'GoldPickaxe' malware steals facial recognition data, likely because banks and government agencies are adopting biometric scans.
=> Identity biometrics are just 0 and 1, and criminals know it.
=> What's worse? Once stolen, they can't be changed.
https://lnkd.in/eCVbjQNE
With no way to validate identity from users' biometric, financial systems are massively exposed to identity theft fraud.
=> Biometric authentication are handy PIN code replacement but not more secure. Why? Because your fingerprints, your face, and your voice are not secrets.
=> Biometrics are increasingly being scraped, stored, and analyzed by threat actors.
=> By exploiting IP cameras' video databases, hackers can gather bits of iris and fingerprint and "with enough repetition, compute power, and time, they can potentially crack a person’s full biometrics."
=> "Biometric data is useful for in-person authentication, and really dangerous for remote authentication". Biometric data are like a complex key. Once transmitted, users aren’t authenticating the actual biometric, they are verifying something that looks a lot like a password.
our financial system is built in a lot of assumed-but-not-verified trust.will continue to be exacerbated by technologies like deep fakes as long as our banking institutions trust transmitted copies of a biometric.”
Cybersecurity has historically failed because of a massive gap at the start of access processes which allows employees to use their own passwords or identities for their single access or other applications, with companies having no control over their credentials.
=> This gap explains why 95% of breaches are criminals logging in with employees’ passwords and identities, obtained through phishing, AI or social engineering, effectively rendering all cybersecurity investments useless.
=> Mycena's revolutionary encrypted access management technology fills this massive gap by enabling businesses to generate and distribute encrypted passwords for all systems to their employees, so they never know them, eliminating the root cause of 95% of cyber breaches, stopping supply-chain attacks and preventing ransomware
=> Filling this massive gap in their access process generate huge benefits for companies, including cyber-resilience (stop 95% of breaches from happening), risk mitigation (companies control passwords, not employees), cost savings (no password reset or password training), employee peace of mind (no need to remember passwords, no risk of getting password phished, humans not a vulnerability).
We are glad to announce that MyCena Desk Center is now available for purchase on AWS Marketplace https://lnkd.in/dwWDGXYY
An Apple employee told Business Insider that hackers have offered Apple staff as much as €20,000 (£16,000) for their passwords.
Employee password knowledge is responsible, whether intentionally or unintentionally, for 95% of breaches.
The solution? Encrypt your access so employees dont know their passwords. That stops 95% of breaches
"BT on Wednesday announced that it has clocked 46 million signals of potential cyberattacks every day, and more than 530 signals detected every second."
"BT said the most targeted industries in the past 12 months are IT, defence, banking and insurance – with 19.7 percent of malware sightings being directed towards these high-stakes targets."
"The retail, hospitality and education sectors are also at high risk, accounting for 14.9 percent of malware sightings in the past 12 months"
"small businesses, start-ups and charities are also finding themselves in the firing line; approximately 785,000 cyber-crimes were found across UK charities in the last 12 months"
"every 30 seconds, cyber criminals scan any device connected to the internet looking for weaknesses, using automation and machine learning to identify vulnerabilities in business defences – the digital equivalent of a burglar looking for an open window."
In a recent interview with SafetyDetectives, Julia O’Toole, CEO of MyCena Security Solutions, discussed her journey and the founding motivation behind her innovative approach to password security. O’Toole’s personal struggle with password management led her to develop a breakthrough technology inspired by ancient security practices. MyCena offers SEAM solutions, which empower companies to manage encrypted passwords like keys, eliminating the need for employees to know any passwords. O’Toole also addressed alarming cybersecurity trends, the hidden impacts of breaches, and how the “Zero Trust” philosophy aligns with the future of password security. She emphasized the importance of adapting to remote work challenges through advanced security measures like those offered by MyCena.
For decades I had password nightmares and could find a way to solve my problem. The solutions on the market such as password books or password managers were all unsafe, because they all had single points of failure. If you lose your book, or lost your master password, you would have lost all of the keys to your digital life. After years of research in mathematics, neuroscience and technology, it was a travel back in time that triggered the solution.
