What Uber Might’ve Done to Prevent Compromising the Personal Info of 50,000 Drivers

Posted on March 6th, 2015 by Dan Rampe

Uber

Andreas Baumhof, ThreatMetrix’s CTO, Explains How a Holistic Approach to Security Might Well Have Made All the Difference

Shoulda, coulda, woulda can’t help the 50,000 past and present Uber drivers whose personal information (names and driver’s license numbers) was compromised in the company’s recent breach. However, Andreas Baumhof offers a practical approach that could help prevent a future recurrence and help other companies avoid a similar lapse in security.

In his article on scmagazine.com, Adam Greenberg tapped Baumhof and Steve Hultquist, chief evangelist at RedSeal for answers. His article has been edited to fit our format. You may find Greenberg’s complete piece by clicking on this link.

Enough compromised information for ID theft

“Names and driver’s license numbers are two key elements of verification of personal identity,” Hultquist said. “Combined with other information that could be gained by social engineering or by existing breaches, theft of personal identities is possible.”

Very valuable information

Andreas Baumhof, CTO of ThreatMetrix, [noted] that personally identifiable information (PII) increases in worth when more pieces of data related to a single individual are obtained.

“[If] I know your name and your associated email and then the associated address and then the associated credit card number and now the license plate, the information gets more valuable.” He went on to explain, “One reason is the use of knowledge-based authentication is still quite heavy (even by banks) where they ask you some questions that only you should know (e.g. what’s your license plate number?) to do a 2nd factor authentication.”

What they knew and when they knew it

Uber stated that a single instance of unauthorized access to one of its databases occurred on May 13, 2014. The company explained that it discovered the potential access on Sept. 17, 2014, and immediately changed the access protocols for the database.

How the breach might have occurred

“Given the information that Uber has shared, it seems likely that the breach came from the unauthorized use of an existing database access account,” Hultquist said. “The other likely option is access via a database system vulnerability, but that doesn’t seem indicated by the report.”

Baumhof’s comprehensive approach to protecting data

To prevent these types of incidents from occurring in the future, Baumhof said that a holistic approach needs to be considered. He explained that internal systems need to be restricted and secured, and access to data needs to be protected using context-based and behavioral approaches.

Uber’s John Doe Suit

According to the statement, Uber has filed a “John Doe” lawsuit so it can “gather information that may lead to confirmation of the identity of the third party.” The Register reported…that Uber subpoenaed GitHub so the latter company would turn over the IP addresses of visitors to a particular gist, which is believed to have contained a login key used to access the Uber database.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Labs Report Covers the Fish That Hooks People

Posted on March 5th, 2015 by Dan Rampe

Labs-Header

Superfish Adware Acting as “Man-In-The-Browser” Business and Banking Malware Is Outlined in the Latest ThreatMetrix Labs Report

Not familiar with Superfish? Ask any buyer of a Lenovo laptop purchased between October and December 2014 whose computer came preinstalled with the adware. But don’t think you’re going to hear kudos.

“Superfish Adware – A Closer Look”

Comparing Superfish and similar adware to “man-in-the-browser” (MitB) banking Trojans, the ThreatMetrix Labs report, “Superfish Adware – A Closer Look,” details the nature and behavior of this software. It also details Superfish’s HTML injection through browser add-ons and the type of sensitive information this injection allows the injected Javascript to access.

Komodia’s library vulnerable

The report also goes into issues associated with Superfish and other adware tools that use Komodia’s library for ad injection installing a Certificate Authority (CA) into users’ browsers. Protected only by easily-obtained, weak passwords, it’s no trouble at all for cybercriminals to create fake, legitimate-looking website certificates.

Andreas Baumhof, ThreatMetrix’s CTO, on the increasing adware threat

“Data from the ThreatMetrix Global Trust Intelligence Network shows that the Superfish Adware has been an increasing threat since October 2014. While this isn’t a new threat, its recent exposure has left many businesses and consumers questioning what they should know about its threats and how to protect against it. Since it has been around for some time and ThreatMetrix has long had capabilities to detect these kinds of threats, we provide technical details surrounding Superfish and its implications.”

