ThreatMetrix: New Year Will See More Than Half of Transactions on Mobile and Evolving Cyberthreats

Posted on December 17th, 2014 by Dan Rampe

2015-header

ThreatMetrix Predicts Better Info Sharing, Major Internet of Things Security Issues and Bigger, Even More Sophisticated Data Breaches.

While 2015 looks to have more and better information sharing, the difficulty of protecting the Internet of Things (IoT) and the data breaches that plagued major banks, e-commerce giants, healthcare giants, casinos and others in 2014 will continue to grow. They can be expected to increase in sophistication and exposing hundreds of millions more usernames, passwords and credit card details.

So that businesses may be better prepared to meet the challenges and changes in the upcoming year, ThreatMetrix® offers these observations:

Mobile will represent more than half of transactions during the 2015 holiday season

During this year’s Cyber Week, from Thanksgiving Day through Cyber Monday, mobile accounted for 39 percent of all transactions across the ThreatMetrix® Global Trust Intelligence Network (The Network). By next year, ThreatMetrix predicts this number will surpass 50 percent.

Because of the October 2015 EMV deadline, retailers will be making the switch to the Europay-MasterCard-Visa (EMV) payments system. Likely the same retailers will also accept mobile payments such as Apple Pay. These two events will contribute to increasing consumer use of mobile payments.

“Consumers are far more comfortable shopping on mobile devices than they were even a year ago, and that trust is going to continue to grow,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “Unfortunately, many businesses face difficulties determining the authenticity of mobile transactions through hidden cookies and geo-location data. Leveraging a global network of trust intelligence enables businesses to differentiate between previously authenticated users and potential fraudsters and will be the best way to protect sensitive information and customers against cybercrime in 2015.”

Information sharing will continue to rise

While cybercrime threats will grow in sophistication during the coming year, information sharing about those threats within and across industries will also grow. The financial services industry is already paving the way for growth of information sharing via the Financial Services Information Sharing and Analysis Center (FS-ISAC). Additionally, retailers are beginning to see the benefits of information sharing and have established their own group this past year. The Network, which analyzes more than 850 million monthly transactions across 3,000 customers, also provides a shared view of cybercriminals’ activity, enabling companies within The Network to protect their businesses by accurately identifying fraudsters, as well as good customers.

“Businesses in many industries are seeing the benefit of information sharing, and that will continue to increase in the coming year,” said Andreas Baumhof, chief technology officer at ThreatMetrix. “Unfortunately, while information sharing is common practice in some industries, businesses in other industries, such as retail, are often wary of sharing too much information with competitors. However, with today’s highly organized cybercriminals, it takes a network to fight a network. The balance is between businesses sharing good data, not just big data, and maintaining a certain level of trust to stay competitive with one another.”

Cybercriminals will identify new opportunities to compromise personal information

In 2014, there were many high profile data breaches that were deemed “unprecedented.” Hundreds of millions of user accounts have been compromised. The Russian cybercrime ring exposed 1.2 billion passwords in the Home Depot breach. Most recently, the Sony breach has been a sign of cybercriminals shifting their focus to cybersabotage. In 2015, there will be more unprecedented attacks as cybercriminals continue to become more sophisticated.

“There is no end in sight,” said Reed Taussig, president and CEO at ThreatMetrix. “Last year, ThreatMetrix predicted the password apocalypse for 2014 – and the number of major data breaches over the past year targeting user login information shows that prediction was true. There are endless opportunities for hackers to steal personal information, and that’s not going to stop in the coming year – it’s going to get worse. I would venture to guess that in 2015 one of the world’s major stock exchanges may very well be compromised, which has the potential to result in severe economic damage on a global basis.”

The Internet of Things will continue to be a security nightmare

One of the first major hacks to the Internet of Things came early on. It can be nearly impossible to know when one of the many connected devices that are used every day is compromised – from smart phones to washing machines and refrigerators. As more devices are added to the Internet of Things in the next year, protecting these devices will become even more difficult.

“We can’t even protect our most critical assets, so how can we be expected to protect a smart fridge?” said Baumhof. “One of the biggest problems is that many of these tools have a long lifespan and current security systems rely heavily on the ability to patch systems on a regular basis. For most of the devices within the Internet of Things, that practice is not implemented, nor feasible.”

