25 February 2018
Uri Rivner

The Joy of Fraud Fighting

Uri Rivner - BioCatch

78Posts 367,151Views 36Comments
Innovation in Financial Services

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

How many Fortune 500 Companies Compromised? Answer Inside

12 May 2010  |  3341 views  |  0

In the last few weeks I’ve been talking to some of the corporations hit by famous Operation Aurora; the attack that triggered the Google-China virtual war.

The CISOs of these companies are facing a daunting task. These incidents reached board-level attention, and left many questions unanswered. How good are the traditional defense mechanisms? What control do I have over what my employees do at work and at home? What sort of data is stolen from the corporate?  Is there anything that can be done to identify and seal all the gaps? And what exactly is the scale of the threat? Is it an industry-wide problem?

RSA’s latest whitepaper on Cybercrime (registration required) addresses the last question. To be more exact, it asks the following question: how many Fortune 500 companies have compromised PCs running Trojans?

Take a guess.



Would you dare say 30%?

The correct answer is 88%, and truth be told, this is probably a conservative estimate. Virtually every company has employees that were infected with Trojans, and bring the problem into the office. These Trojans are busy moving terabytes of corporate data to stealthy drop zones scattered around the Dark Cloud of Cybercrime infrastructure.

After all, it’s a numbers game. Zeus, a highly popular Trojan kit, runs on 3.6 million computers in the US, and that’s a conservative estimate. Mariposa had 12.7 million PCs infected including those belonging to half of the fortune 1000 companies. If you have tens of millions of consumer PCs infected, you’re bound to have tens of thousands of fortune 500 resources infected.

Then there are targeted attacks. In Operation Aurora employees of 34 mega companies including Google, Intel, Adobe as well as giant defense contractors, utilities and media companies got emails containing a corrupt PDF document; when they opened it, a chain of vulnerabilities led to the hijacking of their PCs, allowing the Cybercriminals access into the corporate network from the compromised machines.

In other types of Trojans such as Zeus, the employees are typically infected at home when they are not connected to the network (although some infection happens during work and behind the firewall). Most of these infections are on laptops – a phenomenon I dubbed Curse of the Were-Laptop. It can also be a remote-access PC, i.e. a private computer that is allowed to establish a VPN connection to the network. And it can be a mobile device such as a Smartphone.

You don’t have to be stupid to get infected. Drive-by-Download infection happens automatically whenever you surf into a compromised site – the latest example is the US Treasury website (don’t worry, you can click on the link) – and you happen to have an un-patched component (including basic Internet tools like Flash, Java or Acrobat Reader, not to mention browser or operating system). You can also be tricked to download something – for example when a social network buddy sends you a link to a ‘cool video’.

Once infected, the Trojan will start recording all Internet related traffic, perform keylogging, grab emails, browser-stored passwords, and a long list of additional items. The Trojan doesn’t stop at online banking credentials and credit card data: it steals your social network posts, your medical content, your private chats, your constituent letters, and all of your work related content: credentials for internal systems, emails you sent or received, corporate financial results, sensitive customer-related web forms you completed in CRM systems.

If you see the corporate data floating around in Trojan motherships, you get goose bumps. It’s a hair splitting, nerve wracking experience.

All of this means one thing: the battlefield is changing. Employees, rather than networks, are now in the front. And the industry needs to build a new defense doctrine against these emerging threats.


RSA Cybercrime Research TagsSecurity

Comments: (0)

Comment on this story (membership required)

Latest posts from Uri

Brazil vs. Germany: A Surprising Find

12 July 2014  |  3876 views  |  1 comments | recomends Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

Sweetheart Scams: When Fraudsters Turn to Romance

30 June 2014  |  3150 views  |  0 comments | recomends Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

BitCoin Explained: How to Become a BitCoin Thief - part 1

04 December 2013  |  22469 views  |  1 comments | recomends Recommends 1 TagsMobile & onlinePaymentsGroupInformation Security

A Message from Hell

01 October 2013  |  3806 views  |  0 comments | recomends Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

Uri's profile

job title Head of Cyber Strategy
location Tel Aviv
member since 2008
Summary profile See full profile »
Internet. The perfect fraud frontier. These are the thoughts of Uri Rivner, head of Cyber Strategy at BioCatch and formerly Head of new technologies, identity protection, at RSA, the security division...

Uri's expertise

Member since 2008
78 posts36 comments
What Uri reads

Who's commenting on Uri's posts