The business risk associated with employee web accounts, both personal and corporate, has risen dramatically over the past year. By focusing on the hijacking of web accounts, Cyber criminals have found an easily accessible link to sensitive corporate data and communications channels that can be sold or manipulated for profit. Through phishing, whaling, exploitation of browser vulnerabilities, malware, and DNS attacks, criminals are constantly trying to steal web login information for the SaaS business application, social network, Webmail, online banking, and system administration service accounts.

 

Corporate Web Accounts

In a typical corporation, it is almost impossible to map all the corporate web accounts used by employees. The following are some examples:

  • SaaS Business Applications - Use of SaaS applications for CRM, support, traveling, accounting, payroll, recruiting, advertisement, press releases, document editing, and more, has become commonplace. In addition, developers, analysts, executives, and other privileged employees hold web accounts with access to sensitive registration-based technical and professional resources (such as Gartner and MSDN).

  • Social Networks - An increasing number of businesses use social networks for marketing and customer relations. Twitter and Facebook accounts have become a popular channel for corporate communication with existing and potential customers. Similar to a corporate website, a corporate Facebook or Twitter account is strongly associated with the corporate identity, and reaches a wide audience in a very short timeframe. Criminals value not only corporate accounts; they also value the accounts of executives and key personnel within the organization.

  • Webmail - Many enterprises provide Webmail access to employees. While some enterprises require strong authentication hardware devices to allow their employees to connect to their Webmail system, most enterprises rely on simple username/password credentials.

  • Online Banking - The company bank account is accessible to various employees in the finance department. By hijacking corporate bank accounts and other financial services accounts, criminals gain access to sensitive information and commit various types of fraud scams. Note that Regulation E, which generally holds that consumers are not liable for unauthorized transactions against their bank accounts, does not apply to business account holders. If a company’s bank account is hijacked, and someone manages to clean out that firm's bank account, the company's bank is under no obligation to make that customer whole again.

  • Administrative Systems - System administrators have access to various online services. For example, the company’s DNS records can be accessed and controlled through an online service. Other accounts provide access to the company’s website management system, web analytics systems, security systems, and more. By hijacking these accounts, criminals can gain control over the company’s website and servers.

 

Web Account Challenges

Web accounts are similar to other types of system accounts used by employees. Unauthorized access to these accounts and unauthorized use of these accounts can have severe security and regulatory implications. The two main challenges that corporations face with web accounts are:

Monitoring: The ability to identify the various web accounts that employees hold for work purposes is a complex task. Once identified, these accounts must be evaluated, constantly monitored, and in some cases, restricted. Accounts used by departed employees must be identified, and then revoked or reassigned.

Protection: Web accounts can be hijacked by simply stealing the employee login credentials to these accounts. Once stolen, criminals can use the credentials to access sensitive information, and to perform operations on behalf of the employee. Three basic techniques are used to hijack web accounts: phishing/whaling, browser vulnerabilities and malware, and DNS attacks. As criminals develop new techniques, it is becoming more and more difficult to protect accounts from being hijacked.

 

How Trusteer Can Help

Trusteer Rapport is a service for monitoring and protecting web accounts. The service consists of a lightweight and transparent browser plug-in, as well as cloud-based management and monitoring interfaces.

Monitoring: The Trusteer plug-in automatically and transparently identifies all web accounts used by employees. Through an easy to use web interface, the corporation can view the various web accounts. Login views to specific sites, new accounts, dormant accounts, forbidden accounts, web accounts used from multiple computers, accounts used by departed employees, and more, are all easily accessible. Access restrictions can be applied to each account.

Protection: The Trusteer plug-in automatically protects login information for these accounts against phishing, malware, and DNS attacks. Protection services are delivered in three phases, thus providing a secure path from employee fingertips to websites that they visit. Firstly, login credentials are encrypted from the keyboard to the browser. This prevents keyloggers from reading credentials before entering the browser. Secondly, the plug-in locks down the browser. The plug-in protects credentials which an employee enters into the browser, until they are submitted (via browser SSL) to the relevant website. In addition, the plug-in prevents malware and browser exploits from accessing credentials while they reside within the browser. Thirdly, destination websites are authenticated before sending login credentials, to prevent DNS or phishing attacks.

 
Privacy PolicySitemap

Copyright ©2009 Trusteer. All Rights Reserved.