Health systems will become a major target for cybercriminals

This year U.S. healthcare spending hit $3.8 trillion. Unfortunately, almost one-third of that is lost to fraud. As more money is dedicated to the healthcare market, cybercriminals will also be cashing in.

“In major data breaches, cybercriminals target credit cards and login credentials, but there are other sources where money is flowing, and it’s only a matter of time before cybercriminals ramp up their attention toward those industries,” said Faulkner. “In the New Year, insurance, healthcare and pharmacies will be new focuses for fraudsters. As healthcare information makes the shift electronically via the Health Insurance Portability and Accountability Act (HIPAA), fraudsters will find ways through its security holes to commit healthcare fraud and steal personal information.”

ThreatMetrix enables businesses across a wide range of industries – including e-commerce, enterprise and financial services – to securely share information about devices and personas connecting to their sites without sharing any personally identifiable information about customers or visitors. The approach ThreatMetrix takes through anonymizing and encrypting information in The Network offers a model for cybersecurity collaboration that will be essential for companies to protect their businesses in 2015 and beyond.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

ThreatMetrix Announces Strategies to Combat Growing Threats to Critical Infrastructure and the Internet of Things

Posted on October 14th, 2014 by Dan Rampe

Andreas2

In Conjunction with National Cyber Security Awareness Month, ThreatMetrix Outlines Security Measures to Properly Secure Web-Connected Devices and Critical Infrastructure

San Jose, CA – October 14, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced strategies to combat security risks for the Internet of Things (IoT) and critical infrastructure, continuing its commitment to this year’s National Cyber Security Awareness Month (NCSAM) theme, “Our Shared Responsibility,” as well as the third week’s theme of examining potential security implications associated with critical infrastructure and the IoT.

The theme of NCSAM’s third week is “Critical Infrastructure and the Internet of Things,” calling out the risks faced by devices and critical utilities as they increasingly connect to the Internet. As devices ranging from watches and heart monitors to refrigerators, as well as critical utilities such as water and power, continue to connect online, our everyday lives are placed at an increased risk to of being compromised by fraudsters.

In the past year alone, innovations in wearable technology and other fields have included a burst in Internet-connected devices. From cars that can send email reminders when they need service to health monitors that publish heart rate and glucose level to online tracking tools, the inter-connected world is growing and not slowing down, creating significant risks for consumers’ privacy and cyber security.

However, the users of these new technologies are not the only ones affected by the increasing connectivity of the world. Public infrastructure is all connected online, from power grids to water delivery systems, all controlled by networked devices. This is critical infrastructure, and it opens the door to individual cybercriminals or nation states to wage a new form of online warfare if proper security measures are not immediately set in place.

“The rapid growth of the Internet of Things creates a new wealth of information for cybercriminals to compromise, from our everyday appliances to critical operations, allowing them to steal personal information and cripple resources,” said Andreas Baumhof, chief technology officer at ThreatMetrix. “Apple will soon launch the Apple Watch, taking wearable tech from obscurity to the consumer forefront. It is becoming increasingly imperative that we ensure the information shared through these devices is secure as they will contain, collect, and track sensitive information about our personal physical lives, as well as elements tied directly to our financial being. In addition, point-of-sale system hacks have caused massive damage to major retailers over the past year, as we saw in the Target and Home Depot breaches, among others. Imagine what harm the mass distribution of health and critical infrastructure information can bring to the lives of millions.”

As the Internet of Things and online connectivity of our nation’s critical infrastructure shows no signs of slowing down, ThreatMetrix has outlined several security strategies to address some of the associated risks:

  • Network Segmentation and Isolation – Network segmentation or “zoning” is a popular practice in Internet security. Through network segmentation the possibility of limiting the risk of a data breach to your entire network maximizes. It also can help businesses determine what information to keep on public or private networks.
  • Account Authentication – Username and password authentication is the weakest point of entry for most businesses operating online, often making businesses an easy target for hackers. At this stage, it is irresponsible to protect any information stored online with passwords alone. The use of multiple authentication factors, such as context-based authentication and real-time fraud prevention can help reduce the risk of stolen user identities and fraudulent transactions without disrupting the user experience for authentic customers.
  • Tracking – Tracking data enables businesses across industries to differentiate between authentic and fraudulent transactions and other activity. By identifying anomalies such as hiding behind proxies and virtual private networks or change in shipping address through a global network of shared intelligence, businesses can recognize patterns that represent known threats or never-before-seen patterns that show a potential threat.
  • Secure Updates – It is important that Internet-connected devices are updated on a regular basis to stay one step ahead of cybercriminals as they become increasingly sophisticated.

