Internet of Things – A Consumer Dream or Cybersecurity Nightmare?

Posted on October 14th, 2014 by Dan Rampe

Andreas

Don’t look now, but your life is more online and connected today than it was last year – and the trend is accelerating.

Late last year, we predicted that risks associated with the Internet of Things (IoT) and critical infrastructure would be two emerging cybercrime trends this year. (See our 2014 predictions blog.) These topics are the theme of this third week of the National Cyber Security Awareness Month, “Critical Infrastructure and the Internet of Things.”

IoT and Critical Infrastructure are two sides of the same coin

This year has seen a burst of innovation in the Internet of Things. Intel is getting into the wearable technology field, while the Consumer Electronics Show was filled with wearable devices such heart monitors, sensor-equipped golf gloves and networked pet collars. Other devices already on the market are gaining traction, from cars that email us when they need service to health monitors that publish our glucose levels. The possibilities are endless and so are the products that come to market quickly.

When it ships early next year, the Apple Watch will no doubt expand the wearable technology market beyond the earliest adopters to the broader Apple faithful.

Even if you’re not using these technologies, you are part of a connected world through the public infrastructure around you. Wireless cameras and embedded sensors permeate public facilities and transportation hubs. We all depend on power grids and water delivery systems (also known as critical infrastructure) that are controlled by networked devices. In the near future, drones may zoom around us on city streets.

The increasing connectivity of the world poses a growing cybersecurity threat that we are not securing well. For consumer technologies, personal privacy is often at risk. The public safety risks are higher for critical infrastructure.

All these devices are Internet enabled, but remember: they run software. They run the very same software that is being attacked on a daily bases for high risk applications such as online banking. The only difference is: they cannot be updated – and this has the potential to make these a lethal target.

Point of Sales Systems – The Canary in the Coal Mine
Lest you think I’m being alarmist, let’s consider one of the earliest entrants in the Internet of Things – Point of Sale (POS) systems. You see them everywhere – devices such as cash registers and credit card readers use POS to take payments at retail stores.

You would think that POS systems would be secure, for several reasons.

  • They’ve been around for a while, so we’ve had time to figure out how to make them safe.
  • They handle financial transactions, therefore we are extra motivated to keep theme secure.
  • They are locked down and run in dedicated networks

Yet POS exploits were responsible for two of the largest data breaches in the past year – the Target and the Home Depot breaches.

If we cannot manage to protect those network-attached devices that we know are targeted by thieves, how much better will we be at protecting the various technologies we’re embedding in our personal lives? Or the devices controlling critical infrastructure? Even our highway signs have been hacked. (See http://www.threatmetrix.com/a-sign-of-the-times-hacking-signs-electronic-road-sign-hackers-reveal-a-downside-to-the-internet-of-things/)

A roadmap to a more secure connected world

We can address these risks, but only with concerted and collaborative efforts. My recommendations for connected devices are as follows:

  1. Think twice about what goes on public networks. Network segmentation and isolation are critical, particularly for critical infrastructure.
  2. Strengthen authentication to these devices and the systems that manage them. Logins continue to be the weakest point in most systems. We’re reaching a point at which it is irresponsible to protect critical systems with passwords alone. Use multiple authentication factors or context-based authentication to reduce risk of stolen identities and unauthorized access.
  3. Look for anomalies at all levels, including patterns that represent known threats or never-before-seen patterns that may indicate an emerging threat.
  4. Provide a mechanism to securely update these devices. In order to do so, many of the previous points need to be considered.

To put these strategies in place, we must exchange and share threat information at both the business and government level. The federal government is committed to sharing information with the private sector related to critical infrastructure. (See Executive Order 13636)

For businesses that handle personal or consumer-based products, sharing information must be balanced with protecting consumer privacy. As the data collected about us from devices continues to grow, privacy will be more important than ever before. That’s why we’ve built data anonymization and encryption into the ThreatMetrix® Global Trust Intelligence Network.

