Asia's Source for Enterprise Network Knowledge

Wednesday, May 22nd, 2019

Security

Removing the cyber criminal’s mask of anonymity

Cyber crime is a serious business in Asia Pacific, with over US$1.7 trillion lost to cyber attacks last year, equating to 7% of the region’s GDP and representing around a third of overall global cyber crime.

This is largely because digitalization is rapid and technologies to combat cyber threats aren’t being implemented quickly enough to keep up; as fast as detection and prevention techniques improve, cyber crime continues to become more sophisticated. Attitudes towards cyber security are outdated, with a survey of IT and business decision makers revealing that although half have experienced a cyber attack, only a fifth see cyber security investments as a business differentiator.

With an ever-increasing number of entry points for cyber crime in the form of connected devices, a solution is needed to identify fraudulent users and block suspicious activity at the source – and IP geolocation provides a valuable tool to achieve this.

The simplicity of digital disguise

The major reason cyber crime is so difficult to detect and prevent is the borderless nature of the internet, which enables illegal activity to be executed from anywhere in the world. Fraud follows money and the internet makes this easier to do. From malicious scams and ransomware to account takeover or application fraud, the culprits can target businesses and users on the other side of the globe, with little risk of being caught.

Increasingly sophisticated criminal organizations can mask their true identity and location using a variety of proxies. These mechanisms include Virtual Private Networks (VPNs), proxy servers, TOR networks, hosting centers, and Domain Name Systems, which effectively make the user anonymous.

A case of mistaken identity

With the use of proxies to mask criminal activities widely understood, it might seem reasonable to block all online traffic that flows through these mechanisms. But the negative impact of doing so could be even greater than the effect of the crime.  Many people use proxies for perfectly legitimate purposes and businesses risk alienating these individuals by taking a blanket blocking approach.

VPNs, for instance, can be used to increase security, prevent tracking, and maintain privacy. They are also widely used to access restricted content and for cross-border communication. VPN use varies greatly by region but in countries such as Thailand, Indonesia, China, and Malaysia it is particularly high, and blocking all traffic coming through a VPN would mean obstructing up to 40% of internet users.  

With blocking all proxy users clearly not a viable option, eliminating cyber crime requires a more nuanced approach that distinguishes between legitimate proxy use and illegal activity. And this is where IP geolocation comes into its own.

Locating the cyber criminals

IP addresses are fundamental to internet access, making IP intelligence the best place to start when combatting cyber crime. Premium IP geolocation uses advanced traceroute technology layered with high quality third-party data to deliver granular information about a user’s whereabouts, as well as how they are accessing the internet.

IP data varies greatly in coverage and accuracy depending on the source, but premium IP geolocation data delivers a high level of granularity, allowing a user’s location to be reliably determined down to postcode level, without making them personally identifiable. When combined with connection characteristics, this data can be used to help determine suspicious connections without violating user’s privacy.   

Once the user’s location is reliably identified, this information can be used in a variety of ways. Smart rules can be implemented such as comparing the IP location with the user’s bill-to or ship-to location, and account log-ins from unusual or potentially high-risk areas can be highlighted. In addition, velocity patterns can be applied to identify where the user location changes at unexpected speed or in an illogical sequence, often signaling dubious activity. The more IP data layers a solution uses to analyze internet traffic, the more suspicious connections will be identified.

Highlighting suspicious activity enables further action to be taken. At the lower end of the scale this could simply mean marking it for further internal review, while at the other, more serious, end of the scale it will mean immediately inhibiting user access. Where the risk is judged to be moderate, a user verification request could be sent, either via email or SMS, to ensure the user really is who they claim to be.

Using exceptionally accurate IP geolocation data enables legitimate proxy users to be distinguished from cyber criminals, significantly reducing the chance of false positives where innocent users are mistakenly blocked. Where legitimate users are occasionally asked to verify their identity, this should not be a negative experience as it illustrates a responsible approach to cyber security. Applying a smarter approach to detecting suspicious activity not only increases detection rates and reduces false positives, but also improves the visitor experience.   

Cyber crime is a major issue that is continually evolving, and combatting it requires a sophisticated solution to identify and block suspicious activity at the source without compromising genuine users. IP geolocation delivers advanced intelligence that effectively removes the cyber criminal’s mask of anonymity and enables dubious activities to be detected and prevented, while maintaining a positive experience for authentic users.        

 

 

Steve Sawyer, Vice President of International Strategy, Digital Element