For comprehensive cybersecurity strategies to be effective and protect Internet of Things devices as well as critical infrastructure, there needs to be collaboration and sharing of information at both the business and the government level, while protecting consumer privacy. The ThreatMetrix® Global Trust Intelligence Network anonymizes and encrypts data to enable businesses to identify threats and keep their business secure without providing any personally identifiable information.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. The remaining upcoming themes include:

  • Week Four – Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs
  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix will continue to support each week’s theme throughout the month. To commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

 

Did Your Fridge Have Its ID Stolen? Is Your Toaster’s Data Toast? Has Your Thermostat Become a Bot?

Posted on August 25th, 2014 by Dan Rampe

Internet of Things

The Internet of Things Brings Huge Promise and Monster-Size Security Headaches

Proponents of the Internet of Things talk about its great promise. Kenneth Corbin, in his piece (link to article) on itworld.com writes, “Household appliances could modulate their power consumption to avoid peak load times. Sensors placed along railroad lines could relay temperature data that could help preempt track failures. The same could be done for bridges, tunnels and other pieces of the nation’s fraying infrastructure.”

Corbin notes a pilot project in Maryland where 14 sensors in an apartment building monitor for smoke, heat, carbon monoxide and other potential danger signs, “relaying them to a cloud service that dispatches emergency responders if a problem is observed.”

The brave, new world of the Internet of Things comes with many of the problems of the old world – only magnified by the negatives possibilities. Corbin cites Randy Garrett, a program manager at the Defense Advanced Research Projects Agency (DARPA) who “worries that, in the exuberance to embed sensors in a galaxy of devices and bring them onto the network, backers of the Internet of Things will unwittingly create a virtually limitless set of new threat vectors.”

Garrett observes that despite computer users’ tendencies to not pay as much attention to security as they should, “many people are at least aware that the threats are out there and will often exercise some restraint in not clicking on spam links or avoid setting their password to “password.” (editorial comment: Can you say the same thing about the average waffle iron? Okay, there are instances where a waffle iron might be more security savvy than some computer users.)

Garrett points out that the infamous Target breach resulted from Target’s heating and air conditioning systems being connected to the internet to make servicing more accessible for a contractor. Of course, as history demonstrates, it also made the enterprise more accessible to hackers.

On the Internet of Things’ plus side is what can be done in healthcare where patients would be able to monitor such things as glucose levels and blood pressure and instantly send the data to their healthcare provider. Michael Chui, a partner and senior fellow at the McKinsey Global Institute observes, “That’s a much better set of data in which to diagnose and manage diseases.”

And Chui suggests solutions to issues facing the Internet of Things might be found in “rethinking” organizations and their traditional roles and processes. In a current retail environment, Corbin writes, “the CIO’s involvement in store operations might be limited to the cash registers, point-of-sale systems and back-office operations. In [an Internet of Things] world where mobile payments are a reality and items on the shelf are expected to interact with shoppers’ devices, though, the tech team must take a more hands-on role.”

“It’s a tremendous number of organizational challenges when you start integrating the physical world with the virtual world.” Chui adds, “You have to change the way you make decisions if you’re going to use the Internet of Things effectively.”

For another read on The Internet of Things, please take a moment to read  a previous blog from Andreas Baumhof, ThreatMetrix chief technology officer: “Have You Remembered to Friend Your Refrigerator? The Internet of Things is Here and Growing Fast. But One Exopert Warms It May Be ‘Patch as Patch Can’t.'”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

A Sign of the Times — Hacking Signs. Electronic Road-Sign Hackers Reveal a Downside to “the Internet of Things.”

Posted on June 6th, 2014 by Dan Rampe

Internet of Things

Remember the good old days when defacing road signs meant two barrels of double-ought buckshot in a deer-crossing sign on a rural dirt road? (Note: If it needs saying, we are indeed joking. Oh, you knew it all along.)

Anyway, the modern equivalent of the shotgun, but capable of being just as dangerous, is hacking into the software controlling an electronic road sign and changing the message — for instance from “DANGER BRIDGE OUT” to “HAPPY MOTORING. DON’T FORGET TO BUCKLE UP.”