As new technologies continue to reshape our future at a rapid pace, we have to act quickly to make sure that the future we’re building is secure and private, not dystopian.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

ThreatMetrix Announces Strategies to Combat Growing Threats to Critical Infrastructure and the Internet of Things

Posted on October 14th, 2014 by Dan Rampe

Andreas2

In Conjunction with National Cyber Security Awareness Month, ThreatMetrix Outlines Security Measures to Properly Secure Web-Connected Devices and Critical Infrastructure

San Jose, CA – October 14, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced strategies to combat security risks for the Internet of Things (IoT) and critical infrastructure, continuing its commitment to this year’s National Cyber Security Awareness Month (NCSAM) theme, “Our Shared Responsibility,” as well as the third week’s theme of examining potential security implications associated with critical infrastructure and the IoT.

The theme of NCSAM’s third week is “Critical Infrastructure and the Internet of Things,” calling out the risks faced by devices and critical utilities as they increasingly connect to the Internet. As devices ranging from watches and heart monitors to refrigerators, as well as critical utilities such as water and power, continue to connect online, our everyday lives are placed at an increased risk to of being compromised by fraudsters.

In the past year alone, innovations in wearable technology and other fields have included a burst in Internet-connected devices. From cars that can send email reminders when they need service to health monitors that publish heart rate and glucose level to online tracking tools, the inter-connected world is growing and not slowing down, creating significant risks for consumers’ privacy and cyber security.

However, the users of these new technologies are not the only ones affected by the increasing connectivity of the world. Public infrastructure is all connected online, from power grids to water delivery systems, all controlled by networked devices. This is critical infrastructure, and it opens the door to individual cybercriminals or nation states to wage a new form of online warfare if proper security measures are not immediately set in place.

“The rapid growth of the Internet of Things creates a new wealth of information for cybercriminals to compromise, from our everyday appliances to critical operations, allowing them to steal personal information and cripple resources,” said Andreas Baumhof, chief technology officer at ThreatMetrix. “Apple will soon launch the Apple Watch, taking wearable tech from obscurity to the consumer forefront. It is becoming increasingly imperative that we ensure the information shared through these devices is secure as they will contain, collect, and track sensitive information about our personal physical lives, as well as elements tied directly to our financial being. In addition, point-of-sale system hacks have caused massive damage to major retailers over the past year, as we saw in the Target and Home Depot breaches, among others. Imagine what harm the mass distribution of health and critical infrastructure information can bring to the lives of millions.”

As the Internet of Things and online connectivity of our nation’s critical infrastructure shows no signs of slowing down, ThreatMetrix has outlined several security strategies to address some of the associated risks:

  • Network Segmentation and Isolation – Network segmentation or “zoning” is a popular practice in Internet security. Through network segmentation the possibility of limiting the risk of a data breach to your entire network maximizes. It also can help businesses determine what information to keep on public or private networks.
  • Account Authentication – Username and password authentication is the weakest point of entry for most businesses operating online, often making businesses an easy target for hackers. At this stage, it is irresponsible to protect any information stored online with passwords alone. The use of multiple authentication factors, such as context-based authentication and real-time fraud prevention can help reduce the risk of stolen user identities and fraudulent transactions without disrupting the user experience for authentic customers.
  • Tracking – Tracking data enables businesses across industries to differentiate between authentic and fraudulent transactions and other activity. By identifying anomalies such as hiding behind proxies and virtual private networks or change in shipping address through a global network of shared intelligence, businesses can recognize patterns that represent known threats or never-before-seen patterns that show a potential threat.
  • Secure Updates – It is important that Internet-connected devices are updated on a regular basis to stay one step ahead of cybercriminals as they become increasingly sophisticated.