A Javascript injection of Superfish

Depending on the page accessed, the Javascript injected by Superfish has full access to a wide range of sensitive information. For example, the ThreatMetrix Labs report outlines the information that can be accessed by this Javascript code when a user visits a website, including cookies, local storage information, any Document Object Model (DOM) element of the page, user input (such as form field data) and any events that are fired during the session (such as submission of a login form).

ThreatMetrix’s honeypot detects malware strains

ThreatMetrix provides a malware detection service (a “honeypot”) that allows its customers to detect the presence of malware strains like Superfish in real time without any interference in their customers’ journeys. This information is fully integrated into the analysis by the ThreatMetrix® Global Trust Intelligence Network (The Network).

Notes Baumhof about the honeypot

“Whenever a strain of malware like Superfish grows this rapidly, online businesses and banks struggle to protect their customers against its threats – such as compromised sensitive information – without adding friction to the user experience. ThreatMetrix’s honeypot detection techniques help businesses detect unauthorized webpage modification within a user’s browser as part of the user’s full risk assessment, all without any added steps to the customer journey.”

Authenticating customers in real-time

ThreatMetrix authenticates customer transactions using real-time identity and access analytics that leverage the power of the world’s largest shared intelligence network. The ThreatMetrix solution already protects leading online businesses and financial institutions against account takeover, payment fraud, and fraudulent account registrations as a result of stolen credentials obtained from malware, social engineering, phishing and data breaches.

The public ThreatMetrix Labs report can be downloaded here.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

Sandpiper: An Eagle When It Comes to Fighting Cybercrime

Posted on February 27th, 2015 by Dan Rampe

Europol

EC3 Supports 18-Month EU-Funded “Project Sandpiper” to Stop Payment Card Fraud in Its Tracks

The latest statistics published by the European Central Bank reveal that card-not-present (CNP) fraud is on the rise accounting for 60% of all fraud losses on cards issued in the European Union. To address the problem, Europol’s European Cybercrime Centre (EC3) has launched several investigations.

Project Sandpiper

Initiated by UK authorities and supported by Europol’s European Cybercrime Centre (EC3), Project Sandpiper took out after the bad guys. The score after eighteen months: 59 arrests; 32 prosecutions; 17 convictions; 52,812 compromised card numbers recovered; £23 million ($35 million) estimated savings to the banking industry; and the disruption of 5 organized crime groups misusing electronic payments mainly in overseas destinations.

Troels Oerting, head of EC3

An article on eurasiareview.com (link to article) quotes the former head of the European Cybercrime Centre, Troels Oerting, who said, “The criminal networks involved in this sophisticated electronic payment crime have been taken down as a result of many months of hard work by police officers and prosecutors in the European Union. Through the international cooperation of law enforcement authorities, the European Commission and Europol, as well as cooperation with the financial industry, European customers’ payment transactions are safer. We continue our fight against this crime. The criminals continue to develop new methods for stealing our identities, money and ideas online, and we have to continue and further develop operations like Sandpiper and Skynet. [Skynet is the codename of a new EU-funded project. Just launched, it focuses on international cooperation to combat online CNP fraud. Six EU Member States are involved.]”

A joint EU effort

According to the eurasiareview.com story, Europol’s information and analysis systems are used to exchange and cross-check the intelligence received from member states.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

What’s Happening with Mobile Device Payments Is Criminal

Posted on February 23rd, 2015 by Dan Rampe

Mobile Devices

Mobile Device Fraud Makes Up a Disproportionate Share of the $6 Billion Fraud Costs Merchants and Card Issuers in the U.S. Each Year

Forrester Research says mobile payments accounted for $52 billion worth of U.S. transactions in 2014, up from $32 billion in 2013. And this year that number is expected to hit $67 billion.

A LexisNexis survey of 1,100 companies found that while mobile payments account for 14 percent of transactions among merchants, they make up 21 percent of fraud cases. In her story on bloomberg.com, Olga Kharif details how cyberthieves have continued to shift their focus to mobile devices. The following has been excerpted from her piece and edited to fit our format. You may find her complete article by clicking on this link.

More mobile fraud than on PCs

“We certainly see a surge in mobile payment attacks,” says Tomer Barel, chief risk officer at PayPal, who says his company deals with more cases of fraud on mobile devices than on PCs. “There are many more avenues for fraudsters to try.”

