Businesses should get proactive about identifying potential account breaches: Akamai

Use big-data security analytics tools to see if compromised customer or supplier accounts are being used as conduits for economic crime

Empowered by big-data analysis, security researchers are finding new ways to pinpoint the sources of botnets, login account hacking and fraud exploits that will allow businesses to proactively evaluate and manage their exposure to financial and other risks.

Ongoing analysis of attack traffic – through correlation of malicious traffic, scraping of login details, geolocation information, usage patterns and more – has helped Akamai security researchers in a new effort to analyse and categorise active botnets that has already classified more than 1300 such attack pathways.

These and other suspicious sites are being monitored for questionable activity and tagged with reputation scores that are helping surface new relationships and attack patterns that show, for example, where a particular attacker has been using scripts to launch automated password-reuse checks across a large number of sites.

“It has taken us many years to get to this point but we have a lot of customer data from around the world and we're feeding that into a big-data engine,” the company's APJ security chief technology officer Mike Smith recently told CSO Australia.

“Reputation scores help a business see that someone was, say, attacking the site of a competitor in the same industry or geography,” he continued. “You can learn from the attacks against everybody else, but in an abstract way so you don't know who it was.”

Many attacks are “really simple stuff” that are more distinctive for the patterns of activity that they generate – large numbers of requests to or from a single IP address in a short period of time, for example – than their actual authorship.

Analysis was starting to show hotspots of activity where fraudsters were leveraging personal information to extract details of loyalty programs to cash them in for gift cards and other negotiable instruments. Other analysis was revealing cases where an online merchant had been shipping items to people who have different names but the same shipping address.

“You start to use big-data techniques on your customer base looking for irregularities,” Smith explained. “If you can find out which domains are very popular but shouldn't be popular, that's where your fraudsters are.”

Economic crime has emerged as a major and growing problem as online cybercriminals refine techniques for harvesting large volumes of stolen account passwords, cloud-service credentials, personally identifiable information, and other data that can be used to infiltrate additional services and extract some type of financial reward.

PricewaterhouseCoopers' recent Global Economic Crime Survey 2016 hinted at the magnitude of the problem, culling responses from more than 6000 respondents across a range of industry sectors to find that existing methods for detecting criminal activity have become less effective over time.

Although 36 percent of surveyed organisations had experienced economic crime in the previous 24 months, fully 22 percent of the respondents had not conducted a single fraud risk assessment in the previous 24 months – leaving them wide open to exposure from evolving fraud techniques that are changing on a daily basis.

Given that two-thirds of CEOs surveyed agreed that there are more threats to the growth of their companies than ever, the low rate of detection and checking suggests “that too much is being left to chance,” the PwC analysis concluded. “In fact, our findings indicate that one in ten economic crimes are discovered by accident.”

Better utilisation of traffic analysis and big-data tools is finally providing ways for businesses to get more proactive about their defence against economic crimes.

“We are now at the point where we can identify where people are getting lots of login abuse,” Smith said. “If they have a large volume of traffic going to a target URL from individual IP addresses, they probably have an account takeover problem and we can proactively reach out to them.”

Having refined the company's data collection and analysis capabilities over the years, Akamai is now looking at ways of packaging up its analytics services to empower businesses to get more proactive about their investigation of suspected fraudsters.

“We're currently doing this with people but that doesn't scale out very well,” he said. “We're trying to figure out how to do bundles of packages so that customers can come with a problem and find a solution that can help them out.”

If big-data analytics can help them identify potential risk vectors based on contemporary hacking patterns, Smith reasons, businesses of all sizes will be able to leverage such tools to follow through on breaches – identifying where remote fraudsters have sought to use their stolen credentials for malicious purposes.

By comparing their internal customer databases with activity data that Akamai is collecting, businesses will be able to contextualise observed activity and respond to it more appropriately. They should also consider downloading copies of compromised credential databases to proactively identify user accounts – theirs, their customers', or their suppliers' – that may be exploited by hackers for nefarious purposes.

“All the smart folks are getting copies of that, which is normally a black-hat activity, and they are taking that to their customer database to find out about any customer accounts they have that could potentially be compromised,” Smith. “There are things like that that most companies should be doing, but probably aren't.”

Join the CSO newsletter!

Error: Please check your email address.

Tags fraud exploitsbotnetsdata breachAccount breacheslogin verificationcyber crimedata analysishackingcyber securityakamaifinancial risks

More about CSOPricewaterhouseCoopers

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place