I was wandering among the ruins of the 3,000-year-old ancient Greek city of Mycenae, when I observed how the ancient Mycenaeans had used the city’s architecture to protect their assets. Having built concentric walls around the city, you had to pass a first gate, called the Lions’ Gate to enter the city, then a second to access the garrison, then a third to access the king’s palace. There I had an epiphany: “A password is just a key. No one cuts their keys to get home. We take the right key to open the right door. In the same way, no one needs to know any passwords, you just need to use the right password for each account.”
Inspired by the security of the ancient city of Mycenae, we devised the Method of Access of Structured Stored Data and developed a state-of-the-art technology that facilitates the management of encrypted keys. It allows companies to easily generate and distribute highly secure encrypted passwords for each system in real time to employees, who then use them like keys. Consequently, employees never know any passwords and yet can open every digital door.
MyCena provides SEAM (Segmented Encrypted Access Management) solutions. From a console and without infrastructure change, companies can manage and distribute encrypted passwords for each system to users, who use them like keys. Companies can also monitor who has accessed what and when in real time from the console.
The most alarming trend is employees knowing company passwords. It is responsible for 95% of breaches. Today, most organisations let their employees create their own passwords to access their systems and data. This is like letting their employees bring their own keys to access the office or factories. As passwords can be shared, stolen, sold, reused, social engineered, this is a 10/10 in the CVSS scoring system. All it takes is for a criminal to log in using a compromised password or identity, and all cybersecurity investments are rendered useless. That explains why billions of dollars are spent on cybersecurity, yet companies continue to get breeched.
Another very alarming trend is using people’s identity for access. Identities are unique. Each person’s face, voice, fingerprint cannot be changed. Biometrics are just data, which is a series of zeros and ones. That means one stolen, the damage is irreversible, and the person is digitally dead, and their identity can indefinitely be used to commit fraud without them knowing. Biometrics are also not secret information, as voices and faces can be retrieved from photos, videos and recordings and thanks to AI, easily reused to make deep fakes.
Another alarming trend is password training. No matter how trained you are, if you create and know the password, criminals can steal it from you and use it to login. With 2FA being so easy to steal, the combination of password training and 2FA are very weak protection and create a false sense of security. To avoid such risks, employees should not be creating their company access or knowing them.
A password-related security breach is similar to someone stealing the key to a site. If the criminal finds a privileged access that gives command and control of part of the whole network, this can lead to business interruption, ransomware, data loss, identity theft, espionage, lawsuits, class-actions, repair and recovery costs, reputation loss and even bankruptcy.
Beyond the operational costs, the impact down the road, sometimes years after the breach, can be prosecution of directors and officers that can lead to hefty fines and prison.
Once in the network, criminals can also leave backdoors so they can come back for another round later.
“ Zero Trust” is a buzzword, but the philosophy of not trusting people, because people make mistakes, is a sound. Mistakes are exactly what Segmented Encrypted Access Management prevent. By ensuring people don’t know the passwords of their organisation, they can no longer make mistakes. This is the future of password security.
With the rise of remote work, the surface of attack for criminals has expanded and they can more easily target people in their own home. As people often use the same or similar passwords for personal and work accounts, one phished or social engineered password from any personal or professional account can be used to access the company network and vice-versa.
Companies can adapt very quickly by making sure their employees never create or know their passwords. As there is no infrastructure change required, MyCena SEAM (Segmented Encrypted Access Management) solutions can be implemented for all their access ( RDP, SSH, web apps, local apps, IAM, PAM, SSO, legacy systems…). That puts an end to password phishing, reuse, sharing, writing, browser-in-browser or MiTM attacks, and stops 95% of breaches before they can happen.
Companies can also use the IP restriction and device restriction features on MyCena to make sure employees can only access their company applications and data from certain locations using only authorised devices and prevent them from saving company passwords in their browser.