Every dollar of mobile fraud costs merchants $3.34

Each dollar worth of misbegotten mobile payments winds up costing a fooled merchant $3.34. That’s slightly more than the cost of a fraudulent credit card swipe or mail order, 27 percent more than a similar payment made from a PC.

Merchants aren’t equipped to handle mobile fraud

Along with the cost of lost merchandise, the total includes investigation of the fraud. That’s tougher on phones than on PCs, because many businesses aren’t equipped to track mobile devices’ unique identifiers such as IP addresses. Stores often don’t catch when a card issued in Los Angeles is used for a mobile order from Mexico, says Aaron Press, director of e-commerce and payments at LexisNexis Risk Solutions. “It’s kind of a wake-up call,” he says.

Lower-tech fraud

Some mobile fraud remains low-tech. Last year, the Better Business Bureau warned consumers about a scam in which people posted absurdly cheap offers for used cars online, then tricked interested buyers into wiring funds through a phony version of Google Wallet.

Higher-tech fraud

Other frauds are more technical, such as the hackers who found a bug in a Chilean public transportation app that let them top off their travel credits for free.

The weak link

Like the brief flurry of duplicate charges that accompanied Apple Pay’s debut in October, such glitches highlight the vulnerability inherent in a system that requires banks, card networks, and software makers to keep pace with thieves. “If you don’t make the proper investment, they’ll be attracted to the weakest link,” says PayPal’s Barel.

Biometrics may stop some cybercriminals

Smartphone operating systems, at least, are tougher to infiltrate than those of PCs. Phones with biometric sensors can also make a person’s identity tougher to steal. Mobile payment service LoopPay says it’s adding support for biometric features such as Apple’s fingerprint reader, despite hackers’ claims that they can fool the iPhone’s sensor. Rival CurrentC says it’s considering similar measures….

“There’s no perfect system,” says Will Graylin, chief executive officer of LoopPay. “It’s always a game of cat and mouse.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

A Billion Records Compromised in a Record-Breaking Year

Posted on February 19th, 2015 by Dan Rampe

Data Breach

Security Experts Discuss What Lessons Were Learned from 2014’s Data Breach Deluge

To be exact, there were 904 million records compromised in 2014, a record-breaking year in every sense of the word “record.” While a great deal was lost monetarily and even psychologically, i.e., a feeling of security, a great deal was learned as well. In a far-ranging piece on cio.com, Steve Ragan has security experts offer up their observations on what organizations can take away from a very tough learning experience. The following has been excerpted from his article and edited to fit our format. You may find the complete, unedited article by clicking on this link.

Like candy from a baby

Thus, this year’s security problems have taught organizations a valuable lesson when it comes to protecting the supply chain and offering awareness training to staff and vendors. From phishing to weak third-party access, criminals walked in through the backdoor, and out the front, with relative ease.

Difficult to defend

“Businesses today have a maze of complex dependencies on outside service providers and suppliers. This makes a complex attack surface, and that in turn makes defenses weak. The more complex our infrastructure, the harder it is for defenders to see it all and understand its weaknesses,” commented Dr. Mike Lloyd, CTO at RedSeal.

Multiple baskets

Another lesson learned this year centers on keeping all of one’s eggs in a single basket. As mentioned, twenty incidents reported in 2014 exposed one million records or more in each instance, but three of them resulted in the compromise of a combined 489 million records.

Adam Kujawa, head of Malware Intelligence at Malwarebytes Labs, said that the JPMorgan Chase breach was a perfect example of how the damage from an incident can be reduced by segmentation. “Attackers were able to steal millions of customer’s personal information such as names, emails, addresses, etc. However, they were unable to steal the actual financial data. That kind of data was hidden away behind another layer of security and one that was apparently impossible for attackers to get to,” Kujawa said.

“If all organizations used practices similar to that, then regardless of a breach, there would be a lot less damage in the aftermath.”

