Malicious Activity Detector

According to the FBI’s Internet Crime Report, the largest financial losses occur as a result of Email Account Compromise.  Hackers use a series of effective techniques to get access to an email account and use it for ACH fraud, information theft, and malware (ransomware) distribution.

Breach attack methods include:

• Email Malware Attachments (zero day)
• Credential Reuse
• Dictionary/Brute Force Attacks
• Social Engineering (malicious insider)
• Unsafe Email Links
• Obfuscation
• Shared Credentials
• Cloned login commonly called…  “Man in the Middle” Attack

Multi-factor Authentication (MFA) is one technique to prevent attacks.

Unfortunately, MFA fails against “Man in the Middle” and “Spear Phishing.”

B2B’s Malicious Activity Detector (MAD365) was co-written with Microsoft and sets and correlates activity against the following policies:

• Impossible Travel (login from two distant locations)
• Infrequent Country
• Anonymous IP address
• Multiple failed login attempts
• Creation of forwarding/redirect rule
• Suspicious email sending pattern
• Unusual multiple file download
• Unusual file deletion activities
• Unusual administrative activities

MAD365 uses a series of indicators to determine breach risk.

This risk information can be used to:

• Pro-actively suspend breached accounts
• Display a ranked report for manual remediation

John Chambers, CEO of Cisco is famously quoted as saying, “There are two types of companies: those who have been hacked , and those who don’t yet know they have been hacked.”

We would add a corollary that says, “Put barriers in place to prevent breaches. But more importantly, put processes in place to detect and stop breaches before they do harm.”