Monday, October 18, 2010

University Breach Rasises Questions About Fraud Prevention

There are several news articles in today's press that remind us all of the damage and cost of not having the right security defenses in place. A study by the National Fraud Authority as reported in The Register claims that the UK loses $4.13B to Identity Fraud each year. According to the report the average theft results in $1530 in benefit to the thief. In these tough economic times, this is a dramatic drain on scarce resources and should underline why business should ensure they have the right fraud prevention and access management strategy in place to protect their customers.

The second article has to do with the recent breech at the University of North Florida had a breech which compromised over 100 thousand identities. Universities continue to struggle with identity security with a number of breeches over the last 5 years which have hit the headlines. The University has unique challenges with the number of students/identities that turn-over year quarter or semester. In some cases this is close to 25% per quarter or year. In addition, the students in some computer labs are inquisitive and experimenting with the latest hacks challenging even the toughest security measures. Ask any Network Admin at a major university about application and network security and you will hear some amazing stories. In some cases, way more exciting than corporate network security. However, this is a side-topic for another blog entry sometime.

The key to ensuring that you have the right level of protection is adding an additional layer of security and Oracle Adaptive Access Manager is a great solution for this purpose. Ensuring you have tools that allow for real-time response to rules you define on access helps prevent unauthorized access to applications and network resources. In addition, you can use features like One-Time Password to layer authentication security on key resources to ensure you combine something you know with something you have to improve security. Here is a quick intro to how Oracle Adaptive Access Manager can help.

Friday, October 1, 2010

Zeus Brought Down by Operation Trident Beach

I am finally caught up after a great week last week at Oracle Open World. And it was just in time to read about this great bit of international crime fighting bringing an end to an international cyber-crime ring using the Zeus Trojan to steal allegedly $70M. Details are still coming out but according to this article by The Register the crime ring was able to deploy Zeus and key-log individuals bank accounts and then use "money mules" to access the accounts and make withdrawls illegally. One thing is for sure you have to admire the naming capabilities of the team which came up with "Operation Trident Beach" which shows marketing doesn't have a monopoly on naming talent. Here is a quick paragraph taken from The Register article (full text here):
Trident Beach began in May 2009, when FBI agents in Omaha, Nebraska learned of automated clearing house batch payments to 46 separate bank accounts throughout the US. Agents eventually brought in counterparts from the other involved countries. The payments are a hallmark of Zeus scams, in which hackers break into victim bank accounts and then clean them out using the bank's ACH transfer system.

The thieves targeted small- to medium-sized companies, municipalities, churches, and individuals.

I was talking with Mark Karlstrand, the Product Manager for Oracle Adaptive Access Manager, and he mentioned that the product has two critical features that would have prevented this from happening. According to Mark: "The KeyPad virtual authentication device could have prevented the password theft via key-logger. The use of the passwords from Eastern Europe and other behavior anomalies could have been detected by OAAM real-time risk analytics." As more details come out about the cyber-crime ring and Zeus we will bring you details.