SAN FRANCISCO – Feb. 16, 2016—The newest cybercrime toolkits like Vawtrack, Dyre and Dridex are designed to hijack online banking sessions to steal money. Also known as man-in-the-browser (MITB) attacks, these threats are extremely dangerous because they circumvent even the strongest authentication techniques by hijacking the session after the user has authenticated him or herself.
The team of ethical hackers and cybersecurity auditors at ®buguroo thinks the answer is a next-generation online fraud detection solution that can detect hijacked sessions in real time and stop them before the money leaves the bank.
Today, buguroo —a U.S. startup coming out of Deloitte’s European Security Operations Center (SOC) — launched bugFraud Defense, its next-generation online fraud detection solution, to protect enterprise websites and their customers from known or unknown malware. The solution can stop attacks either pre- or post-login and in real time, including session hijacking and MITB attacks.
One breakthrough advantage is that buguroo's new bugFraud Defense technology is entirely host- and cloud-based and does not require any action by an end-user client in order to be protected, such as installing software or an "agent." The buguroo software is transparent to the user, requires minimal resources and does not degrade the user experience and performance.
"Any online fraud detection solution that still relies on signatures or requires users to take action is based on a failed model," said Pablo de la Riva Ferrezuelo, CTO and founder of buguroo. "Industry research shows that ‘opt-in’ models that require installing client-side software at best get low single digit percentage participation. Study after study shows users expect their service providers to protect them, and they are not willing to help. Period. That's what we do."
buguroo bugFraud Defense is very easy to implement at the Web server level for both development and security teams. It requires only a lightweight modification in regular server content to link online sessions to the cloud-based fraud detection engine. The solution has already proven itself in several competitive evaluations and trials and is currently being rolled out in production implementations to protect tens of millions of end-user customers for its industry-leading multinational clients in banking and other sectors.
buguroo bugFraud Defense is available immediately in the U.S., Europe and Latin America as a standalone product or as part of bugThreats, the company's comprehensive threat intelligence platform, also announced today. The company targets those sectors most commonly attacked by cybercriminals: banking, social networking and e-commerce.
Although a startup in the U.S., buguroo is building on its five-year history in Europe and its proven technology and security operations experience. Originally, the company was a stand-alone unit in Deloitte Spain, and the buguroo team of ethical hackers and cybersecurity analysts worked alongside experts from Deloitte Spain to manage the Deloitte Security Operations Center (SOC) for Europe. In 2015, the 50-employee company was spun off as buguroo and closed a $3.34 million round of angel financing to expand its business internationally and accelerate development of its product roadmap.
buguroo also provides technical services from its highly qualified team of professional security auditors to help clients with malware analysis and remediation, forensics, impact analysis, Dark Web data recovery, botnet takedowns and other advanced techniques.
More information on buguroo bugFraud is available online, or by emailing email@example.com.