According to Cybersecurity Ventures’ 2019 Cybersecurity Market report, cybercrime will cost the world $6 trillion annually by 2021―representing the greatest transfer of economic wealth in history and more profitable than the global trade of all major illegal drugs combined. The same report finds that cybersecurity spending will exceed $1 trillion from 2017 to 2021. Today’s enterprise IT professionals are clearly on the front lines of a very intense battle, where the losses span monetary, reputational, productivity and IP theft, to mention only a few.
In today’s world, new technologies usher in new tactics used by criminals. They can launch ransom attacks, take over networks, and illegally infiltrate consumer accounts through diverse devices from anywhere in the world. By leveraging camouflage techniques, they can do so anonymously. Tools such as Virtual Private Networks (VPNs), proxy servers, queue networks, and Domain Name Systems (DNSs) allow them to hide their true identities and locations.
The reliance of cyber criminals on these tactics can be key to deciphering crime networks and their activities if businesses take the right approach.
Separate the Bad Guys from the Good Guys
A growing amount of internet traffic is being masked through proxies. For example, online users wanting to surf the web anonymously often use proxies that can provide them with a means to hide their IP address from the rest of the world. By connecting to the internet through proxies, a device’s IP address will not be shown but rather the IP of the proxy server. Whether used intentionally or unintentionally, proxies can significantly throw off a company’s online initiatives.
The expanded availability of low-cost, IP-redirect options that run through geographically distributed hosting facilities have caused a proliferation of proxies. These include anonymizers, VPNs, and Tor services to name a few.
Cyber criminals, in particular, have found the use of proxies to be effective. But, it’s important to remember that not all proxies have malicious intent. VPNs are widely used by legitimate users for diverse purposes and are a popular choice for enhancing security and privacy. Recent data indicates approximately 26 percent of global online users access the internet using a VPN or proxy server.
As a result, stopping all VPN users is not practical. It increases the danger that real customers or employees are mistakenly labeled as crooks. If that is not enough, this method fails to discover the root of cybercrime. In order to mitigate risks and protect real users, companies must find the means to separate the bad guys from the good guys― and one of the tools for accomplishing this is the incorporation of IP-based VPN and proxy data into your platforms and technologies.
Data Accuracy Is Imperative for Fighting Cyber Crimes
By connecting to the internet through proxies, the IP address of the criminal’s device will not be shown accurately, but rather the IP of the proxy server.
The ability to identify if an online user is connected through a proxy and what type of proxy it is enables companies to flag potential criminal activities and set protocols for handling this type of “non-human” traffic differently.
Understanding the type of proxy a visitor is connecting to the internet with, such as anonymous, transparent, corporate, public, education or AOL, can trigger fraud alerts. Responses to the type of proxy can vary depending on what type of proxy it is―for example, an anonymous proxy may warrant a higher fraud score than a corporate one. By identifying connections that obscure the end-user location or those that seek to portray a connection from an “acceptable” city or country can now be easily identified and categorized.
Of course, success depends on data quality. Reliability of information can vary significantly among data sources. But the most accurate proxy data providers not only ensure that information is constantly updated on a daily basis, but that information also originates from excellent sources.
The Advantage of Other IP-Based Data
The analysis of criminal activity can go far beyond proxies. Initially, this may include an assessment of the connection type. For example, a hosting center can be a tool for traffic, not a source. Then traffic originating from it can be examined alongside existing records, such as information stored in a Customer Relationship Management (CRM) database. The same goes for proxy, VPN and queue servers. By evaluating the type of proxy used against the highest quality proxy data, companies can start distinguishing between a reliable VPN and a mechanism that is more suited to suspicious activity.
Beyond connection features, IP geolocation allows companies to run comparisons. For example, in retail, this includes the implementation of smart rules where IP location is automatically checked when there are log-ins from high-risk locations. Alternatively, companies can secure internal networks by tracking speed patterns and identifying suspicious trends, such as people jumping between locations at illogical speed or in illogical order.
After analysis, companies can choose their preferred mode of action. Any suspicious activity that poses a low threat can be flagged for a form of authentication, such as sending an email or SMS that allows the user to confirm their identities. In the meantime, serious threats can be blocked immediately to prevent damage. Alongside reducing false positives, this approach shows consumers that companies are committed to cybercrime prevention.
In order to thrive in the digital world, companies must equip themselves with tools that identify and exploit crooks and cyber criminals to strip them of their anonymity without jeopardizing real users―and this can be accomplished effectively and seamlessly through proxy data and other IP-intelligence factors.