The Home of the Security Bloggers Network
Home » Security Boulevard (Original) »
Cybercrime is going up, not down, every year, despite the tens of billions of dollars companies invest in shoring up their information infrastructure. According to the Identity Theft Resource Center, 2021 was a record year for data breaches.
What’s more disturbing is that 78% of senior-level IT and IT security leaders—the people in the know—aren’t very confident in their company’s ability to ward off attacks. The pandemic-induced shift to remote work has them especially worried. Most feel less than prepared to secure the thousands of data remote connections to the corporate VPN.
IT security professionals are justified in their fears. Even the most sophisticated companies suffer attacks. SolarWinds, a company that helps enterprises manage their networks, systems, and information technology infrastructure, experienced a massive cyberattack that spread to its clients via software update patches. Those clients included some of the world’s largest companies, such as Microsoft, and government agencies, including the Department of Homeland Security.
New technologies quickly usher in new tactics used by cybercriminals. Hackers can launch ransomware attacks, take over networks and illegally infiltrate consumer accounts through diverse devices from anywhere in the world. And as the world saw with the SolarWinds cyberattack, these crimes can go undetected for months.
One more recent tactic involves the emergence of a new crop of “high-end, premium” VPN services that promise consumers a residential VPN proxy service. While consumers may believe they’re getting a security service that can help protect them while they work remotely, it is, in fact, the opposite. These services are after one thing and one thing only: The internet protocol addresses (IPs) used by legitimate U.S. customers that will ultimately be sold to people in other countries who wish to mask their true IP addresses. The good news is, cybersecurity pros can use that same IP data to determine benevolent online actors from malicious ones.
One of the tactics security professionals now use to stop criminal activity is to incorporate a range of IP data into existing platforms and technologies. This approach allows them to detect when a user is connected via a proxy and assess which kind of proxy is used (anonymous, transparent, public, etc.)
IP data can provide a lot of information, including location, connection type and proxy data, to name a few. Here are four examples of IP data that security professionals can use to detect and combat online fraud.
Connection type can be used to differentiate a legitimate actor from a bad one. For instance, we know that a hosting center can be a tool for traffic, not a source. Companies can examine traffic that originates from a hosting center in conjunction with data from internal sources, such as CRM records, to determine if a user is legitimate.
The same principle applies to proxy, VPN and queue servers. By evaluating the type of proxy used against high-quality proxy data, companies can begin to distinguish a reliable VPN from a mechanism that is more suited to suspicious activity.
Any company that conducts business online and accepts digital payments can incorporate both proxy and VPN data into their automated transaction decisions. For instance, they can implement smart rules to verify consumer IP addresses automatically and determine if a particular transaction should be reviewed or declined.
Streaming services can use proxy and VPN databases to determine which IP addresses to geo-block to protect its content from piracy.
IP geolocation allows security teams to better balance risk management. For example, IT administrators can implement smart rules that flag activity like logins, especially when they originate from unusual or high-fraud locations.
Companies can secure internal networks by tracking speed patterns and identifying suspicious trends, such as people jumping between locations at illogical speeds or in illogical order.
Once security teams analyze these issues, they can then decide how to proceed. For instance, suspicious activity that poses a low threat can be flagged for additional review and user authentication, such as asking a user to send an email or confirm their identity via SMS. Meanwhile, serious threats can be blocked immediately to prevent damage. Along with reducing false positives, this approach demonstrates to consumers that companies are committed to cybercrime prevention.
Cybercriminals have tremendous financial incentives to hone their craft. Cybersecurity Ventures predicted that global cybercrime costs will continue growing 15% each year, costing the world $10.5 trillion in damages by 2025. But security professionals are not defenseless. IP data is a powerful antidote to nefarious masking attacks.
Josh Anton is an UVA McIntire Alumni, the founder of Outlogic, and the current Chief Strategy Officer for Digital Envoy, parent company of Digital Element. For more information on using IP data to combat online fraud, download the whitepaper “Leveraging IP Data to Fight Cybercrime.” Other ventures Josh has played an active role include being the former CMO of Hungry, and co-founding an Influencer Marketing Agency called TrendPie that sold in 2018. Josh has spoken for TedX UVA and for UniLever in London on social entrepreneurship. As CSO, Josh directs and develops high quality business strategies and plans, which ensure the organization’s alignment with short-term and long-term business objectives
josh-anton has 1 posts and counting.See all posts by josh-anton
The Home of the Security Bloggers Network