You may find his complete, unedited piece by clicking on this link.

Bryan Seely, an independent security expert, discovered the exposed data using a search engine. Seely said the data was exposed thanks to a poorly configured Oracle Reports database server. Normally, Seely said, this type of database server is configured to serve information only to authorized users who are accessing the data from within a trusted, private network — and certainly not open to the Web.

Worse yet, Seely noted, that misconfiguration also exposed an Oracle reports diagnostics page that included the username and password that would grant access to nearly all of the customer account data on the server.

“Malicious hackers finding dozens of universities or companies with Social Security numbers, health data or other information is devastating, but stumbling on bank accounts and the instructions for how to empty them is potentially catastrophic,” Seely said. “Billions in taxpayer funds, invested into one of the largest institutions in the world that were essentially being guarded by a sleeping security guard.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

Taking the Fight to the Fraudsters in a Month to Remember

Posted on October 9th, 2014 by Dan Rampe

Standard-Header-Tony2

September was a great month if you work in fraud prevention circles. A major new agreement between the European Banking Federation and Europol’s European Cybercrime Center (EC3) will make information sharing and co-operation between the region’s law enforcers and banks more extensive and effective than ever before.

It’s to be applauded. After all, fraud across Europe is increasing and becoming increasingly “cyber” in nature.

An annual report from the European Central Bank back in February revealed that card fraud rose for the first time in 2012 since 2008 – driven mainly by internet fraud. It claimed €1 in every €2,635 spent on credit and debit cards issued within SEPA (Single European Payments Area) was lost to fraud. While fraud via POS systems and ATMs dropped since the previous year, card not present fraud – including payments by post, telephone and the internet – jumped from 56% to 60%; the highest since records began.

It’s not hard to see why. Online fraud is difficult to trace and easy to commit. Cybercriminals have become adept at logging into online bank and other accounts with phished credentials, or setting up new ones with ill-gotten personal information. User awareness is increasing, but not fast enough, and alternatives to password-based systems such as two-factor authentication (2FA) can be too user-unfriendly. Meanwhile, traditional behind-the-scenes anti-fraud systems can be slow to spot suspect behaviour, and often end up blocking innocent customers.

A step in the right direction

So we applaud the new memorandum of understanding between EC3 and the EBF. It should speed up and improve cross-border sharing of stats on fraud and cyber attacks. On the one hand this will give the police an advantage when pursuing organised crime and, on the other, it should help banks understand fraud patterns better so that they can prepare their cyber defences more effectively. Fraud prevention is finally moving from ad-hoc and localised to systemic, automated and cross-border.

That’s not the only good news from September. The British Bankers Association announced plans for a new Financial Crime Alerts Service (FCAS) – where it will share with its members real-time alerts on cyber crime, fraud and other activities generated by law enforcers and government agencies.

The UK has in fact been quietly ramping up the number of specialist fraud officers in the police force – with staff levels rising 11% since 2011 to reach 448 today. The number civilian investigators also increased, from 235 to 289, the BBC said. However, there’s still a feeling that officers are swamped with requests, as fraud increased in England and Wales by 40% during the same period.

In the US, meanwhile, a joint venture between the Financial Services Information Sharing and Analysis Center (FS-ISAC) and The Depository Trust & Clearing Corporation (DTCC) will lead to the creation of Soltra. This new body will focus on developing “software automation and services that collect, distill and speed the transfer of threat intelligence from a myriad of sources to help safeguard against cyber attacks.”

Our approach

ThreatMetrix® fully supports any moves to improve the sharing of actionable intelligence between financial institutions and law enforcements for a win-win scenario. But we’d also argue that there’s another, proactive step organisations of all shapes and sizes can take to minimise the risk of account fraud.

Our approach is to understand the endpoint, the user’s identity (which is anonymised) and their behaviour to determine if a transaction can be trusted or not. Our fraud information does not come from law enforcement but from over 850 million monthly transactions that our 3,000+ customers – from major banks to social networks, enterprises and e-commerce giants – provide us with. Just as the users of the fraud initiatives above will get better over time at spotting and predicting threats, so the ThreatMetrix® Global Trust Intelligence Network gets smarter with each risk assessment.

It’s global, cross-industry, real-time intelligence that works in the background without any customer input needed to spot and block fraud before it has a chance to get anywhere near your business.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.