Risk-based authentication is no silver bullet for enterprises, notes Stu Vaeth, chief security officer of Diversinet, a supplier of token-based strong authentication solutions. Anti-fraud and risk-based authentication are great at weeding out phishing and man-in-the-middle attacks, he says, but they aren´t as secure as traditional two-factor authentication.
In March and April, small bunches of e-mail messages arrived at the offices of defense agencies and contractors in the U.S. and Europe. To recipients, the messages seemed credible: Each was addressed to a specific worker, with a valid return address within the organization and visual elements that made it look like internal e-mail.
Too sparse and sophisticated to trip anti-spam filters, the messages exploited a previously unknown hole in Microsoft Word that allowed them to slip by anti-virus filters. Those recipients who were unlucky enough to open the e-mails´ malicious attachments unwittingly installed a Trojan horse, which used the Internet Explorer Web browser to report back, through the network firewall, to machines in China and Taiwan.Read Full Story