For comprehensive cybersecurity strategies to be effective and protect Internet of Things devices as well as critical infrastructure, there needs to be collaboration and sharing of information at both the business and the government level, while protecting consumer privacy. The ThreatMetrix® Global Trust Intelligence Network anonymizes and encrypts data to enable businesses to identify threats and keep their business secure without providing any personally identifiable information.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. The remaining upcoming themes include:

  • Week Four – Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs
  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix will continue to support each week’s theme throughout the month. To commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

 

Building a More Secure Smartphone

Posted on October 7th, 2014 by Dan Rampe

Data-Privacy-Day-Alisdair2

Like many others in Silicon Valley, I waited with bated breath to see what Apple’s iPhone 6 would look like last month. And it wasn’t just to see what my next phone might look like.

From my perspective at ThreatMetrix®, I was eager to see how the new phone handled data security and privacy issues while delivering groundbreaking new features. (For my thoughts on that subject, see the infographic iPhone 6 Cybersecurity Pros and Cons.)

I’m not the only one worrying about mobile devices and cybersecurity. The theme of this second week of the National Cyber Security Awareness Month is “Secure Development of Information Technology Products.” The Department of Homeland Security specifically calls out the need to build security into our phones, tablets and computers.

Why mobile matters: 3 trends to watch

At ThreatMetrix, we analyze anonymized data from across the ThreatMetrix® Global Trust Intelligence Network (The Network). According to data from a recent ThreatMetrix Cybercrime Index™ Benchmark Report, three major trends are emerging that have significant implications for overall cybersecurity.

  1. Mobile usage for online commerce and transactions is increasing. Nearly 50 percent of all new account creations originate from mobile devices, and 30 to 50 percent of all banking logins come from mobile, meaning consumers are entering a lot of sensitive information through potentially insecure mobile apps and sites. Companies and brands behind those sites need to ensure frictionless onboarding experience without sacrificing security.
  1. There is steady growth in the number of high-risk activities originating from mobile devices. The data shows steady growth in the number of high-risk activities detected from mobile devices across The Network. These include suspicious account creation or fraudulent payments, as well as an increase in malware. While devices need to be secure, consumers must also do their part in avoiding jailbreak phones, downloading suspicious apps, and not entering their information on insecure sites and apps.
  1. The number of advanced apps and features on mobile phones is growing. The most recent Apple release of the iPhone 6 arguably came with the largest number of groundbreaking features consumers have ever seen in a new generation iPhone, including Apple Pay, HealthKit and HomeKit. IT product developers are all competing to release the most innovative apps and features, and consumers are jumping at the chance to be first to try them. The more embedded mobile devices are in our lives, the more attractive they become as targets for malware writers and cybercriminals.

The law of unintended consequences

There are often unintended consequences of product design features, and frequently those are security flaws. For example, some of the photos leaked in the recent celebrity nude photo scandal were a result of iPhone photos automatically backing up into iCloud. Many of the people whose photos were leaked may not have even realized they were being stored somewhere else, and much less realized that they were only protected by a simple username/password combination, which has proven ineffective in the wake of recent high profile data breaches. Developers must consider all possible security issues when designing the newest IT products and mobile devices, and top of their mind should be the assumption that the user’s identity and account is the target, not just the device and its encrypted data.

There are few easy answers

If cybersecurity is a shared responsibility, then application developers have to shoulder their part of the burden. We can agree on a few guidelines:

  • Embed security into the design process and try to anticipate those unintended consequences of the newest features you’re adding. In terms of the iPhone 6, Apple has made progress on this front. For example, credit card details for Apple Pay are not stored on the device or in iCloud, so malware that intercepts traffic cannot get the credit card number.
  • Don’t rely on simple logins and passwords to protect customer information. Beyond simple, easy to hack username and password combinations, developers should consider other methods through contextual and behavioral methods to authenticate identities.
  • Developers cannot count on customers taking extra steps to secure their identities or transactions – particularly in the consumer market. Security must be frictionless and embedded at all layers of the information technology stack to keep consumers safe without damaging the user experience.

