TruSTAR, a leader in cyber intelligence management, has announced a new partnership with IBM and Rackspace to create the Cloud Fraud Exchange, a unique intelligence sharing initiative designed to make it harder for frauders to replicate attacks across different cloud service providers. Initial findings from this partnership were presented by TruSTAR, Rackspace, and IBM at the Messaging Malware Mobile Anti-Abuse Working Group's (M3AAWG) 44th general meeting in Brooklyn, New York on October 10.
The Cloud Fraud Exchange is unique because it brings together the largest cloud service providers in the country to address the growing threats of fraud and abuse attacks. Typically, an intelligence sharing partnership of this kind is only conceived via government-sanctioned Information Sharing and Analysis Centers (ISACs) or Information Sharing and Analysis Organizations (ISAOs), non-profit organizations that act as a central resource for gathering information on cyber threats and provide a two-way channel for sharing of information. It's unusual for companies that compete with each other to share fraud data in a real-time manner due to concerns about reputational risk to their brands. TruSTAR gives Cloud Fraud Exchange companies data sovereignty through the intelligence platform's Enclave architecture, which uses advanced auto-redaction, data normalization, and security controls to safely enable intelligence exchange.
The purpose of the Cloud Fraud Exchange is to prevent cyber criminals from setting up fraudulent accounts on multiple cloud platforms. Servers hosted via the cloud are the main vehicles fraudsters use to target end-user victims. Fraudsters weaponize cloud resources like infrastructure-as-a-service and AI networks to launch DDOS and phishing attacks. Compromised cloud servers also help obscure the location of bad actors.
"Rackspace and IBM have made the commitment to securely exchange fraud event data via TruSTAR because the reward of sharing outweighs the risk. This exchange is helping these giant cloud providers identify fraudsters faster and reduce response time, translating to millions of dollars saved over time," said Paul Kurtz, co-founder and CEO of TruSTAR.
"We're making it way more expensive for the bad guys to run scams. Now fraudsters have to create entirely new identities, IP addresses, and tactics when they get shut down by one major cloud provider because there's an alliance of people reporting on them," said Chris Godfrey, Fraud Intelligence Lead at TruSTAR.
The Cloud Fraud Exchange has been active since March 2018 and has already facilitated the exchange of tens of thousands of IPs, yielding significant correlations between participants and demonstrating the potential savings of several million dollars in mitigated risk. The group is making plans to expand the types of indicators being shared from just IPs to other indicators like email addresses and device fingerprints. The group expects the correlations across companies will continue to grow and translate to even more savings. Other major cloud service providers are expected to join the Cloud Fraud Exchange in the coming financial quarters.
The Cloud Fraud Exchange has been 12 months in the making and was originally conceived by Rackspace Chief Security Officer Brian Kelly through his work with the Cloud Security Alliance. Since its launch, the program has been championed by Allen Rountree, Executive of the Cloud SOC at IBM Cloud, as well as the Rackspace Fraud and Abuse Team.