Announcing our new Threat Intelligence Unit
Today, we are publicly unveiling one of our latest initiatives we've been keeping under wraps to a select few: the launch of our new Threat Intelligence Unit that has been systematically studying our adversaries, their techniques, and their operations.
While we have actively used this knowledge for the benefit of our customers, we will now be sharing select elements publicly.
Let me explain why we believe it is the right time to start sharing.
Copying ourselves
Building a Threat Intelligence Unit is a natural extension of our activities.
Having come from a cyber security industry, we feel that the community aspect of fraud has been vastly under-invested. The fraud and financial crime community has always been very careful about its communications and acquired knowledge.
This stands in stark contrast to the lively scene in the cyber security domain, where threat intelligence, indicators of compromise, and other data points are published and shared. Most cyber security practitioners proactively bring the criminal activity they uncover to light in order to communicate the risks, and help the broader community to defend itself.
In that light, the way the fraud and fincrime community limits its communication is suboptimal.
Yet it is understandable, and grounded in rational reasons.
Why sharing in fincrime is overdue
All the information we work with is deeply personal and always protected by strict confidentiality protections. Even if the information is used as a part of a 100% confirmed fraud case, we still mostly don’t know whether it has been stolen, modified from one or more identities, or built from scratch. So we need to tread carefully.
This was especially true in the past, when most attacks targeted specific people and businesses—in essence, when most attacks were personal, and therefore very private matters.
This has changed.
As an industry, we no longer face individual fraudsters. They still exist, but their impact is dwarfed by highly scalable attacks committed by professional criminal gangs—which are often willing to market their skills as convenient services online, instead of hiding in the dark underbelly of the web.
Substantially, one need only look back at the endless parade of data leaks of the last few decades to understand that all of our identities have been stolen or compromised in one way or another.
And the existence of online document generators means they can be used for fraud many times over, creating a synthetic ID fraud crisis of nightmarish proportions—one that undermines all the effort put into building cross-checking databases.
Modern fraud is largely automated, committed by professional teams heavy on IT and light on people: Startups who would recognize themselves as criminals. They are “specialists”. Or “document hackers”. Or they “assist you with your lost document recovery”. The odds of getting caught are tiny—and it shows.
How we will conduct threat intelligence
This brazen behavior is why we need to bring their activities to light.
It’s why we are mapping the world of online document fraud production and distribution, using our industry-leading serial fraud detection capabilities as the initial thread that we can pull to unravel whole organized criminal networks.
We will proceed carefully—threading a line between exposing their activities without acting as a marketing vehicle for their services: The last thing we want is to build a Yahoo-like directory of fraud services providers. But we want our customers, partners, and the public at large to be aware of the risks of not checking documents at all (bad) or just checking the content against a database (worse, as dataleaks mean they now just provide a false sense of security).
And we want our own products to provide ever better detection and contextual understanding to our customers’ documents.
As an industry, we are going through a watershed moment.
We must embrace constant iteration and deploy new detection models on a daily basis. We must embrace the fact that we will lose occasionally, and learn from that to build defense-in-depth methodologies that overlap different layers of detections.
And we need to recognize that even the best artificial intelligence can use a healthy dose of threat intelligence to consistently beat the AI techniques used by attackers.
It’s time to share!