The recently released May 2009 Online Fraud report from RSA Security Inc.'s Anti-Fraud Command Center provides information for credit unions and others about the latest fraud trends and forecasts for the next 12 to 18 months.
These include:
> Muling--the evolution of recruitment scams directed towards unsuspecting individuals to aid in the monetization of stolen goods;
> Evolving supply chains, including fraud-as-a-service, which helps online criminals commit fraud;
> Significant increase in attacks against the enterprise;
Evolution in crimeware and attack vectors including: a rise in use of the latest crimeware delivery method; fast-flux botnets (a network of compromised computers); improvements in both Trojan functionality and infrastructure; and consolidation of "traditional" phishing and malware attacks.
The number of phishing attacks in April dropped 7% from March attacks, the report said.
In the next 12 to 18 months, RSA said it expects to see an increase in enterprise fraud in which online criminals can gain access to sensitive corporate data such as intellectual property and business plans.
To stay ahead of the fraudsters, RSA recommends that companies deploy a layered approach to security, which has three core elements:
> Understand the threat landscape--Organizations must understand the threats that are targeting their business and the relative risks they pose. By doing so, organizations can mitigate the risks of online fraud or even prevent it from occurring at all.
> Use multi-factor authentication to protect the login--Username and password authentication is not enough to protect access to sensitive data today. Multi-factor authentication--including two-factor and risk-based authentication--are critical to preventing unauthorized access to a user's sensitive and personal data.
Monitor transactions and activities that occur post-login--Going beyond authentication solutions that can challenge users to assure their identity login, organizations should consider implementing a transaction-monitoring solution that analyzes and challenges high-risk transactions after login has occurred. Transaction monitoring can help identify suspicious post-login activities and mark them for further review.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment