Though last week’s announced breach of 6.5 million LinkedIn Corp. passwords may not have sent immediate shockwaves through the payments industry, data-security vendors warn that cybercrooks tend to have payment card and personal data targets in mind once they steal social network passwords.
Three security firms–Chicago-based Trustwave, New York-based Socure LLC and Ireland-based ValidSoft Ltd.–on June 12 announced plans to offer products to further bolster data security for businesses, financial institutions and social networks.
Cybercriminals use sites such as LinkedIn to obtain information and to identify individuals within organizations most likely to have access to confidential personal or payments data, Cas Purdy, a Trustwave spokesperson, tells PaymentsSource.
When an attacker zeroes in on a business, he often will go to a site such as LinkedIn to find a specific person in that company to target with a malicious software attack, Purdy explains. After doing more homework, the attacker then may send an email to that person, stating a fictional company has concluded a survey related to a topic the person is likely interested in with a link to view it, he adds.
“That link actually sends you to a malware-infested website,” Purdy says. “You’re now infected, but the email looked real so you had no reason to suspect you actually installed something on your machine that is now going to crawl across the network looking for credit card information.”
To thwart such attacks, Trustwave on June 12 touted enhancements and additions to its cloud-based Secure Web Gateway products during the Gartner Security and Risk Management Summit in National Harbor, Md.
As part of its gateway upgrade, Trustwave has added the Vulnerability Manager to keep organizations informed about potential weak spots in their payment or data systems.
The cloud-based Vulnerability Manager provides a more-advanced internal and external scanning of network security that goes beyond monitoring Payment Card Industry data security standards compliance, seeking areas that cybercriminals could exploit to carry out malware attacks, Purdy notes.
Other key components of the malware defense include File Integrity Monitoring, which warns of potential malware presence, and Managed Unified Threat Management, which reduces the time and opportunity for malware to enter an organization’s network.
Earlier this year, Trustwave introduced increased protection for software applications that customers use to enter and move around a merchant or bank website and that cybercrooks enter to attack payments systems (see story).
In a separate announcement, Socure, a social network security provider, said it would partner with fraud-protection vendor ValidSoft to develop SMART social software designed for social network identity authentication and verification.
SMART (Secure Mobile Architecture for Real-Time Transactions) also verifies security of transactions between social networks, financial services and other services where privacy and data integrity is critical, the companies stated.
Socure plans to launch its new security software for the social web later this year.
Pat Carroll, ValidSoft CEO, contends his company can help fill the need for heightened security on social networks.
“We see incredible potential for ValidSoft services in social network authentication and verification applications,” Carroll stated in the press release. “We believe this will become a very important aspect of social-media sites based of the recent hacking of LinkedIn users which creates a massive phishing opportunity for fraudsters.”
Traditional security methods are inadequate and unsuitable for the world of mobile social networks, Carroll said.
The announcements appeared timed to coincide with the aftermath of the LinkedIn breach, but the companies’ actions illustrate the speed at which reinforced security measures must be made available to vulnerable networks.
Data-security analysts often have said cybercriminals work around the clock to find ways to steal personal and payments data, so security vendors must be quick to react.
At the same time, social-network security has been under scrutiny and was heightened by the LinkedIn incident. Because cybercrime has long-ranging ripple effects, any breach on a social network has to be looked upon in the payments industry as a potential way for bad guys to find a mother lode of payments data someplace else.
What do you think about this? Send us your feedback. Click Here.