No longer a luxury

“Today, [security is] rapidly shifting to an imperative – auditors look for it, regulators demand it, and customers expect it. Cost is no longer the limiting factor – boards are willing to spend money to steer clear of the wrong kind of news coverage. The limiting factor is complexity – you can’t segment what you can’t map, and too many organizations have effectively lost the blueprints of the infrastructure they run their businesses on,” he explained.

Criminals prefer personal information

Criminals are starting to favor PII over financial information, because it’s easier to sell and leverage. To put it simply, the banks are making it harder to use stolen credit card details due to anti-fraud advancements.

Michele Borovac, VP at HyTrust, pointed out that while it’s relatively easy to cancel a credit card, it’s much harder to track down and recover your identity if it’s stolen. “Attackers with a few pieces of personal information can parlay that data into new credit card applications, online account access and many other nefarious – but lucrative – activities,” Borovac said.

Big data big breach

“Big Data leads to Big Theft,” said Dr. Lloyd. “Cyber criminals are savvy about risk vs. reward – if we make big piles of data, they are willing to put in more effort to get in to take it.”

HyTrust’s Borovac agrees:

“The primary reason that we’re seeing breaches of this magnitude is that data and applications are becoming more concentrated. As organizations consolidate and virtualize data centers, it becomes easier for someone who gets in to get everything.”

Lessons are lost on some

Despite the fact that 2014 was a record setting year for data breaches, for most organizations security is still an after-the-fact, bolted-on additive.

“Security professionals at heart have known for over a decade now that security, like all business practices, is ultimately dictated by ROI. Until companies feel that they will lose customers due to security concerns, there is no good business reason to address them with the same attention that they do sales or any other income-generating business infrastructure piece,” said Carl Vincent, security consultant at Neohapsis.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

White House Cybersecurity Summit Decisions Aligned with ThreatMetrix Solutions

Posted on February 16th, 2015 by Dan Rampe

Obama

President Calls for Threat Information Sharing and Right to Privacy

In the wake of the White House Cybersecurity Summit held at Stanford University last week, Alisdair Faulkner, chief products officer, ThreatMetrix® wrote:

In light of President Obama’s visit to Silicon Valley, now is a better time than ever to address online security and privacy. Collecting an unreasonable amount of personal information will lead to a “Privacy Pearl Harbor.”

How much information collection is too much?

Threat intelligence sharing is necessary but only to a certain extent – businesses must make sure that reasonable security is not an unreasonable privacy invasion. There needs to be a reasonable amount of digital identity verification such as verifying one’s location or phone number when using a banking app. However, some businesses, including ride sharing services and major banks, have access to information about your entire location and activity history each time you use the app. With so much information stored on users’ mobile devices and in specific mobile apps, this often leads to an unreasonable privacy invasion beyond what is necessary for security measures. Instead, the recent influx of data breaches and privacy concerns calls for industry-wide authentication guidelines that do not compromise privacy.

Anonymized shared intelligence: authentication and privacy

To maintain a balance between privacy and security, businesses should leverage anonymized shared intelligence, behavior-based identity proofing and context-based authentication. At a minimum, industries operating online should self-enforce standards for controlling access to customer data from both insider and outsider theft without invading privacy.

Protecting customer and corporate identities

In addition to balancing privacy and security, businesses need to focus on protecting data in use in addition to data at rest. Data in use refers to customer or corporate identities that are used following a data breach without the individual’s knowledge. A key requirement for data protection is for businesses to ensure personally identifiable information is screened against unauthorized use prior to being processed. This can be done through device identification, malware detection and anonymized trust federation.

For more on preserving privacy while maintaining security, see:

ThreatMetrix Shares Strategies for Walking the Tightrope Between Consumer Online Privacy and Security

ThreatMetrix Shares Strategies for Businesses to Protect Identities in Use in Support of Data Privacy Day

At summit President acknowledges challenge of info sharing vs. privacy

In her story on techcrunch.com, Sarah Buhr discusses the primary themes that emerged from the President’s call for closer cooperation between government and the private sector. The following has been excerpted from her piece and edited to fit our format. You may find the complete article by clicking on this link.

