Security Experts:

Connect with us

Hi, what are you looking for?



ThreatMetrix Updates CyberCrime Platform With VPN Detection

ThreatMetrix, a provider of fraud prevention solutions, has released updates to its cybercrime prevention platform, adding new capabilities for detecting VPN use and phishing campaigns, the company said on Tuesday.

ThreatMetrix, a provider of fraud prevention solutions, has released updates to its cybercrime prevention platform, adding new capabilities for detecting VPN use and phishing campaigns, the company said on Tuesday.

The updated version of ThreatMetrix Cybercrime Defender Platform knows when users are trying to connect while on a Virtual Private Network, and can detect phishing using advanced device identification, ThreatMetrix said Tuesday. The platform is designed to be part of a customer’s layered defense and helps protect against account takeovers, fraudulent payments, and spoofed identities, ThreatMetrix said.

ThreatMetrixCyber-criminals are finding several ways to hide their IP addresses, such as by using tunneling protocols, such as a VPN, Alisdair Faulkner, chief products officer at ThreatMetrix, told SecurityWeek. If malware is already on a computer that connects to a corporate VPN, it can also piggy-back on top of that access to other devices connected on the network. Cyber-criminals are also creating their own VPN and tunneling services on top of Amazon and Google hosting platforms, or using commercials VPN services, Faulkner said.

“While there is no silver bullet against cybercrime, ThreatMetrix now provides the most comprehensive solution for differentiating between the good, the bad and the ugly in real-time,” Faulkner explained.

The Cybercrime Defender Platform fingerprints anonymous devices and the connection attributes such as browser and screen resolution to identify fraudsters, even the ones deleting cookies and cloaking IP addresses, Faulkner said. Profiling helps identify suspicious behavior and known high-risk devices at login or at time of transaction, and is also used to recognize good returning customers to that site, Faulkner said.

ThreatMetrix customers can differentiate between a visitor that is infected versus one with malware that is actively targeting that site to steal account information, Faulkner said.

“Organizations no longer need to piece together multiple products from different vendors, thereby reducing implementation times and accelerating time-to-value,” said Faulkner. The platform is cloud-based, easy to deploy, and offer “real-time cybercrime prevention,” Faulkner said.

The Cybercrime Defender Platform doesn’t just block a transaction automatically because the VPN is being used, Faulkner said. Instead, it provides the information in conjunction with other data, such as prior high-risk transactions and use of compromised identities, Faulkner said. The ThreatMetrix platform is able to score risk based on global behavior and transaction context, he said.

Organizations now have a more accurate assessment of whether any given Web request or transaction should be accepted, rejected or held for manual review, the company said. The updated platform will help mitigate corporate account takeover attacks, regardless of whether the use is phished or if the attackers manage to steal account information through phishing, spyware and malware, or plain brute-force cracking of the account passwords.

Threats to banking and financial sites are also well known, and there is an uptick in account takeover attempts on a mass scale, Faulkner said.

Written By

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.