Cybercrime is going up, not down, every year, despite the tens of billions of dollars companies invest in shoring up their information infrastructure. According to the Identity Theft Resource Center, 2021 was a record year for data breaches.
What’s more disturbing is that 78% of senior-level IT and IT security leaders—the people in the know—aren’t very confident in their company’s ability to ward off attacks. The pandemic-induced shift to remote work has them especially worried. Most feel less than prepared to secure the thousands of data remote connections to the corporate VPN.
IT security professionals are justified in their fears. Even the most sophisticated companies suffer attacks. SolarWinds, a company that helps enterprises manage their networks, systems, and information technology infrastructure, experienced a massive cyberattack that spread to its clients via software update patches. Those clients included some of the world’s largest companies, such as Microsoft, and government agencies, including the Department of Homeland Security.
New Technologies, New Tactics
New technologies quickly usher in new tactics used by cybercriminals. Hackers can launch ransomware attacks, take over networks and illegally infiltrate consumer accounts through diverse devices from anywhere in the world. And as the world saw with the SolarWinds cyberattack, these crimes can go undetected for months.
One more recent tactic involves the emergence of a new crop of “high-end, premium” VPN services that promise consumers a residential VPN proxy service. While consumers may believe they’re getting a security service that can help protect them while they work remotely, it is, in fact, the opposite. These services are after one thing and one thing only: The internet protocol addresses (IPs) used by legitimate U.S. customers that will ultimately be sold to people in other countries who wish to mask their true IP addresses. The good news is, cybersecurity pros can use that same IP data to determine benevolent online actors from malicious ones.
IP Data and the Fight Against Cybercrime
One of the tactics security professionals now use to stop criminal activity is to incorporate a range of IP data into existing platforms and technologies. This approach allows them to detect when a user is connected via a proxy and assess which kind of proxy is used (anonymous, transparent, public, etc.)
IP data can provide a lot of information, including location, connection type and proxy data, to name a few. Here are four examples of IP data that security professionals can use to detect and combat online fraud.
Connection Type
Connection type can be used to differentiate a legitimate actor from a bad one. For instance, we know that a hosting center can be a tool for traffic, not a source. Companies can examine traffic that originates from a hosting center in conjunction with data from internal sources, such as CRM records, to determine if a user is legitimate.
Proxy Data
The same principle applies to proxy, VPN and queue servers. By evaluating the type of proxy used against high-quality proxy data, companies can begin to distinguish a reliable VPN from a mechanism that is more suited to suspicious activity.
Any company that conducts business online and accepts digital payments can incorporate both proxy and VPN data into their automated transaction decisions. For instance, they can implement smart rules to verify consumer IP addresses automatically and determine if a particular transaction should be reviewed or declined.
Streaming services can use proxy and VPN databases to determine which IP addresses to geo-block to protect its content from piracy.
IP Geolocation Data
IP geolocation allows security teams to better balance risk management. For example, IT administrators can implement smart rules that flag activity like logins, especially when they originate from unusual or high-fraud locations.
Speed
Companies can secure internal networks by tracking speed patterns and identifying suspicious trends, such as people jumping between locations at illogical speeds or in illogical order.
Once security teams analyze these issues, they can then decide how to proceed. For instance, suspicious activity that poses a low threat can be flagged for additional review and user authentication, such as asking a user to send an email or confirm their identity via SMS. Meanwhile, serious threats can be blocked immediately to prevent damage. Along with reducing false positives, this approach demonstrates to consumers that companies are committed to cybercrime prevention.
Staying One Step Ahead
Cybercriminals have tremendous financial incentives to hone their craft. Cybersecurity Ventures predicted that global cybercrime costs will continue growing 15% each year, costing the world $10.5 trillion in damages by 2025. But security professionals are not defenseless. IP data is a powerful antidote to nefarious masking attacks.
By Security Boulevard