By Steve Ryan, CEO & Co-Founder, Trinity Cyber, Inc.
With Christmas fast approaching, everyone is online seeking that perfect gift and tracking deliverymen like NORAD tracks Santa Claus. The flurry of activity and money is irresistible to cyber criminals. But this year, Trinity Cyber is turning the tables and preventing costly hacks with next-level technology that no one else can deliver, literally. Just this week, we stopped a hack that is leaving the security field buzzing.
One of our researchers here at Trinity Cyber, Eddie, wasn’t online shopping for the perfect gift. He was hard at work searching for a new set of security cameras for our expanded offices. The site he was browsing was encrypted. The little lock icon assured him of it. Secure, right? Hardly. Little did he know, the site he was visiting had been hacked to deliver a piece of code that would try and steal his credit card information, stored logins, and passwords, and send them right into the hands of the hacker. Making matters worse, there isn’t anything on the market he could have used to protect his sensitive information from this clever piece of malicious code. He wasn’t personally hacked, and his computer was completely up to date. The threat came silently through his web browser.
Sadly, around this time of year, many victims fall prey to similar skimming attacks – oblivious that their stolen information is about to be used by someone else.
While browsing, the website was delivering an extra present, and the operators of the website didn’t know they were dishing it out. They weren’t aware they had been hacked. The code the hacker installed was designed to blend in, sailing silently past network and endpoint defenses, and right back to every browser that visited the site. Once there, it commanded unsuspecting shoppers’ web browsers to copy credit card information, usernames, and even passwords, and send them to another website whose sole purpose was to receive delivery of that stolen data.
When we browse websites, it’s all too common for legitimate, non-malicious code like this (called JavaScript) to be present. Indeed, it’s what makes some websites stand out from others – making them cooler feeling or easier to navigate. There are security checks that can be put in place to ensure that the code isn’t malicious, but these checks look for specific characteristics or features in the code to accurately block it, and to distinguish it from legitimate traffic that makes the website unusable. In other words, most security checks are rudimentary tools.
Trinity Cyber is different. In this week’s case, the hacker had obfuscated his code using pretty sophisticated methods, hidden in the disguise of a Google Analytics script. While I can’t go into specific details, I can say it was complex and not something a web browser or existing security platform would be able to detect, let alone decode.
If our shopper wasn’t behind Trinity Cyber, one of only two things could have happened: Either this “skimmer” would have stolen Eddie’s credit card information or credentials, or if enough people had already been victimized, the site would have been unavailable; having been blacklisted and blocked by browsers, firewalls, or network providers. That helps the next guy, but doesn’t do much for poor Eddie or the online business. No amount of patching, training, or compliance would change that. Eddie didn’t fall for any tricks, nor was he browsing an illegitimate site. The hacker’s software is undetectable in its delivery to your browser and it operates in the background and steals your information.
However, this was not to be the case this week, thanks to Trinity Cyber’s Proactive Threat InterferenceÒ (PTI). Trinity Cyber has the only solution on the market that can not only inspect Eddie’s entire Internet experience for the presence of encoded malicious software, but also, with a surgeon’s precision and accuracy, remove the malicious code in flight—in the Internet. Eddie wasn’t a victim yesterday. Indeed, Eddie didn’t even know any of this was happening until our Security Operations Center informed us all. Without giving too much away, PTI was able to recognize the structure behind the obfuscation of the hacker’s JavaScript, not specific characteristics or features in the code. This enabled us to identify it as malicious. You see, no matter what functionality the hacker was trying to hide (in this case, credit card skimming and account scraping), PTI is able to detect it and remove it in flight. No one else does that – no one.
While so many security offerings rely on after-the-fact alerts and incident response, Trinity Cyber stages every Internet connection – many thousands of them in a blink of an eye – so that the entire experience can be inspected all at once. It’s the only way to spot things like scrambled piggy back code, the likes of which would have victimized poor Eddie. At Trinity Cyber, we take it one step further: we’re not generating an alert about something that has happened, or even that is happening. From malicious code being downloaded to your web browser or attached to that cute cat picture, to intercepting commands from a hacker to ransom your files, Trinity Cyber removes the threat. Silently. Not only does PTI operate so fast that its processing is imperceptible to users, it’s unnoticeable to the hacker – there’s no point in giving him any information to make it easier next time.
In a time when the amount of money being spent on cybersecurity is more than the gross domestic product of some countries, why is the problem getting worse? The answer: because the solutions are reactive.
Trinity Cyber is turning that around. The only way to truly establish a preventive posture against these hacks is to stage and examine every internet session, in flight, all at once, and take specific action. And we’re the only ones doing that!
It’s the only way to see when there is something that doesn’t belong. And then, and only then, can you have a chance of truly changing the outcome. True prevention -- just in time for the holidays.
Contact Trinity Cyber for a demonstration of Proactive Threat Interference®. We are active, adaptive, and invisible.