At ThreatMetrix, we collaborate with many businesses that build and support mobile apps for payments and other valuable transactions. We help them find ways to embed device context and communications into mobile apps to increase trustworthiness without adding barriers for customers.

The road ahead for developers is clear – security can no longer be an afterthought, but must be part of the design process. Beyond the development process, the security of an application resides not in the application itself, but in its context and usage. Improving cybersecurity requires collaboration on all fronts.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Outlines Mobile Trends and Strategies to Help Secure Development of IT Products, Continuing Alignment with National Cyber Security Awareness Month

Posted on October 7th, 2014 by Dan Rampe

Data-Privacy-Day-Alisdair-Normal

As the Annual Initiative Continues, ThreatMetrix Shows its Commitment to Building Trust by Outlining Trends in IT Mobile Security

San Jose, CA – October 7, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced trends and strategies for developing secure IT products, continuing its commitment to this year’s National Cyber Security Awareness Month (NCSAM) theme, “Our Shared Responsibility,” as well as the second week’s theme of developing secure devices.

The theme of NCSAM’s second week is “Secure Development of IT Products,” specifically calling out the need for more secure smartphones, tablets and computers. As new feature-rich IT products continue to enter the market at a rapid pace, data security and privacy are a growing concern for both businesses and consumers.

“Last month, consumers around the world stopped what they were doing to watch Apple’s announcement of the new iPhone 6 features,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “Many were interested to see how the new phone handled data security and privacy issues given the celebrity iCloud password hacking incident. The good news is that more sensitive data such as photos and text are now being encrypted on the device, the bad news is that hackers are increasingly targeting user identities and passwords that can be used to decrypt that data because the weakest link is always the consumer.”

To provide evidence that IT products, specifically mobile devices, need to be created with security in mind, ThreatMetrix analyzed the anonymized data across 850 million monthly transactions in the ThreatMetrix® Global Trust Intelligence Network (The Network) to identify current trends in mobile. According to data from a recent ThreatMetrix Cybercrime Index™ Benchmark Report, three major trends are emerging that have significant implications for overall cybersecurity:

  1. Mobile usage for online commerce and transactions is increasing. Nearly 50 percent of all new account creations originate from mobile devices, and 30 to 50 percent of all banking logins come from mobile, meaning consumers are entering a lot of sensitive information through potentially insecure mobile apps and sites. Companies and brands behind those sites need to ensure frictionless onboarding experience without sacrificing security.
  1. There is steady growth in the number of high-risk activities originating from mobile devices. The data shows steady growth in the number of high-risk activities detected from mobile devices across The Network. These include suspicious account creation or fraudulent payments, as well as an increase in malware. While devices need to be secure, consumers must also do their part in avoiding jailbreak phones, downloading suspicious apps, and not entering their information on insecure sites and apps.
  1. The number of advanced apps and features on mobile phones is growing. The most recent Apple release of the iPhone 6 arguably came with the largest number of groundbreaking features consumers have ever seen in a new generation iPhone, including Apple Pay, HealthKit and HomeKit. IT product developers are all competing to release the most innovative apps and features, and consumers are jumping at the chance to be first to try them. The more embedded mobile devices are in our lives, the more attractive they become as targets for malware writers and cybercriminals.

“There are often unintended consequences of product design features, and frequently those are security flaws,” said Faulkner. “For example, some of the photos leaked in the recent celebrity nude photo scandal were a result of iPhone photos automatically backing up into iCloud. Many of the people whose photos were leaked may not have even realized they were being stored somewhere else, and much less realized that they were only protected by a simple username/password combination, which has proven ineffective in the wake of recent high profile data breaches. Developers must consider all possible security issues when designing the newest IT products and mobile devices, and top of their mind should be the assumption that the user’s identity and account is the target, not just the device and its encrypted data.”

