“In the past week, we’ve probably all received emails from our credit card companies, banks and other online vendors about our email addresses being stolen as a result of this Epsilon breach,” said Mark L. Kay, StrikeForce Technology’s CEO. “Our GuardedID software, which encrypts keystroke data, is designed to render these types of intrusions irrelevant. We are experiencing a dramatic upswing in the number of calls we are fielding as people become more aware of our current activities and successes in the banking, healthcare and insurance industries.”
ComputerWorld, in an article published April 7, 2011, cites sources indicating that the Epsilon breach came as a result of a well-coordinated phishing “campaign that utilized Win32.BlkIC.IMG, which disabled anti-virus software, a Trojan keylogger called iStealer, which was used to steal passwords, and an administration tool called CyberGate, which is used to gain complete remote control of compromised systems.”
“In the case of Epsilon and RSA, it appears that the intended victims of these ‘spearphishing’ attacks were the employees of these major data protection services themselves,” said George Waller, StrikeForce’s CTO. “If the ‘pros’ can get scammed by the various hacks, then we all can. We need to be proactive to protect ourselves, and demand that our data protection centers and the corporations that use them immediately take steps to protect against keylogging hacks. StrikeForce’s keystroke encryption software, GuardedID® is designed specifically to render keylogger attacks moot.”
An announcement today from Strikeforce Technologies identifies several recent data breaches — including Epsilon, RSA, and Heartland — as instances when hackers used keystroke logging spyware to obtain authentication credentials from unwitting computer users. The company offers a solution called GuardedID that encrypts keystrokes, rendering this type of attack useless to perpetrators.