Original Article

With many cyberattacks and fraud campaigns today, the threats detected by risk and fraud teams are often only the tip of the iceberg. Most risk and fraud teams have yet to see the range of attack vectors that are available to attackers, who are harder than ever to spot due to the widespread use of device emulators, proxies, and other cloaking tools. With this in mind, we built an attack simulator capable of mimicking known attack MOs. The simulator is now available and can be previewed on demand by anyone who wants to experiment with and explore the impact of different attack scenarios…

The Cyber Hut Comment: Passwordless authentication provider-cum-CIAM platform vendor Transmit have released a tool to help organisations identify risk from their login and authentication systems. Fraud typically follows success digital projects - especially those in the financial services and eCommerce spaces where the risk to reward ratios are nicely in favour in benefiting the adversary once an automated attack has been created.

Transmit have created something called the Transmit Security Admin Portal, where you can select and then visualise common attacks such as spoofed devices and bots, with some basic configuration parameters including the number of requests and the type of request (login, registration etc). The output of this is essentially a hose-pipe like attack against your Transmit tenant - with recommendations on how to reduce the risk associated with the outcome.

The Transmit Risk, Trust, Fraud, Bots and Behavior Detection Service is then on offer to help sort that out.

This is an interesting model - where we start to see the IAM components overlap heavily with fraud - both fraud detection and fraud management - which have typically been managed by separate teams with the large enterprise. Organisations who are experiencing fraud (and they are increasing) would have dedicated fraud teams looking at the fraud position across entire life cycles of both digital identity and physical identity interactions. The main aim tended to zero-in on reducing the total cost of fraud - as opposed to eliminating fraud in its entirety. Reducing fraud to zero seems an impossible task - but perhaps accelerating detection (and in turn the cost of response) is the best angle to take. Seems that is the Transmit model, adding in basic risk tools into the IAM tool chain.