Down the Rabbit Hole
It’s a dark world out there. Over top of the “clear net” that everyone knows and loves, there’s the deep web that forms a network overlay of unindexed, “onionized” websites comprising the webwork of Tor relays where anonymity is more easily attained and ISPs have more difficulty ascertaining your activity. A corner of the deep web is made up of the dark web, a hotspot for illicit content exchange — namely the fruits of identity theft.
Now, exploits of this sort are also prolific on the clear net; in fact, it was recently discovered that they take place right on Facebook’s own Craigslist-esque marketplace where users can trade goods and services. Why is this important, one wonders? That’s easy to answer: Malicious coders and fences are all over the Internet, even in plain sight, and they’re frequently assisted with software of one sort or another that can embed itself through unseen connections or “verified” apps on mobile app stores. These bits of software collect information through keylogging and other Machiavellian methods of harvesting sensitive, off-limits credentials.
Of course, the victims of these attacks — often unaware of what’s happening to them at the time — are ordinary people who might work for a third-party company that forms a maintenance, auditing or quality assurance extension of a major manufacturer. Many times, these third parties build their own in-house apps and web portals for logging in and submitting information to the host company who checks it before sending it off to the manufacturer. Meanwhile, malicious software analyzes these connections and data, and if the manipulator so chooses, they can turn their sights to the companies above the infected individual.
Here’s where things get messy. If the manufacturer is particularly large, they’ll likely have a large number of third parties that they use in this manner, each with their own software and employees who use different versions of their own devices. The scale of a single infected field operative expands to show that many tens of thousands, perhaps hundreds of thousands of representatives are potentially interacting with their respective companies or the manufacturer using connections that eventually reach a database. This is where other information that’s ripe for identity theft can often be found.
The Synergy of MFA and SSO
Breaches of this sort are becoming a weekly problem for large-scale manufacturers. Many client data breaches owe to thin-stretched security that opens the way for multiple puncture points in the infrastructure. Traditional security methods are effective but not enough on their own, and as some unfortunate IT crews are figuring out, multifactor authentication (MFA) and SSO aren’t individually potent enough to put a stop to it.
OneLogin did something cool and combined the two tried and true methods together to form an incredible software synergy. Instead of starting all over and reinventing the wheel, it was only necessary to take the choke method of single sign on and combine it with many layers of multifactor authentication to form a unified portal that allows legitimate users to enter adiabatically while frauds and hacks are stopped at the door.
This software mediation service is proving ideal for software developers, IT managers and manufacturers alike to protect their databases from intruders while keeping their clients, employees and executives safe. The advanced single sign on implementation also simplifies the system for users, consolidating access to a single gateway that’s easily defended and even easier to login at. This type of approach is likely to become a major player on the security scene in the years ahead, and it should hopefully tilt the scales in favor of the good guys.