To help IT product and application developers shoulder the burden of protecting their customers from cybersecurity, ThreatMetrix has outlined a few guidelines for them:

  • Embed security into the design process and try to anticipate those unintended consequences of the newest features you’re adding. In terms of the iPhone 6, Apple has made progress on this front. For example, credit card details for Apple Pay are not stored on the device or in iCloud, so malware that intercepts traffic cannot get the credit card number.
  • Don’t rely on simple logins and passwords to protect customer information. Beyond simple, easy to hack username and password combinations, developers should consider other methods through contextual and behavioral methods to authenticate identities.
  • Developers cannot count on customers taking extra steps to secure their identities or transactions – particularly in the consumer market. Security must be frictionless and embedded at all layers of the information technology stack to keep consumers safe without damaging the user experience.

“Security can no longer be an afterthought, but instead an important part of the design and user experience process,” said Faulkner. “Good security, when done right, is good for business. While consumers must educate themselves on the security implications of their behavior online, specifically through mobile, businesses should be doing all that they can to protect those consumers from the back end.”

ThreatMetrix’s TrustDefender™ Cybercrime Protection Platform helps many businesses that build and support mobile apps for valuable transactions to embed device context and communications into those apps. This helps to build trust without increasing barriers for the customer.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. The remaining the upcoming themes include:

  • Week Three – Critical Infrastructure and the Internet of Things
  • Week Four – Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs
  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix will continue to support each week’s theme throughout the month. To commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

 

ThreatMetrix Announces its ThreatMetrix Global Trust Intelligence Network Has Reached 850 Million Monthly Transactions

Posted on September 30th, 2014 by Dan Rampe

Data-Privacy-Day-Reed

In Conjunction with National Cyber Security Awareness Month, ThreatMetrix Announces the Network’s Growth, Exemplifying this Year’s Theme of Shared Responsibility

San Jose, CA – September 30, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced the growth of the ThreatMetrix® Global Trust Intelligence Network (The Network), which has recently surpassed 850 million monthly transactions. Additionally, The Network now protects more than 210 million active user accounts across 3,000 customers and 15,000 websites. This milestone validates ThreatMetrix’s commitment to this year’s National Cyber Security Awareness Month theme, “Our Shared Responsibility.”

National Cyber Security Awareness Month (NCSAM) is a program sponsored every October by the Department of Homeland Security in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center. Now in its eleventh year, NCSAM has grown to include the participation of a multitude of industry leaders — reaching consumers, small and medium-size businesses, corporations, educational institutions and young people.

The theme of NCSAM’s first week is “Promoting Online Safety with the Stop.Think.Connect.™ Campaign.” The theory behind the campaign is that each individual that participates in online activities needs to take accountability for the safety of the Internet.

“As the ThreatMetrix Network continues to grow, so does our customers’ shared view of cybercrime enabling them to protect their businesses and valued customers by accurately identifying both good and bad online users,” said Reed Taussig, CEO at ThreatMetrix. “The Internet is a fundamental part of all of our everyday lives. We all have an interest and a responsibility to make sure we keep cyber markets and services safe and trusted by consumers. National Cyber Security Awareness Month is the perfect opportunity to educate individuals and businesses on the importance of collaborating for a more secure Internet.”

While businesses must do their part to collaborate on cybercrime prevention by leveraging a collective repository of data such as The Network, the federal government is also doing its part to encourage global information sharing. President Obama’s Executive Order 13636 stresses federal accountability for sharing information with the private sector to protect critical infrastructure such as power plants, communication networks and transportation networks.

Many individuals believe the websites they use are doing their part to protect their privacy while keeping those sites secure. However, for that to happen, businesses need to share a certain amount of customer data across business boundaries. Unfortunately, while information sharing for security purposes in some industries such as financial services is common practice, in industries like retail, businesses are wary of sharing customer information with competitors and others. To effectively collaborate, there needs to be a certain level of trust between businesses and competitors as well as businesses and their customers.

