Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/28/2012
10:26 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cybersecurity -- A Vital New Year's Resolution For Business And Consumers

ThreatMetrix has identified top cybersecurity trends and risks that will impact businesses and consumers across several industries in 2013

San Jose, CA – December 19, 2012 – ThreatMetrix&trade, the fastest-growing provider of integrated cybercrime prevention solutions, today announced the most threatening cybersecurity trends and risks businesses and consumers must keep top of mind in 2013. These include cyberwarfare, data breaches, migrating malware, bring-your-own-device (BYOD), cloud computing, and mobile and social media fraud.

In today's threat environment, the reach of cybercriminals expands to more industries each year, with financial services, insurance, retailers, enterprises and government agencies especially vulnerable to new threats.

"This year, cybercriminals have become so advanced that security professionals are struggling to detect many of their attacks in a timely manner," said Andreas Baumhof, chief technology officer, ThreatMetrix. "As nearly every industry is increasingly targeted, businesses and consumers must make cybersecurity a top priority in 2013 to prevent fraud and malware attacks."

ThreatMetrix has identified top cybersecurity trends and risks that will impact businesses and consumers across several industries in 2013:

Government

· The Emergence of Cyberwarfare – Stuxnet -- the virus allegedly developed by Israel and the United States to sabotage part of the suspected Iranian uranium enrichment program -- foreshadows a new generation of warfare. James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, indicated that at least 12 of the world's 15 largest militaries are currently building cyberwarfare programs, and other government agencies worldwide should follow suit and prepare for imminent cyberwarfare.

· Government Agencies are in the Crosshairs of Cybercriminals -- Government agencies, from U.S. federal to state, are under attack from cybercriminals including the hacktivist group Anonymous and foreign governments. Chief among these in 2012 were attacks and data breaches on the U.S. Navy, NASA, the California Department of Social Services, Department of Homeland Security, and the Wisconsin and South Carolina Departments of Revenue. As a result of these attacks, millions of Americans' bank account numbers, personal identities, financial records, usernames, passwords, email IDs and security questions were compromised and these attacks show no sign of ending.

E-Commerce and Financial Services

· Data Breaches Will Continue to Place Top Brands at Risk-- Data breaches continued at an alarming rate in 2012 including cyber attacks on such high profile brands as Yahoo, eHarmony, Zappos, LinkedIn, eHarmony, Global Payments and many others. Such attacks are expected to continue in 2013 as more security weaknesses are discovered by cybercriminals.

· Malware is Trickling Down to Retail, Alternative Payments and Digital Currencies – Malware, historically targeted at financial institutions (FIs), will increasingly affect retailers, alternative payments and digital currencies in the New Year. These targets lack the same stringent levels of malware protection that FIs have spent years developing. Retail customers who typically use the same password and save login details across several accounts are also placed at greater risk for fraud.

Enterprise

· BYOD Trend Increases Risks – The BYOD trend common in today's corporate world increasingly opens the door for cybercriminals. They are becoming more adept at designing malware that turns employees' devices – smartphones, tablets, PCs – into unwitting attackers of their own companies or accounts. In 2013, BYOD will continue contributing to today's malware threats through shared devices, search engine poisoning, image searches, hidden URLs and syndicated advertisements.

· Cloud Computing Increases Risk – As enterprise systems move to the cloud, this makes businesses more vulnerable to security breaches – the cloud is much easier for fraudsters to attack than traditional behind-the-firewall systems.

Insurance

· Insurance at Risk from Mobile and BYOD – Cybercriminals are also targeting insurance companies with identity takeover by using stolen credentials to access financial information. Insurance companies need to expand their security measures beyond passwords and multi-factor authentication. Layered, integrated defenses provide a more accurate picture of who is connecting to applications, and whether devices are infected with malware or disguising as a cybercriminal.

Mobile and Social

· As Mobile Grows, Fraud Risk Increases – Mobile transactions are projected to reach $1 trillion by 2017, making businesses and consumers more vulnerable to fraud and malware attacks on mobile devices. Retailers and FIs do not have the bandwidth to monitor every transaction for suspicious activity, so consumers must take measure to protect their accounts.

· Social Media Spam and Fraud – Social media sites are making an effort to decrease the prevalence of spam and fraud in 2013, but this can be tricky - oftentimes these sites operate on several platforms through social registration, comments, voting/widgets and others. Administrators of sites such as Facebook and Twitter must take all platforms into consideration for their cybersecurity strategy.

"As more business transactions and activities move online, almost no industry is completely safe from fraud," said Baumhof. "The best way for businesses and consumers to stay protected is to put preventative measures in place before it's too late. While cybersecurity and fraud prevention seems unnecessary for some businesses, cybercriminals are so sophisticated today that they can't be kept at bay for long without appropriate strategies in place."

About ThreatMetrix

ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions. The ThreatMetrix&trade Cybercrime Defender Platform helps companies protect customer data and secure transactions against fraud, malware, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The Platform consists of advanced cybersecurity technologies, including TrustDefender&trade ID, which is cloud-based, real-time device identification, malware protection with TrustDefender&trade Cloud and TrustDefender&trade Client, as well as TrustDefender&trade Mobile for smartphone applications. Recently named to the Wall Street Journal's "Next Big Thing" listing of the top 50 start-ups in the U.S., the company serves a rapidly growing global customer base across a variety of industries, including financial services, e-commerce, payments, social networks, government, and healthcare. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...