March 28, 2011 11:04 ET

Cyber-Crime Attacks Reaching a Dangerous Tipping Point

IronKey Recommends Government and Business Adopt New Approaches to Layered IT Security That Address Today's Real Threats

LONDON--(Marketwire - March 28, 2011) - IronKey (, the leader in securing data and online access, today warned governments and businesses across the globe that they must begin to implement a multi-layered approach to IT security that includes protecting users on endpoints.

"In the past 12 months we've witnessed some of the biggest and most damaging cyber-attacks the industry has ever seen," said Kapil Raina, senior product manager at IronKey. "And the recent breach at RSA and resulting opportunity to profit by attacking users on their computers is further evidence that organisations can't overly rely on a single security control, such as one-time password (OTP) authentication. A new approach needs to incorporate methods to isolate users on their computers from these attacks."

In the past year cyber-criminals have utilised a myriad of ever more sophisticated, targeted attacks now categorized including the emergence of Advanced Persistent Threat (APT) -- from Night Dragon attacks on global energy to Stuxnet infiltration into critical infrastructure to the RSA SecurID infrastructure breach -- resulting in an estimated cost to British business alone of over £20 billion a year.* Instead of infiltrating organisations through networks and anonymous attacks, the new threats are targeting users on their computers through social media links and phishing attacks.

The cyber-criminals are using commercial crimeware toolkits that are constantly changing. The most popular Trojan, ZeuS (also known as Zbot), is spawning over 70,000 new variants each year. If cyber-criminals have successfully stolen seed codes from RSA, it is possible that they could combine multiple methods of attack to match this stolen data to real users and proceed to impersonate them. Attacks will be mounted on/against users' computers, not the bank infrastructure. The result: banks would be unable to tell real users from criminals and millions will be lost. The ZeuS toolkit is how a single UK cyber gang stole £30 million and is wreaking havoc to the tune of up to $6 billion in the United States.

"It's time for governments and businesses to evaluate how they are protecting users and infrastructure from these new attacks," said Raina. "The recent APT attack could be the trigger for more severe attacks on intellectual property at major corporations, government agencies and the world's financial systems. Criminals will be emboldened."

Kapil Raina will be in London on 31 March to address an audience of CTOs, CIOs, CISOs and other network and IT security professionals. In his presentation, Cyber-crime: Fighting Online Banking Fraud, he will address the following topics: The growing threat of cyber-crime and its sophistication; Who are the cyber-criminals targeting; Taking steps to fight online banking fraud.

About IronKey

IronKey provides essential security products for mobile and remote workers. IronKey solutions protect remote workers from the threats of data loss, compromise of passwords, and computers infected by malicious software and crimeware. IronKey multi-function devices connect to a computer's USB port and are easy to manage with the IronKey management service. This allows users to securely carry sensitive corporate data, strongly authenticate to VPNs and corporate networks and isolate remote workers from malicious software and crimeware. IronKey customers include Fortune 500 companies, healthcare providers, financial institutions and government agencies around the world.

Notes to editors

* The Office of Cyber Security and Information Assurance (OCSIA) found the cost to British business was even more severe at over £20bn a year.

Protecting Online Banking Customers from Evolving Cyber Crime Threats, a new 20-minute online webcast from IronKey, is aimed at banking executives, commercial online banking customers and enterprises. It explains the latest bank phishing attacks, the ZeuS Trojan and SpyEye, the 'mule' economy and dozens of other topics relevant to understanding and fighting this serious crime wave.

To stay current with the latest news and perspectives on bank phishing, ZeuS Trojan and SpyEye, also visit Dave Jevans' blog, Privacy and Identity Theft.

Contact Information