“At ThreatMetrix, we’re aiming to solve the dilemma of building trust on the Internet through information sharing when many businesses are reluctant to do so,” said Taussig. “Through The Network, businesses can securely share information about devices and personas connecting to their sites, without sharing any personally-identifiable information about customers or visitors. ThreatMetrix anonymizes and encrypts information in The Network, so personal identities are never revealed to other organizations.”

The approach ThreatMetrix is taking offers a model for cybersecurity collaboration in all industries. Through anonymization and collaboration, businesses remove the risk of exposing their customers’ sensitive information while protecting this information from cybercriminals.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security has outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. These themes include:

  • Week One – Promoting Online Safety with the Stop. Think. Connect.™ Campaign
  • Week Two – Secure Development of IT Products
  • Week Three – Critical Infrastructure and the Internet of Things
  • Week Four – Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs
  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix plans to support each week’s theme throughout the month. To commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

ThreatMetrix Kicks off National Cyber Security Awareness Month by Announcing “The Network” Has Reached 850 Million Monthly Transactions

Posted on September 30th, 2014 by Dan Rampe

Data-Privacy-Day-Reed

To make significant progress against cybercrime, we’re all going to have to work together – individuals, businesses and government agencies alike. Security in this connected world requires collaboration, and collaboration requires trust.

Shared responsibility is the theme of this year’s National Cyber Security Awareness Month, a program sponsored every October by the Department of Homeland Security. To commemorate the start of National Cyber Security Awareness Month, we are thrilled to share that the ThreatMetrix® Global Trust Intelligence Network (The Network) has reached 850 million monthly transactions and now protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

While businesses must do their part to collaborate on cybercrime prevention by leveraging a collective repository of data such as The Network, the federal government is also doing its part to encourage global information sharing. President Obama’s Executive Order 13636 stresses federal accountability for sharing information with the private sector to protect critical infrastructure such as power plants, communication networks and transportation networks.

Why aren’t we doing more already?

Each of us needs to take accountability for what we do online – that’s the theme of the Stop.Think.Connect.™ campaign. But as individuals, we are greatly outmatched by size, volume and sophisticated of the cybercrime forces arrayed against us. We also trust that the websites we use are doing the right things to protect our privacy.

In a networked world, businesses need up-to-date, global information about online threats and identities to keep customer data secure. For that to happen, legitimate businesses must share data across business boundaries. But collaborating with your competitors, even for the public good, is a difficult idea in many industries.

In the financial services industry, information sharing for security purposes is an accepted practice. But in the retail environment, businesses are wary about sharing customer information with competitors and others. And of course they need to protect customer privacy.

Effective collaboration requires a degree of trust – and that’s the sticking point.

It all comes down to trust

Doing business online requires a level of trust.

  • Customers trust that businesses will protect their information and use it responsibly.
  • Businesses must trust that customers are legitimate.

Cybercrime eats away at this trust. And, sadly, lack of trust has been the Achilles’ heel of industry collaboration.

Building trust through anonymization and collaboration

Without a broad global context for the people, devices and personas creating accounts, making transactions, or logging into sensitive systems in your network, you cannot trust they are who they claim to be. To get that context, businesses have to share information with many other sites around the world.

Trust requires information sharing, yet information sharing requires trust.

At ThreatMetrix, we’re working to solve this essential dilemma. Through The Network, businesses can securely share information about devices and personas connecting to their sites, without sharing any personally-identifiable information about customers or visitors. ThreatMetrix anonymizes and encrypts information in the network, so personal identities are never revealed to other organizations.

This approach offers a pattern for other cybersecurity collaboration efforts. We need to find ways to increase information sharing around online security and global identities, and the best way to do this is to remove the risk of exposing information we need to keep private.

