As an outsource security partner BAI provides managed security, managed firewall, managed ids, content filtering, internet security, network security, penetration testing, and vulnerability testing.

managed ids, content filtering, outsource security, vulnerability testing, internet security, managed intrusion detection, managed firewall, security audit, penetration testing, network security, information security, managed security, Firewall Notification, Voice Over IP, Fixed Costs, Security, Auditing, Reporting, Policy, Monitoring, Networks, Protection

  BAI Security works with internal IT teams to provide firewall and IDS management, content filtering, custom threat alerts, Internet and network security and penetration and vulnerability testing.BAI Security works with internal IT teams to provide firewall and IDS management, content filtering, custom threat alerts, Internet and network security and penetration and vulnerability testing.  
  ServicesAbout UsPartnersNewsContact  
   
 
 
Articles & Press Releases

Cybercrime Data Repositories – On the Rise!

In the past 90 days alone there have been several major stories about more than five Cybercrime Data Repositories being discovered.  More than 60 organizations (mostly banks), thousands and thousands of customer records, user names, passwords, account numbers, social security data and credit card information were found.

The source: unsuspecting financial institutions, businesses, hospitals, and home shoppers.

It is estimated that more than 65% of the data found on these servers was bank customer data.  In addition, there was purchase transaction information, website logon credentials, business remote logon credentials, email passwords, patient data, and specific confidential email communications to mention a few.

As mentioned, the data was harvested from Trojan-infected PCs within businesses, as well as individual’s homes.  The Trojan-infected PCs would capture the user’s keystrokes, filter key pieces of information and dump the contents to these data repositories where it was stored without authentication requirements or encryption of any kind were it would be easily accessible to criminals.

"The scope and ramifications of this particular incident are staggering," says Viveca Ware, director of Payments and Technology Policy at the Independent Community Bankers of America (ICBA). "It is very unusual to have such a diversity of information available on one server in one location." "It looks like a one-stop shopping location for criminals to get information," Ware says.

“The significance of so many repositories being found in such a short time is huge”, as noted by Michael Bruck, President of BAI Security, a leading Managed Security Service Provider (MSSP).  “We’ve been concerned for some time now about the possibility of criminals setting up a system similar to a peer-to-peer file sharing system where identities and confidential information is shared in a web of geographically-disperse servers,” Bruck says.  “These initial findings do not indicate such a system exists today, but it could certainly be the early stages of things to come.” concludes Mr. Bruck.

Doug Johnson, Vice President and Senior Advisor, Risk Management Policy at the American Bankers Association, notes that compared to last year's arrest of criminals in South Florida caught with 250,000 credit card numbers (Six were arrested after committing $75 million in credit and debit card fraud), orders of magnitude come into play. "The bottom line is data breaches are a fact of life these days and we take every threat seriously," Johnson says.

The Federal Bureau of Investigation and other law enforcement agencies in Germany, France, India, UK, Spain, Canada, Italy, Netherlands and Turkey are all pursuing the issue based on the origin of the data found. The U.S. investigation is in the hands of the FBI. Paul Bresson, spokesperson at the FBI's national press office in Washington, DC. would not comment on the crime server or what it contained. "As a policy we don't discuss information or acknowledge that information was received when investigations are initiated or while an investigation is ongoing," Bresson says.

 

Why and What Can Be Done

“The days of traditional firewalls and AntiVirus software protecting your organization’s PCs are long gone.” A senior IT Security Auditor at BAI Security notes.  “These days we still see many environments where internet-bound communications from within organizations using these basic protection mechanisms is not monitored or even limited in any way.  These sites can get infected and the administrators may never know that Trojans and/or Spyware is actively capturing data and keystrokes and posting it on Internet-based Cybercrime servers.” 

As noted by BAI engineers, many organizations these days focus solely on the external threat to internal systems, that they completely overlook the very serious and growing threats lurking inside their own environments and let confidential information simply flow out undetected.  “It is a fact that traditional firewalls and Antivirus software cannot effectively detect and block this activity.  Hence, the push by regulators and security professionals for 24/7 monitored Intrusion Prevention and Content Management systems that can identify malicious systems causing such anomalies within typical Internet communications.” Notes BAI Security.

The bottom line is that organizations need to lock down unnecessary outbound communications, but at the same time realize the growing importance of closely monitoring all existing traffic to ensure their confidential data is not getting stockpiled in a Cybercrime Data Repository.  For more information and solutions to these types of threats contact BAI Security today!

  

Find out how the professionals at BAI Security can help you secure your business. Contact Us Today »

 

Sign up Now!
 
 

    © 1995-2010BAI Security Inc. All Rights Reserved. Privacy Policy | Sitemap