A new sheriff in town

While pushing for that collaboration, he admitted it would be a challenge to both keep up with cyber threats and protect American’s right to privacy at the same time. “Protecting the American people while making sure government is not abusing its capabilities is hard. The cyberworld is sort of the Wild Wild West and to some degree we are asked to be the sheriff…”

President signs Executive Order

[Obama] signed an Executive Order….. One of those provisions encourages information sharing and analysis organizations (ISAOs), which would serve as points of contact for information sharing between the government and the private sector.

The order added the Department of Homeland Security to the list of government organizations that would be able to approve the sharing of classified information and ensure that proper information is shared between entities.

The Snowden effect

The big question here is whether the private sector will be willing to offer this information. Many companies are still reeling from Edward Snowden’s revelations that they were handing over consumer information to the U.S. government and have since taken measures to encrypt data, even from themselves.

Constructing a cathedral

Obama acknowledged the challenge to protect American citizens from cyber threats, but at the same time protect their right to privacy. [He] likened the process of technological development to building a cathedral.

“[T]hat cathedral will not just be about technology but about the values we have embedded in this system. It will be about privacy and security and about connection. A magnificent cathedral and we’re all going to be a part of that.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

ThreatMetrix Cautions President and Participants at Cybersecurity Summit

Posted on February 13th, 2015 by Dan Rampe

Standard-Header-AF

ThreatMetrix’s Alisdair Faulkner Warns of a Possible “Privacy Pearl Harbor” Should Collecting Personal Info for Security Destroy Privacy

The long awaited presidential summit on cybersecurity taking place at Stanford University in Palo Alto, California brings together experts from industry, hi-tech, and law enforcement as well as consumer and privacy advocates, law professors who are specialists in the field, and students.

In its announcement of the Cybersecurity Summit, The White House says the Obama administration is pursuing five key priorities that will strengthen [the U.S.] approach to cybersecurity threats by:

  1. Protecting the country’s critical infrastructure — our most important information systems — from cyber threats.
  2. Improving our ability to identify and report cyber incidents so that we can respond in a timely manner.
  3. Engaging with international partners to promote internet freedom and build support for an open, interoperable, secure, and reliable cyberspace.
  4. Securing federal networks by setting clear security targets and holding agencies accountable for meeting those targets.
  5. Shaping a cyber-savvy workforce and moving beyond passwords in partnership with the private sector.

One key issue not touched upon in the White House announcement is the issue of privacy.

Alisdair Faulkner, ThreatMetrix chief products officer,  warns about losing privacy to gain security

In light of President Obama’s visit to Silicon Valley, now is a better time than ever to address online security and privacy. Collecting an unreasonable amount of personal information will lead to a “Privacy Pearl Harbor.”

How much information collection is too much?

Threat intelligence sharing is necessary but only to a certain extent – businesses must make sure that reasonable security is not an unreasonable privacy invasion. There needs to be a reasonable amount of digital identity verification such as verifying one’s location or phone number when using a banking app. However, some businesses, including ride sharing services and major banks, have access to information about your entire location and activity history each time you use the app. With so much information stored on users’ mobile devices and in specific mobile apps, this often leads to an unreasonable privacy invasion beyond what is necessary for security measures. Instead, the recent influx of data breaches and privacy concerns calls for industry-wide authentication guidelines that do not compromise privacy.

Anonymized shared intelligence: authentication and privacy

To maintain a balance between privacy and security, businesses should leverage anonymized shared intelligence, behavior-based identity proofing and context-based authentication. At a minimum, industries operating online should self-enforce standards for controlling access to customer data from both insider and outsider theft without invading privacy.

Protecting customer and corporate identities

In addition to balancing privacy and security, businesses need to focus on protecting data in use in addition to data at rest. Data in use refers to customer or corporate identities that are used following a data breach without the individual’s knowledge. A key requirement for data protection is for businesses to ensure personally identifiable information is screened against unauthorized use prior to being processed. This can be done through device identification, malware detection and anonymized trust federation.

For more on preserving privacy while maintaining security, see:

ThreatMetrix Shares Strategies for Walking the Tightrope Between Consumer Online Privacy and Security

ThreatMetrix Shares Strategies for Businesses to Protect Identities in Use in Support of Data Privacy Day

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

If Imitation Is the Sincerest Form of Flattery, Facebook Sure Did Flatter Us.

