February 20, 2018
February 16, 2018
February 15, 2018
It’s estimated that somewhere between one fourth and one half of all Americans have had their identity data compromised putting them at much higher risk of identity theft. The critical factor for businesses to understand is that they are on the hook for much of this and need to protect themselves and their clients from identity fraud and compromised accounts.
The availability of personal identity information makes it easier than ever to gain illicit access to online accounts but distinguishing between good customers and cyber criminals without alienating your loyal clients is imperative. How can business protect themselves from the tide of data breaches and the associated identity fraud? As we all know the statistics are almost getting boring on data breaches. There’s been a lot of high-profile recent breaches particularly in insurance and healthcare in the U.S. However, what’s important to understand is how much data the criminal organizations are able to amass. Some high level statistics here from the identity theft resource center and US Department of Justice indicate $26 billion in losses due to identity theft in 2014 alone and over 5,000 data breaches now since 2005 up by over 28 percent. In 2013-2014 organized crime really started increase, especially Internet-enabled crime and identity theft. It seems to be just getting bigger and bigger. 778 million U.S. identity records have now been breached and that’s with a population of 320 million people! So the database of stolen credentials is now really really quite impressive and is probably one of the biggest databases. A similar thing happened in South Korea around three years ago where the number of breach records greatly exceeded the number of people in the country and the government there eventually had to start thinking about completely reinventing its citizen ID scheme.
It’s very important to understand how these data breaches actually occur. Unfortunately, it’s a vicious circle with around 50 percent of these data breaches are actually triggered via stolen passwords, stolen accounts for staff for example. So the whole thing sort of comes back to bite you. The stolen credentials help take over accounts. Those taken over accounts can lead to further data best the other also important point is the cost that is estimated at around $21 million for a successful cyber attack against a financial services organization in the U.S.
Now let’s quickly recap how stolen identity data is monetized by criminal organizations. Following a data breach, thousands to millions of records might be stolen including identity data and potentially usernames and passwords. This data is then sold online fairly openly on the dark web criminal marketplaces. It’s moved on relatively quickly as the stolen data is transferred into the hands of various criminal gangs. It can be distributed around the globe in a matter of minutes. Now that the criminals have the stolen data they have names, addresses, dates of birth and even social security numbers, it can potentially be used ongoing for months or years. Quite often the more organized crime groups won’t necessarily begin operations all that rapidly after the breach. They tend to wait a bit to potentially create a more sophisticated and ongoing attacks against individuals. For example if you have very detailed identity medical history data about individuals you could start to craft highly sophisticated targeted phishing emails, for example or other social engineering techniques against customers again staff. This can be used for example to install malware, password stealers and keyloggers on people’s computers to intercept web sessions. This is especially troubling for banking and financial institutions with implications of criminals gaining ongoing access to accounts.
They’re coming around to a password protocol on any web-based system or mobile application that only requires login with user-name and password is fundamentally vulnerable now given the number of breaches. Extra levels of authentication are required now, to protect customer accounts. So once those details the stolen then account takeover attacks will start to happen. They can be quite sophisticated and can involve monitoring looking for high value accounts and very often this reality in the insurance space where if people have an online account and they might not actually login for quite a long period of time. Similar things like this are happening to tax accounts, which are very good targets for cyber criminals to attempt account takeover because they have lots of time to work inside the account, while the real owner is potentially oblivious to what’s going on. This scenario illustrates why we’ve got this snowball effect of more and more data breaches as more and more data goes out into the dark web for the criminals to access.
The approach we’ve taken at ThreatMetrix is to counter the criminals is using a kind of mirror image of the methods being used by the crime syndicates. The criminals are using the vast scale of the Internet. The speed at which they share data over the Internet and move information around the globe to launch coordinated, large-scale and distributed attacks so they can hack or potentially try to hack a thousand identities at the same time from a network of machines, for example. The approach we’ve taken is monitoring Internet activity across the globe and at a large scale we can accurately recognize devices when they return to a business website and acknowledge what locations they come from and how they connect. With this information you can actually build up a picture of behavior for all the devices connected to the Internet and their behavior pattern. If you get that picture accurately enough you can actually quite predictably tell the difference between normal Internet users connected to your site and cybercriminals potentially trying to create new accounts or take over existing accounts.