Multi-factor ID needed to sharpen security

Friday 14th July 2017
Alf Göransson: fake loan bankrupts President & CEO

Global security group Securitas has disclosed that its CEO was declared bankrupt this week after his identity was hacked.  An investor's statement disclosed a fraudster made a fake loan application in the name of Göransson, its 59-year-old president and CEO.  Compounding the problem Securitas said Mr Alf Göransson was then declared bankrupt, following a false court application.  Lastline Inc advanced malware research protection leader has just surveyed 326 cyber security professionals to test knowledge of malware and current cyber threats of worms & sandboxes and discloses that only 70 percent know that malware is able to avoid being detected by a sandbox!

Commenting on this,  Lisa Baergen, (right) director at NuData Security said  “Cybercriminals are building fictitious identities to open fraudulent accounts with an eye towards fleecing banks, mortgage lending institutions, and insurance companies. Stealing genuine account credentials or faking them or creating synthetic identities from breached data, has been used to take out loans, overdrafts or mortgages, open bank accounts and even apply for valid documents such as a passport or driver’s license. There have even been many recorded instances of identity fraud taking place with credentials belonging to deceased individuals or even babies."

Organisations are evolving to look towards more effective means of protecting accounts. Passive biometric and behavioural analytics enable these organisations to identify, verify and authenticate legitimate customers online through their behaviour and multiple other signals without impacting the customer experience or demand for convenience.

A new approach to authentication has to be employed, whereby identity isn’t tested online solely using a single factor such as a password, 2FA, physical biometric or any other single data point. Instead, verification should use multiple factors that are combined and analysed to give a complete risk assessment of the user – even if the hacker presents legitimate credentials. The test should also focus on dynamically generated information that isn’t stored and therefore isn’t subject to theft, mimicry or spoofing. There are tools, such as passive biometrics, on the market now that base identity verification tests on dynamic data, not solely single-factor data such as a password or 2FA. These multi-factor methods are the only way to move beyond much of this identity fraud in the future.”

Respondents to the Lastline Inc survey:  Asked to identify different malware behaviours the overwhelming majority were aware that malware can turn a webcam on to see if anyone is sitting in front of the computer (98 percent) and can monitor a keyboard to see if a user is typing (97 percent), both of which are among the many techniques malware uses to evade detection. However, only 70 percent knew that malware is able to avoid being detected by a sandbox.

“Malware has been able to sniff out that it resides on a virtual machine (used as a sandbox) for years now, so it is a little worrying that nearly a third of cybersecurity professionals were unaware of this,” explained Brian Laing, VP at Lastline. “Malware often plays a game of deception, pretending to be a perfectly benign program when analysed by a defensive tool. Once it is past defences, it can then perform the malicious activities it was programmed for when running on a user's device.”

Respondents were also asked to identify the behaviours of specific types of malware. While 93 percent correctly identified a Trojan as malware disguised as something that a user wants or something legitimate, over three quarters (77 percent) agreed with the statement that a virus actively seeks new computers to infect, which is actually the behaviour of a worm. And half indicated that a rootkit creates a network of compromised devices for use in a coordinated attack, which actually is what a botnet does.

Laing argued that this level of knowledge can be crucial in incident response strategies. “When deciding how to prioritize security strategies and technology investments, it’s important to know what types of behaviors a given piece of malware has and how they behave. For example, when reading that WannaCry is a worm, it’s important to know what a worm is and how it spreads so that you know, for example, that cleaning the initially infected machine will not eradicate it from the network,” he said.

Respondents were also given a list of names and asked to identify which ones were strains of malware. Respondents correctly identified the real strains of malware on average 28 percent of the time, with the best results attributed to the widespread malware, Slammer (40 percent) and SpyEye (37 percent).

“Given the level of media attention that some malware discoveries get, it is interesting that the majority of respondents couldn’t identify them, but not surprising. It just doesn’t matter when you’re fighting cybercrime today,” said Laing. “Given the volume of malware, the pace at which it evolves, and how criminals borrow from each other and re-write the code, there are not clear distinctions or naming connections between one attack and a subsequent attack using what may largely be the same code. What’s important is detecting it, by whatever name, and understanding its behaviours so you can mitigate and remediate.”

Regardless of the malware used, its behaviour, or its ability to evade detection, malware clearly causes significant pain to security professionals, as highlighted by the final result.

The survey found that 44 percent of security professionals would rather have root canal surgery than make the dreaded walk of shame to the boardroom to explain that they’ve suffered a data breach. This statistic reinforces the severity with which all organizations treat the prospect of a data breach.

Interesting comparison of infection in tooth and computer - both needing to be cleaned, spaces filled up, and crowned.

Custom Search

Scotland, Computer News in Scotland, Technology News in Scotland, Computing in Scotland, Web news in Scotland computers, Internet, Communications, advances in communications, communications in Scotland, Energy, Scottish energy, Materials, Biomedicine, Biomedicine in Scotland, articles in Biomedicine, Scottish business, business news in Scotland.

Website : beachshore