Posted on February 13th, 2015 by Dan Rampe

ThreatExchange

Facebook Launches ThreatExchange for Security Pros to Exchange Info about Cyberthreats

Does the concept of exchanging information about cyberthreats to make everyone safer sound somehow vaguely familiar? You know, like you’ve heard it somewhere before?

Well, how about the name “ThreatExchange?” That remind you of another company name? Like ThreatMetrix® perhaps?

Okay, it’s possible to chalk up Facebook’s latest “idea” to coincidence. Something that looks like a duck, waddles like a duck and quacks like a duck could turn out to be an ugly swan with a sprained ankle and deviated septum. Then, of course, there’s another explanation. It could be Facebook is validating the extremely successful concept pioneered years ago by ThreatMetrix.

In a recent article that appeared in Infosecurity, ThreatMetrix Chief Products Officer Alisdair Faulkner issued this cautionary note: “Shared threat intelligence is essential for stopping the bad guys, you just need to be careful you don’t stop customers as well. Reputation around shared identifiers like IP addresses can be a double edged sword.”

In his piece on mashable.com Rex Santus discusses Facebook’s launch. The following has been excerpted from his piece and edited to fit our format. You may find the full article by clicking on this link.

What a concept!

Doing what it does best, Facebook has created a platform — or a mini-social network, if you will — but this time for cybersecurity specialists. The concept is that researchers and professionals can learn from each other, and help keep everyone’s systems safer.

Been there. Done that.

“Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other’s discoveries, and make their own systems safer,” Mark Hammell, Facebook’s manager of threat infrastructure, wrote in a blog post announcing the project.

Déjà vu “all over again”

Security threats aren’t typically relegated to just one target, and the lack of communication between malware targets ends badly for everyone, according to ThreatExchange. So far, some pretty big-name Internet players have joined Facebook on ThreatExchange, including Bitly, Dropbox, Pinterest, Tumblr, Twitter and Yahoo. The platform expects to attract more partners as time goes on.

The new platform builds on Facebook’s ThreatData, a framework that stores cyberthreat information (such as bad URLs) for analysis by security pros.

A year ago you say?

The idea for ThreatExchange came about a year ago, when Facebook and others were facing a malware spam attack. The social network’s security specialists “quickly learned that sharing with one another was key to beating” the problem, Hammell wrote.

Share and share alike. Not exactly

To quell any fears that potential partners may have about sharing too much information publicly, Facebook said participants can tweak settings to pick and choose with whom they share their information. For example, a company may only want to share sensitive data with another partner that is experiencing the same attack.

An original thought that’s been heard before

“That’s the beauty of working together on security,” Hammell wrote. “When one company gets stronger, so do the rest of us.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

What’s Up with WhatsApp?

Posted on February 9th, 2015 by Dan Rampe

WhatsApp

A Banking Trojan. Cybercriminals Trick Users into Downloading Fake “WhatsApp Web” Messaging Apps That Spread Financial Malware

Not familiar with WhatsApp? It’s a cross-platform mobile messaging app, that lets users exchange messages without having to pay for SMS. Recently, the company, which already has 700 million users, launched “WhatsApp Web.” The new feature provides users with the ability to read and send messages directly from their web browsers.

In her piece on thehackernews.com, Swati Khandelwal explores how cybercriminals are taking advantage of the newly launched app to spread some nasty malware. The following has been excerpted from her piece and edited to fit our format. You may find her complete article by clicking on this link.

It only looks real

Security researchers at Kaspersky Labs …spotted a seemingly genuine WhatsApp Web for Windows in [a] spam campaign available for fake download.

“Fake downloads appeared in several languages and countries, and now [that] there is a real product out there the fraudsters have returned to their old attacks, dressed them up in new clothes and sent them on the prowl for new victims,” wrote Fabio Assolini from Kaspersky Lab.

Domains registered by cybercriminals

Researchers found a number of malicious domains registered by the cybercriminals to host their malware. Some of them were already in use and others were waiting for command from the criminals. One such domain, whatsappcdesktop.com.br, was found to be distributing Brazilian banking Trojans.

Assolini also explained that the firm has discovered some cases where unsuspecting users have been fooled [into installing] a suspicious Google Chrome extension shown as a simple messaging app, but in [reality] has nothing to do with WhatsApp.