The Internet of Things provides the ability to virtually control anything that connects to the Internet and offers up all kinds of possibilities for improving life from checking the security of the home while you’re on vacation to ensuring the dog isn’t eating the sofa while you’re at work. It also has downsides.

In his blog, KrebsonSeurity, Security Expert Brian Krebs, writes that authorities in several states have reported that hackers have broken into and defaced electronic highway road signs in several states. He quotes the Multi-State Information Sharing and Analysis Center (MS-ISAC) as observing “changes to road signs create a public safety issue because instead of directing drivers through road hazards, they often result in drivers slowing or stopping to view the signs or take pictures.

“That same MS-ISAC notice…points out that these incidents appear to be encouraged by sloppy security on the part of those responsible for maintaining these signs.” You may read Krebs’ entire article by clicking on this link.

Andreas Baumhof, ThreatMetrix’s chief technology officer, maintains, “the Internet of Things is coming on faster than we can cope with it. Soon enough, we will be living in smart houses and all of our critical infrastructure will be managed online. This extensive interconnectivity poses a severe risk with cybercriminals having more and better opportunities to disrupt critical utilities such as our nation’s water supply and other vital infrastructure.”

As well as warning of the dangers presented by the Internet of Things, Baumhof talks about a positive solution. “Given today’s sophisticated cybercriminals [and hackers, organizations] must collaborate through a global network for a collective response to cybercrime.”

To protect themselves against this newest threat to security, organizations including state governments, financial services, e-commerce, payments, enterprises, social networks and others can turn to global data repositories such as ThreatMetrix’s Global Trust Intelligence Network, nicknamed The Network.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

Have You Remembered to Friend Your Refrigerator? The Internet of Things Is Here and Growing Fast. But One Expert Warns It May Be “Patch as Patch Can’t.”

Posted on January 9th, 2014 by Dan Rampe

Internet

The Internet of Things or IoT is the name given to anything computers can remotely manage, alter and monitor. And, anything is the operative word. Fridges, air conditioners and other appliances, cars from accelerator to brakes, wearing apparel, inventories on store shelves, water and power utilities – virtually anything that connects to the Internet. And, of course, where you find the Internet, you also find politically motivated hackers to cyberthieves and terrorists.

Andreas Baumhof, chief technology officer, ThreatMetrix points out that, “The Internet of Things is coming on faster than we can cope with it. Soon enough, we will be living in smart houses and all of our critical infrastructure will be managed online. This extensive interconnectivity poses a severe risk with cybercriminals having more and better opportunities to disrupt critical utilities such as our nation’s water supply and other vital infrastructure.”

Echoing Andreas Baumhof’s concerns is Bruce Schneier, chief technology officer of Co3 Systems, a company that creates software to automate incident response. In a piece on wired.com, he explores why this brave new world of IoT comes with some nasty baggage and harkens back to the early days of the Internet when some kid whose girlfriend dumped him could take his revenge by making a bug that wreaked havoc across the planet.

We’re at a crisis point now with regard to the security of embedded systems, where computing is embedded into the hardware itself — as with the Internet of Things. These embedded computers are riddled with vulnerabilities, and there’s no good way to patch them.

It’s not unlike what happened in the mid-1990s, when the insecurity of personal computers was reaching crisis levels. Software and operating systems were riddled with security vulnerabilities, and there was no good way to patch them.

Companies were trying to keep vulnerabilities secret, and not releasing security updates quickly. And when updates were released, it was hard — if not impossible — to get users to install them. This has changed over the past twenty years, due to a combination of full disclosure — publishing vulnerabilities to force companies to issue patches quicker — and automatic updates: automating the process of installing updates on users’ computers. The results aren’t perfect, but they’re much better than ever before.

But this time the problem is much worse, because the world is different: All of these devices are connected to the Internet. The computers in our routers and modems are much more powerful than the PCs of the mid-1990s, and the Internet of Things will put computers into all sorts of consumer devices. The industries producing these devices are even less capable of fixing the problem than the PC and software industries were.

If we don’t solve this soon, we’re in for a security disaster as hackers figure out that it’s easier to hack routers than computers. At a recent Def Con, a researcher looked at thirty home routers and broke into half of them — including some of the most popular and common brands.