The more we share information about global threats, the better we can protect legitimate business and build online communities that are truly worthy of trust.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security has outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. These themes include:

  • Week One – Promoting Online Safety with the Stop. Think. Connect.™ Campaign
  • Week Two – Secure Development of IT Products
  • Week Three – Critical Infrastructure and the Internet of Things
  • Week Four – Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs
  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix plans to support each week’s theme throughout the month. And, to commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

“Do-Nothing” House Does Something

Posted on September 18th, 2014 by Dan Rampe

House of Reps

U.S. House of Representatives Passes Bill That Comes Down Hard on Tax Return ID Thieves

Who says Congress doesn’t do anything? Well just about every American of voting age (Headline from August 2014 on politico.com: Poll: Congress approval hits new low).

Could the House passing H.R. 744 be a portent of things to come? Maybe, but it would be kind of like Apple donating the gross sales for iPhone 6 to charity.

In any case, if the bill passes the Senate and is signed by the President, tax return identity thieves will be facing 20 years in jail.

In her piece on thehill.com, Cristina Marcos details some of the major provisions of the legislation. The following has been excerpted from her piece and edited to fit our format. You may find the full article by clicking on this link.

Victims to include organizations

The measure would further broaden the definition of tax return identity theft victims to include organizations, instead of only individuals.

Another provision of the bill would direct the Justice Department to submit a report to Congress within 180 days on trends in tax return identity theft and recommendations on how to prosecute the crime.

Similar bill failed in 2012

The House passed a similar version of the legislation in 2012 in the previous Congress, but it never received action in the Senate.

For more on tax fraud and identity theft, please see our previous blog posting and infographic, “ThreatMetrix Tax Tips to Avoid Losing Your Identity and Uncle Sam’s Taxes to the Cyberthieves Who Stole Close to $4 Billion Last Year.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

You Can Never Start Too Early

Posted on September 1st, 2014 by Dan Rampe

Cybersecurity Club

Camp Prepares 9th to 12th Graders for Cybersecurity Threats

With some hackers not yet out of their teens before they’re into cybercrime, it makes sense that there would be a camp for high school students to learn about online threats. Seventy-five teenagers in one Virginia county are getting that opportunity in the Marshall Academy’s third annual camp.

In her piece on fairfaxtimes.com, Kate Yanchulis outlines what the camp is like and what the students learn, including how to avoid hackers and handle cyberbullying. The following has been excerpted from Yanchulis’ piece and edited to fit our format. You may find her full article by clicking on this link.

Teenagers stared with wide eyes at their laptops … as Ryan Walters told them that more than 90 percent of their computers likely had been hacked or infected by a virus. Of the 75 campers gathered at McLean High School for a cyber security camp, only one girl could rest easy, said camp leader Walters. Her new laptop had never been powered up.

But [Walters] told students not to feel too bad about their security lapses. Walters, a former Air Force captain who worked on government defense systems, said at least 30 percent of the U.S. Defense Department’s network is considered compromised.

The realities of cyber security — on both a large and small scale — provide the backbone for the camp.

Marshall Academy offers [Fairfax county Virginia] students specialized technical education courses in several subject areas, including information technology. The $185 registration fee for the camp goes toward Marshall Academy’s cybersecurity club.

The camp divides students into beginner and advanced cohorts and teaches students the basic elements of cybersecurity as well as providing hands-on experience, Walters said. Walters, now a digital entrepreneur, founded Marshall Academy’s club three years ago with his son Jacob, then a freshman. Walters serves as a mentor for the club and lead instructor for the camp.

Charles Britt of SySTEMic Solutions [which provides support for the program], says, “With this camp, we want to offer exposure to the cybersecurity field to as many students as possible.”

Marshall Academy’s cybersecurity club counts 60 students as members. The club teaches students about cybersecurity and also takes part in annual cyber security competitions. The money from the camp goes toward competition fees [and the] club is a three-time national finalist in CyberPatriot competitions.

While the camp has proved a fertile ground for developing future cybersecurity team members, Walters said he just wants students to learn how to protect themselves online, whether from hacking or cyberbullying

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

Newest ThreatMetrix Patent Pushes the Envelope in Context-Based Security and Fraud Prevention

Posted on July 29th, 2014 by Dan Rampe

Patewnts

Patent expands fuzzy matching technology beyond network and device attributes. Now includes account details, transaction details and more.