Criminals’ goal: mobile numbers

The researchers also spotted many other promising but unofficial desktop versions of the fake Whatsapp Web offered to Arabic and Spanish language speakers as the legitimate version of the popular messaging application.

The main objective [was] to get the mobile phone number of the victims. In some cases, the attackers requested victims to enter and submit their mobile number in an attempt to download the fake Whatsapp Web client. Once submitted, the attacker would be able to run spam campaigns or make the victims unknowingly subscribe to premium-rate services.

Recommendations

[Access] WhatsApp on the web from the official website located at https://web.whatsapp.com.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

ThreatMetrix Enters 2015 Protecting Online Transactions Against Cybercrime with the Largest Shared Intelligence Network Available

Posted on January 27th, 2015 by Dan Rampe

Standard-Header-Reed

Significant Growth of The ThreatMetrix® Global Trust Intelligence Network, Global Expansion and Strategic Hires Positions ThreatMetrix for Continued Success in 2015

San Jose, CA – January 27, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced several of its 2014 milestones and its expectations for the company in the coming year.

Through analysis of the collective intelligence provided by the ThreatMetrix™ Global Trust Intelligence Network (The Network), the company protects 210 million active user accounts creating more than 850 million transactions each month. The Network provides the most comprehensive anonymized information available to determine context-based risk authentication – without compromising consumer privacy. By the end of Q1 2015, ThreatMetrix anticipates The Network will process more than one billion transactions each month, with up to 40 percent of those transactions initiating from mobile devices.

“Many of the world’s largest brands and companies trust ThreatMetrix to help protect their business operations from cybercriminals in real time,” said Reed Taussig, president and CEO at ThreatMetrix. “The global cybercrime landscape is continuously evolving, with new bad actors, technology and organization, and the only way to prevail against these threats is with a collective network that leverages data from across a global information base.”

Throughout 2014, ThreatMetrix made significant advances in cybercrime prevention and company growth, including:

  • Global expansion – ThreatMetrix greatly expanded its presence globally, spearheaded by the growth of its European data center to provide faster and more accurate fraud screenings for its international customers, enabling its business to double year-over-year in Europe. Additionally, the company opened a new office in Tokyo, doubled its staff in Asia and signed a number of key accounts in the Asia-Pacific (APAC) region.

“As a company, we anticipate significantly increasing investment in our Asian business in 2015,” said Taussig. “In the past year, we signed several major Asian e-commerce companies. We’ve hired seasoned regional management for the APAC region, as well as other international markets, and expect to see continued growth in the coming year.”

  • The Network – In September, ThreatMetrix announced that The Network – the largest independent, federated intelligence network of anonymized, privatized data – surpassed 850 million monthly transactions. The expansion of The Network enables ThreatMetrix to analyze and protect even more online transactions and activity, especially surrounding mobile-based transactions. By analyzing device, identity and behavioral data in real time, ThreatMetrix can quickly identify cybercriminals attempting to create fraudulent new accounts, takeover existing accounts or execute card-not-present (CNP) fraud. Additionally, this analysis provides a competitive advantage by allowing trusted customers frictionless account and transaction access while keeping costs low by greatly reducing the use of step-up or out-of-band authentication.

“United we stand, divided we fall” said Taussig. “The only way to combat highly organized, well-funded cybercriminals is by sharing cybercrime intelligence within and across industries. That is exactly what we’re trying to accomplish through The Network.”

