Real-Time Threat Detection #NextGenID - The Definitive Guide to Digital Identity

Real-Time Threat Detection

Learning objectives
In this chapter, you will understand:


How even if the identity and device are legitimate, transactions can still be at risk of fraud


The requirements for detecting threats, such as malware and others


How a digital identity-based approach can amplify real-time threat detection

If the legitimacy of both user and device are verified, how can a transaction still be at risk?

Now that you understand how a digital identity assesses and authenticates users, let’s look at a different dimension: How active sessions can be hijacked by cybercriminals.

One way is through malware, which can be introduced in a variety of ways. Individuals typically download malware embedded in rogue apps found around the Web. But, there are numerous instances of supply chain malware where compromised apps find their way undetected onto Google Play and the Apple App Store.

Another common scenario occurs when employees receive spoofed emails that appear to come from, for example, the Human Resources department with links that contain malicious code. And mobile apps can also generate pop-up windows that unwary users often click to download without adequate foresight.

A fact of life in the digital world is that people are tricked into downloading malware, or malicious software code, through these and countless other tactics. By some estimates, there were more than 1 billion instances of downloaded malware detected in just the past year. Once malware has infiltrated a device, fraudsters can use it to “root” devices. This bypasses the security built into the operating system to enable the device to respond to secret instructions from cybercriminals.

U.S. companies pay $3.82 million annually to resolve malware attacks, according to research from Accenture and the Ponemon Institute.

Remote Access Trojans (RATs) are small, automated programs that open up a secret backdoor that allows fraudsters to take over a device from afar. This can turn a legitimate device into a “bot.” Or, the tactic might piggyback on a legitimate, fully-authenticated session in which a user is shopping or banking online banking so fraudsters can steal user credentials and other personally identifiable information. For example, experts believe hackers used a RAT to spy on employees at the Bank of Bangladesh before an $80 million heist in 2016.

Once the operating system on a device is compromised, cybercriminals can use it to infect other vulnerable devices, quickly creating a botnet. At a time and place of their choosing, fraudsters are then free to activate this botnet to launch attacks. This often includes mass testing of identity credentials on websites using email addresses and passwords stolen elsewhere on the web.

Other schemes, such as Man-in-the-Browser (MitB), Man-in-the-Middle (MitM) and other variants, can be just as dangerous, if not more so. Typical attack modalities include links on social media posts and banner ads. Once unsuspecting users click on these, malware embeds itself into the web browser and can be triggered when a user accesses specific destinations, such as banking sites.

Once activated, cybercriminals can intercept and manipulate information the user submits during a session, and secretly make transactions without detection by the user or the web application. In 2010, an international crime ring got away with $70 million through “ZBot” MitB attacks on banking customers.

On a global basis, losses from malware attacks now average $11.7 million per company, per year, according to research from Accenture and the Ponemon Institute.

For this reason, real-time threat detection is considered by many to be an important component of digital identity.

During the authentication process, the integrity of the device, its applications and the digital connection to a business’s website need to be assessed. This requires robust malware detection tools. Deep packet inspection is also used to examine data being exchanged on a computer network to determine if it has been secretly altered in any way.

This eBook helps businesses understand the complex attack vectors in an evolving cybercrime landscape

Additionally, by using context-based information to perform behavioral analysis of users during periods of normal operation, businesses can compare that information to the data gathered during a botnet attack, helping them differentiate between a human and a bot in real time.

This kind of real-time threat detection within a digital identity network exposes these threats on a global basis, so that an attack identified by one business can be detected and neutralized by all.

Next up: The Digital Identity Maturity Model



Test Your Knowledge! Take the Quiz!