To understand the problem, you need to understand the embedded systems market.

Typically, these systems are powered by specialized computer chips made by companies such as Broadcom, Qualcomm, and Marvell. These chips are cheap, and the profit margins slim. Aside from price, the way the manufacturers differentiate themselves from each other is by features and bandwidth. They typically put a version of the Linux operating system onto the chips, as well as a bunch of other open-source and proprietary components and drivers. They do as little engineering as possible before shipping, and there’s little incentive to update their “board support package” until absolutely necessary.

The system manufacturers — usually original device manufacturers (ODMs) who often don’t get their brand name on the finished product — choose a chip based on price and features, and then build a router, server, or whatever. They don’t do a lot of engineering, either. The brand-name company on the box may add a user interface and maybe some new features, make sure everything works, and they’re done, too.

The problem with this process is that no one entity has any incentive, expertise, or even ability to patch the software once it’s shipped. The chip manufacturer is busy shipping the next version of the chip, and the ODM is busy upgrading its product to work with this next chip. Maintaining the older chips and products just isn’t a priority.

And the software is old, even when the device is new. For example, one survey of common home routers found that the software components were four to five years older than the device. The minimum age of the Linux operating system was four years. The minimum age of the Samba file system software: six years. They may have had all the security patches applied, but most likely not. No one has that job. Some of the components are so old that they’re no longer being patched. This patching is especially important because security vulnerabilities are found “more easily” as systems age.

To make matters worse, it’s often impossible to patch the software or upgrade the components to the latest version. Often, the complete source code isn’t available. Yes, they’ll have the source code to Linux and any other open-source components. But many of the device drivers and other components are just “binary blobs” — no source code at all. That’s the most pernicious part of the problem: No one can possibly patch code that’s just binary.

Even when a patch is possible, it’s rarely applied. Users usually have to manually download and install relevant patches. But since users never get alerted about security updates, and don’t have the expertise to manually administer these devices, it doesn’t happen. Sometimes the ISPs have the ability to remotely patch routers and modems, but this is also rare.

The result is hundreds of millions of devices that have been sitting on the Internet, unpatched and insecure, for the last five to ten years.

Hackers are starting to notice. Malware DNS Changer attacks home routers as well as computers. In Brazil, 4.5 million DSL routers were compromised for purposes of financial fraud. Last month, Symantec reported on a Linux worm that targets routers, cameras, and other embedded devices.

This is only the beginning. All it will take is some easy-to-use hacker tools for the script kiddies to get into the game.

And the Internet of Things will only make this problem worse, as the Internet — as well as our homes and bodies — becomes flooded with new embedded devices that will be equally poorly maintained and unpatchable. But routers and modems pose a particular problem, because they’re: (1) between users and the Internet, so turning them off is increasingly not an option; (2) more powerful and more general in function than other embedded devices; (3) the one 24/7 computing device in the house, and are a natural place for lots of new features.

We were here before with personal computers, and we fixed the problem. But disclosing vulnerabilities in an effort to force vendors to fix the problem won’t work the same way as with embedded systems. The last time, the problem was computers, ones mostly not connected to the Internet, and slow-spreading viruses. The scale is different today: more devices, more vulnerability, viruses spreading faster on the Internet, and less technical expertise on both the vendor and the user sides. Plus vulnerabilities that are impossible to patch.

Combine full function with lack of updates, add in a pernicious market dynamic that has inhibited updates and prevented anyone else from updating, and we have an incipient disaster in front of us. It’s just a matter of when.

We simply have to fix this. We have to put pressure on embedded system vendors to design their systems better. We need open-source driver software — no more binary blobs! — so third-party vendors and ISPs can provide security tools and software updates for as long as the device is in use. We need automatic update mechanisms to ensure they get installed.

The economic incentives point to large ISPs as the driver for change. Whether they’re to blame or not, the ISPs are the ones who get the service calls for crashes. They often have to send users new hardware because it’s the only way to update a router or modem, and that can easily cost a year’s worth of profit from that customer. This problem is only going to get worse, and more expensive. Paying the cost up front for better embedded systems is much cheaper than paying the costs of the resultant security disasters.

Adding a positive note, Baumhof believes that “given today’s sophisticated cybercriminals…businesses must collaborate through a global network for a collective response to cybercrime.”

