FB pixel

Breaches, breaches everywhere: IAM deals respond to rising identity threats

Delinea makes acquisition and BIO-key scores biometric win
Categories Access Control  |  Biometrics News
Breaches, breaches everywhere: IAM deals respond to rising identity threats
 

Cloud-based biometric privileged access management (PAM) firm Delinea announced in a release it has acquired Iowa-based Fastpath for the latter’s identity governance and administration (IGA), identity access rights and risk management resources. The move comes on the heels of Delinea acquiring Israel-based ID threat detection and response firm Authomize, and will further bolster Delinea’s AI-driven authorization and security capabilities and commitment to industry standard compliance.

In combining the firms’ toolsets, Delinea hopes to address the issue of authorization gaps in decentralized identity schemes by detecting over-privileged and suspicious access and providing automated remediation through smart access controls.

“This strategic acquisition by Delinea heralds a new era in identity security, establishing pioneering standards for PAM in an increasingly digital and interconnected world,” says Art Gilliland, CEO of Delinea. “The addition of Fastpath will empower the Delinea platform to dynamically control authorizations by assessing user risk. This advanced approach is crucial for securing modern, distributed environments across infrastructure, applications, and data.”

The terms of the acquisition, which is pending closing conditions and regulatory review, were not disclosed.

BIO-key signs $1.5M contract extension for retention of services

Netflix, eat your heart out: BIO-key International has issued a release announcing a two-year pre-paid subscription for its biometric customer identification tools, to the tune of $1.5 million. A financial services client secured the deal to continue using the company’s workforce and customer identity and access management (IAM) software infrastructure and biometric ID proofing processes.

The initial engagement between the two parties involved exhaustive testing for BIO-key’s accuracy, scalability and scanner interoperability. Projected growth is built into the fresh subscription deal, with ten percent of the money being reserved for anticipated expansion, and selected payments targeted to milestones.

BIO-key SVP of Strategy and CLO Jim Sullivan says the subscriber “has been a global leader and first mover in deploying biometrics to secure client identity against identity theft and fraud. Since beginning our relationship, they have grown their BIO-key client enrollments to more than 3.5 times their initial count, and are now the largest bank in their country.”

Crowdstrike Global Threat Report identifies new attackers

There is no mystery as to why identity verification and biometric security tools are seeing validation as worthwhile investments; according to the 2024 Crowdstrike Global Threat Report, “significant threat gains in data theft, cloud breaches, and malware-free attacks show that despite advancements in detection technology, adversaries continue to adapt.”

The report says that speed and stealth are key factors enabling fraudsters and other digital criminals, noting a record cybercrime breakout time for 2024. It anticipates an imminent “cyber arms race where AI will amplify the impact for both the security professional and the adversary,” pointing to generative AI used maliciously in software and social engineering, creating a surge in identity-based attacks.

Crowdstrike’s list of 232 total adversaries – including 34 that are newly identified – reads like a Marvel comic, with notorious villains from the worlds of eCrime and international espionage, such as Scattered Spider, Brain Spider, Cascade Panda and Banished Kitten. Major problems include stolen credentials, supply chain attacks and the potential for electoral interference. Cloud environment intrusions are on the rise. Adversaries are exploiting trusted third-party relationships.

Part of an adequate response, according to the report’s recommendations, is making identity protection a must-have. “To counter threats, it is essential to implement phishing-resistant multifactor authentication and extend it to legacy systems and protocols, educate teams on social engineering and implement technology that can detect and correlate threats across identity, endpoint and cloud environments,” it says.

Stolen credentials enable logging in versus hacking in

The IBM X-Force Threat Intelligence Index 2024 affirms that stolen credentials are increasingly the path of least resistance for cybercriminals, noting a 266 percent surge in info stealing malware to collect and exploit valid account data and user identities, and 71 percent year over year increase in volumes of attacks using valid credentials.

The report says the biggest trend is “a pronounced surge in cyberthreats targeting identities. “In this era,” it says, “the focus has shifted towards logging in rather than hacking in, highlighting the relative ease of acquiring credentials compared to exploiting vulnerabilities or executing phishing campaigns. Lack of identity protections was corroborated by IBM X-Force penetration testing data for 2023, which ranked identification and authentication failures as the second most common finding.”

Indeed, valid accounts are not tied with phishing as the top initial access vector for attacks.

The IBM X-Force’s top recommendations for meeting the threat include reducing the risk of credential harvesting attacks by deploying endpoint detection and response (EDR) tools, removing fragmented identity solos, and hardening credential management practices with passkeys.

The full report is available for download here.

Tangerine breach exposes data of nearly a quarter million customers

Mobile telecom provider Tangerine Australia has had a lesson in the advanced capabilities of today’s hackers, reporting a breach that exposed personal information of approximately 232,000 customers stored in a legacy database. The breach happened on Sunday February 18 and was reported to Tangerine on February 22, triggering a security response.

A statement from the company confirms that the exposed data included full names, dates of birth, mobile numbers, email addresses, postal addresses and Tangerine account numbers. There was no disclosure or theft of credit or debit card numbers, driver’s license numbers, banking details or ID documentation details, or passwords.

“We know that the unauthorized disclosure relates to a legacy customer database and has been traced back to the login credentials of a single user engaged by Tangerine on a contract basis,” reads the statement.  It emphasizes that all Tangerine customer accounts are protected with Multi-Factor Authentication (MFA), requiring customers to enter a temporary code texted to their mobile in order to log in.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

New PIA for US Secret Service’s use of facial recognition raises questions

The U.S. Department of Homeland Security (DHS) issued a new Privacy Impact Assessment (PIA) for the U.S. Secret Service’s (USSS)…

 

Report explores efforts to curb environmental risks posed by identity documents

In the past couple of years, the identity industry has been involved in efforts to shift away from the use…

 

Malta opposition party demands minister’s resignation over ID card fraud scandal

Malta’s Green Party, ADPD, has intensified its demands for the resignation of a Maltese government minister following revelations of a…

 

Philippines’ central bank enters arbitration over failed ID card project

After the Philippines’ central bank decided to cancel its contract with identification system company AllCard Inc. (ACI) to produce the…

 

Visa biometrics provider VFS in talks to sell minority stake to Temasek

A significant minority stake of about 20 percent in the Blackstone-owned digital services outsourcing company VFS Global might be sold…

 

UK Virgin Islands launch digital transformation tender

Tourist hotspots Thailand, Sri Lanka, the Seychelles and the Virgin Islands are not just offering beaches and sunshine, they are…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events