The new patent is U.S. Patent 8,782,783: “Method and System for Tracking Machines on a Network Using Fuzzy GUID (Globaly Unique Identifier) Technology.” This is a continuation of a previous patent that provides the cornerstone technology for ThreatMetrix industry leading cookieless device identification and global device recognition. The new patent expands ThreatMetrix global identification technology beyond network and device attributes to include broader attributes such as account, identity and transaction details to build a complete picture of an online persona. The unique fuzzy matching capability of the patent creates a reliable, anonymous global identifier, enabling persistent global tracking and classification of malicious mobile and web devices and activities on the Internet, regardless of how underlying attributes change.

“Cybercriminals are learning to disguise themselves online in the same way thieves wear gloves to mask fingerprints at a crime scene,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “As cyberattacks become more sophisticated, we must evolve our defenses even faster to best detect and keep out cybercriminals, which is where this patented technology comes into play. Without the ThreatMetrix Fuzzy GUID patent, companies lose sight of both good customers and criminals when they change their IP Address, delete cookies or change their mobile or browser settings.”

Continuously updating its products in its worldwide fight against hacking, fraud and ID theft, ThreatMetrix has released a number of patents over the years, securing the company’s place as an industry leader in building trust on the Internet. Patents include:

  • U.S. Patent 8,141,148: “Method and System for Tracking Machines on a Network Using Fuzzy GUID Technology” This patent – which provides the basis for the new patent – provides the technology for device identification and global recognition regardless of cookie deletion and copying. This technology is available through ThreatMetrix SmartID™, which utilizes unique device attributes to identify visitors that have wiped cookies, use private browsing or changed IP addresses.
  • U.S. Patent 8,176,178: “Method for Tracking Machines on a Network Using Multivariable Fingerprinting of Passively Available Information” This patent detects fraudsters using proxies or virtual private networks (VPNs) through the most advanced device recognition risk assessment. The technology provides a complete view of each device, taking into account the device’s historical behavior and broader context.

To broaden the reach of the company’s context-based authentication and advanced fraud prevention solutions, in March ThreatMetrix secured $20 million in Series E.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

Yes Again! Hackers Exploring Exploit of Explorer. Flaw in Versions 6 Thru 11 Puts Half the Planet’s IE Browsers at Risk.

Posted on April 28th, 2014 by Dan Rampe

Windows Explorer

Heartbleed was “so last week.” Maybe that’s why the tech gods decided to send us another little thunderbolt. And this one may not be that little.

The security firm that first discovered the flaw said that hackers are primarily concentrating their efforts on IE 9 through 11 though no version of Explorer is exempt from attack.

To exploit the flaw, the hacker requires the user’s cooperation. That is, the user must click on a link or open an attachment. Once inside, the hacker can install malware, which, Microsoft explained, makes it possible for the hacker to “gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

According to a piece on washingtonpost.com by Gail Sullivan, Microsoft says once it finishes its investigations “it will issue a fix for the problem, either in a monthly security update or a special security update.”

Till the fix is available, Microsoft suggests downloading its Enhanced Mitigation Experience Toolkit version 4.1 to help guard against attacks.

FireEye, which discovered the flaw, suggested disabling the Adobe Flash plugin (the attacks won’t work without it) and running IE in enhanced protection mode (only available in IE 10 and 11) for maximum protection.

If you’re still running XP, the best advice is to cross your fingers and hold your breath or use Firefox, Chrome or another browser. That’s because short-term solutions don’t work and Microsoft won’t be releasing patches.

If your OS is a later version that will be covered by a patch, you’re still not out of the proverbial woods. You see, about 10 percent of government computers still run XP. That, according to the Washington Post’s Craig Timberg and Ellen Nakashima, includes thousands of computers on classified military and diplomatic networks.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.