  • New products and technologies – Significant investments in The Network and the ThreatMetrix TrustDefender™ Cybercrime Protection Platform contributed to the company’s success in 2014. With its Spring and Fall Releases, ThreatMetrix combined sophisticated trust analytics with improved behavior intelligence and enriched its context-based authentication through additions such as PersonaID, Trust Tags, PersonaDB and Smart ID 2. Additionally, the company received a patent for its ability to accurately differentiate between trusted customers and cybercriminals across mobile and web interactions.
  • Company evolution – In 2014, ThreatMetrix completed its transition as the leading provider of advanced fraud prevention and frictionless context-based security solutions. The company has made advancements in its field by leveraging the power of The Network to enable frictionless, context-based authentication, which prevents unauthorized access to enterprise applications without damaging the user experience for good customers.
  • Funding – In March, ThreatMetrix announced that it closed a Series E round of financing led by Adams Street Partners. The investment round brought in $20 million in capital, with all existing ThreatMetrix institutional investors participating in the investment.
  • Rise of mobile – From Thanksgiving Day through Cyber Monday, mobile accounted for 39 percentof all transactions across The Network. By the 2015 holiday shopping season, ThreatMetrix predicts this number will surpass 50 percent.
  • Record transaction volume – Year-over-year from 2013 to 2014, transaction volumes in The Network increased by more than 80 percent, from 3.8 billion to 6.9 billion. Currently, ThreatMetrix experiences transaction volumes of more than 1,000 transactions per second and expects that number to double in 2015.
  • Billings and Customer Growth – ThreatMetrix continues to experience double-digit annual billings growth and more than doubled its customer base in 2014 through its direct sales effort and in conjunction with its extensive global partner channel.
  • SaaS recurring revenue model – ThreatMetrix’s outstanding financial performance is driven largely by its high customer retention. Through recurring revenue, ThreatMetrix is able to sustain and grow its global shared intelligence to provide the highest level of context-based authentication and fraud prevention possible.
  • Ping Identity Integration – In June, ThreatMetrix announced its integration with Ping Identity’s PingFederate® identity bridge. The combined solution provides context-based authentication for enterprises with secure, transparent and frictionless access for mobile and online users.

“At ThreatMetrix, we are continuously aggressive in terms of adding partnerships that can provide our customers with enhanced services and capabilities,” said Taussig.

  • OFAC Regulations – To ensure companies can easily stay compliant with the Office of Foreign Assets Control (OFAC) regulations, ThreatMetrix began an initiative to allow businesses to stop transactions originating from embargoed or restricted countries by accurately identify user locations, even if advanced location cloaking technology is being used.
  • ThreatMetrix Cybercrime Report – In 2014, ThreatMetrix began the release of its quarterly report outlining the landscape of cybercrime through data from The Network. The report offers a representative summary of activity across industries identifying the types of attack methods used to perpetrate account creation, payment and login fraud.
  • New and existing markets – While continuing its success in the global financial services market, global e-commerce market and media industries, among others, ThreatMetrix also entered the online gaming market in 2014. It plans to expand its presence in the insurance and healthcare markets in 2015.
  • Strategic management hires – ThreatMetrix increased its staffing by 61 percent in 2014, which was reflected in its strategic hiring of key management, including Pascal Podvin as General Manager for U.S. and EMEA and Gene Kuo as vice president and General Manager of Asia Pacific.
  • ThreatMetrix 2014 Cybercrime Prevention Summit – Themed “Building Trust on the Internet,” the ThreatMetrix 2014 Cybercrime Prevention Summit saw a record number of attendees, bringing together more than 250 industry and cybersecurity experts from around the globe to discuss strategies to make the Internet safer for businesses and consumers alike.
  • Awards – ThreatMetrix won almost one dozen industry awards, including a Gold Stevie® Award in “New Product or Service of the Year – Security Solution” category and a Silver Award in the “Most Innovative Tech Company of the Year – Computer Software” category in the 12th Annual American Business Awards; Gold Awards as “Innovative Company of the Year” and “Integrated Security (Software) Innovation” in the Golden Bridge Awards; Named to the “100 Most Promising Technology Companies in the U.S.” by CIOReview; Recognized as a Silver Winner in the “Enterprise Product of the Year – Software” Category by the Best in Biz Awards 2014 International; Judges’ Choice for “Best Overall Fraud/Security Solution” at the 2014 CardNotPresent.com (CNP) Awards for the ThreatMetrix TrustDefender Cybercrime Protection Platform, among others.

“ThreatMetrix’s accomplishments in 2014 are helping us pave the way to a truly collective approach to cybercrime through the power of The Network,” said Taussig. “We have ambitious goals to continue our growth in many of the major industries affected by cybercrime – including financial services, e-commerce and media – and we anticipate tremendous strides in combatting cybercrime in those industries as well as new industries throughout 2015.”

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com