To present a united front, industries – including financial services, e-commerce, payments, enterprises, social networks and others can turn to global data repositories such as ThreatMetrix’s™ Global Trust Intelligence Network, nicknamed The Network.

ThreatMetrix secures Web transactions against account takeoverpayment fraudidentity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial servicesenterprisee-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

Brace Yourself. 2014 Brings a Whole New World of Cyberthreats: Here Are ThreatMetrix’s New Year Predictions.

Posted on December 18th, 2013 by Dan Rampe

Predictions

Everybody looks forward to the new year. Naturally “everybody” includes the bad guys who never stop trying to find new ways to compromise the nation’s critical infrastructure and the Internet of Things (IoT). If you’re not familiar with IoT, it’s a term that was coined to describe objects (smart cars and smart houses) or even people (Smart people? Anyway, people with tracking or medical chips implanted under the skin) that can be managed, altered and monitored remotely by computer.

Inventory on store shelves, appliances of all kinds, water and power utilities — all are connected online and can be targets of bad guys of every kind and variety. To stop these cybercriminals, terrorists and old-fashioned mischief-making hackers, in the past year alone, venture capital funding has poured $1.4 billion into 239 cybersecurity deals.

“The Internet of Things is coming on faster than we can cope with – soon enough, we will be living in smart houses and all of our critical infrastructure will be managed online,” said Andreas Baumhof, chief technology officer, ThreatMetrix. “This extensive interconnectivity poses a severe risk for cybercriminals to have a detrimental impact on such critical utilities as our nation’s water supply in 2014 and beyond.”

Now ThreatMetrix predicts the top cybercrime trends and consumers should look out for in 2014:

The Internet of Things will lead to all appliances and operations eventually connecting to the Internet. While still in early stages, as soon as next year, smart refrigerators, locks and thermostats will move into the mainstream. As with any online activity, the Internet of Things offers cybercriminals the opportunity to compromise this connectivity and steal personal information or cripple resources.

Critical infrastructure risks have recently become so severe that President Obama signed an Executive Order on Improving Critical Infrastructure Cybersecurity. Water, power and other critical utilities are gradually moving online and this opens the door for cybercriminals – either individuals or nation-states to wage a new form of warfare. Critical infrastructure already faces cyberattacks daily – and this is certain to increase in 2014.

Data privacy is and will continue to be a significant concern both for individuals and businesses, especially given the recent revelation that the National Security Administration’s Prism program spied on data from several top technology companies. Because of this, trust in the privacy and security of personal information online has taken a major hit.

Alternative payments are being used more and more, especially with the massive growth of bitcoins, Facebook credits, gift cards and more. In 2014 and beyond, more forms of alternative payments are sure to emerge and unregulated payments are at risk for malware and money laundering.

Mobile transactions are gaining market share and are expected to grow by 40 percent to $325 billion in 2014. Since mobile is an emerging marketplace, the good and bad actors are on a level playing field. Businesses are still figuring out the best ways to protect mobile devices and transactions while cybercriminals are in the early stages of determining strategies to compromise mobile transactions.

Online transactions will continue to be targeted and in 2014 attacks will become more widespread as sophisticated malware that was previously developed for attacking high security banking sites will be used to attack online businesses across industries – many of which are not as well prepared to prevent cybercrime as online banks.

“Current and emerging cybercrime threats will continue to compromise businesses and consumers on a global level in 2014,” said Baumhof. “To address and prevent these threats, continued innovation in the security market is crucial. Simple anti-virus companies and addressing fraud and security separately is no longer effective given today’s sophisticated cybercriminals. Rather, businesses must collaborate through a global network for a collective response to cybercrime.”

To address cybercrime across industries – including financial services, e-commerce, payments, enterprises, social networks et al. – more and more companies are turning to global data repositories like the ThreatMetrix™ Global Trust Intelligence Network (The Network). Differentiating between authentic and suspicious mobile transactions and online activity, The Network is a comprehensive global repository of fraud data that protects tens of millions of users every day from mobile threats through the use of real-time analytics to evaluate the validity of logins, payments, new account registrations and remote access attempts. By collaborating globally via a shared network, businesses are able to fight cybercrime more effectively.

ThreatMetrix secures Web transactions against account takeoverpayment fraudidentity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial servicesenterprisee-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.