Richard Blech and Philip Lieberman commented on news from IBM , in which senior threat researcher John Kuhn blogged that The Dyre Wolf malware has been used to steal more than $1 million from businesses within the past month and the attacks involve sophisticated social engineering.
Richard Blech, CEO, Secure Channels (www.securechannels.com):
“If the definition of technology is the application of scientific knowledge for practical purposes, especially in industry, why are we blaming the user for not knowing enough? Technology leaders need to stop blaming the user for inadequacies and ‘needing training.’ Our duty in the technology industry is to provide options for the user, based on innovation not blame. By forcing the user to call in with the Dyre Malware, it is basically the human being breached by forcing them to engage with the nefarious entity. Rather than allowing the hacker the access, let’s up our technology to multi-factor authentication and simplify the process at the same time. We need to innovate multi-factor authentication, including tokenized Identity using binary and biometrics resources which avoid outdated, easily hacked, and easily forgotten alphanumeric passwords of yesterday. The hackers may be able to hack the human, but they cannot hack the heart. Designing authentication based on emotional memory rather than rote will simplify the burden for the user. This explains the differences between IT and TI — Technical Innovators use technology to design and make changes that enhance the life of its users, not train them to accept complacency.”
Philip Lieberman, president, Lieberman Software (www.liebsoft.com):
“The attack was very well targeted and hit a generally non-tech savvy audience outside the United States. Unfortunately the same advice goes about not clicking on links or opening attachments when you are not expecting them. The statistics are generally in favor of the attackers in this and most other cases that will reward them handsomely for their efforts. I expect that attacks will pick up outside the USA as criminals exploit the generally poor security of EMEA-based individuals and companies that are hamstrung by their government’s regressive privacy policies that protect criminals.”
About Secure Channels
Secure Channels Inc. is a cybersecurity firm leveraging robust, state-of-the-art patented encryption technologies and authentication solutions compatible with every type of data available today. Fostering innovative disruptive technologies while still being user defined has become a cornerstone for Secure Channels. The development of patented unique processes that harden encryption and envelop resources renders the data unbreakable and useless to the hacker leaving them with only bits and bytes. By using its Proximity Technologies and securing data through IoT Devices, Secure Channels will be delivering real time analytics, payment processing, and data collection to any mobile platform or device. Secure Channels provides impenetrable cybersecurity far in excess of any existing encryption systems available.
About Lieberman Software Corporation
Lieberman Software provides award-winning privileged identity management products to more than 1200 enterprise customers worldwide, including nearly half of the Fortune 50. By automatically locating, securing and continuously auditing privileged accounts, both on-premises and in the cloud, Lieberman Software helps protect access to systems with sensitive data, thereby reducing internal and external security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. The company developed the first solution for the privileged identity management space, and its products, including Enterprise Random Password Manager (ERPM), continue to lead the market. Lieberman Software also provides a mature line of Windows security management tools. The company is headquartered in Los Angeles, CA, with offices and channel partners located around the world. For more information, visit www.liebsoft.com
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.