November 10, 2020
Good morning, everyone!
|This week’s critical vulnerabilities:
Patch all the things!!
Business Email Compromise still causes the highest out-of-pocket losses incurred from any class of cybercrime
Recent convictions of two cyber criminals in New Jersey bring this subject to the forefront of discussion once again:
According to the conviction, one corporate victim was found to have transferred approximately $3.8 million dollars into the bogus bank account after receiving a seemingly legitimate email from the company’s vendor, bearing the name and domain of an actual employee. The email stated that the vendor’s typical beneficiary bank had ‘been placed on hold indefinitely due to an impromptu auditing.’ Therefore, the corporate victim was directed to transfer the balance of any accounts receivable from the typical bank to a bank account that was controlled by Mr. Espaillat and his co-conspirators.
What’s the best defense against this type of fraud?
PICK UP THE PHONE!
It’s that simple. Have a policy that no bank account changes are made based on email alone; voice verification (or some other form of secondary authorization) is required. Train your employees in this policy. Enforce this policy.
Secure your Operational Technology (OT) devices against attack
What are "Operational Technology" devices? Wikipedia says OT is "hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events. The term has become established to demonstrate the technological and functional differences between traditional IT systems and Industrial Control Systems environment." Examples of OT include SCADA systems, building automation systems, "smart" systems that control lights, irrigation, safety monitoring systems, robotics, etc.
According to this article, a recent survey shows that cyber criminals are shifting their attacks from IT resources to OT resources:
67% of respondents seeing a shift in tactics cybercriminals are employing to launch cyberattacks…. most of the shift in tactics is focused on stealing credentials that provide access to OT systems. With more IT staff working from home, he said, cybercriminals are launching attacks intended to capture passwords for OT systems that IT personnel are now remotely logging into to manage.
Yet another side effect of the COVID pandemic. What’s the answer?
Back to Basics!
- use secure (encrypted) solutions for remote access
- require two-factor authentication (2FA) for all remote access
- segment your networks! VLANS, DMZs, sandboxing – there are a variety of ways to keep your OT network(s) separate from your IT network(s)
Protect yourself from a Man-in-the-Middle (MitM) Attack
What’s that? you may be thinking. A MitM attack is when a cybercriminal positions himself between your device and the Internet resource your are attempting to access. There are basically two types, snooping and spoofing.
In a simple snooping attack, the MitM intercepts traffic in order to gain valuable information – for example, your login credentials to a website you are accessing on an unencrypted connection (or a compromised connection).
In a spoofing attack, the MitM pretends to be each party to the other, and may actually alter the transaction. For example, if a MitM gets in between you and your bank, he will present a login screen to you that looks exactly like your bank, he gets your login credentials and then logs into the bank for you. When you direct “your bank” (actually the MitM server) to transfer money from checking to savings, for example, the MitM actually changes the transaction to transfer from YOUR checking to HIS savings!
How do you protect yourself against this type of attack?
Back to Basics! Again. I know I keep repeating myself, but honestly the absolute best ways to protect yourself from virtually any online attack are neither difficult nor expensive:
- Keep software up to date (patch early, patch often!)
- Use trusted, encrypted connections
- Use 2FA whenever it’s available
- Avoid public wifi (your cellular connection is safer)
- Use a VPN for remote access when necessary
You can read more about MitM attacks in this article.
As always, I could talk a lot more about this stuff! Come back next week for the next installment. :)
- December 3: Ethical Duties: Practical Strategies for Safeguarding Client Information (1 hr ethics CLE)
December 10: Ethical Duties: How Technology is Undermining Attorney-Client Confidentiality (1 hr ethics CLE)
- December 15: "An Introduction to Preparing for the CMMC
Security Awareness Training Goes Virtual
Thanks to COVID-19, lots of things are going virtual, and that includes my employee Security Awareness Training. I've set up a small studio in our conference room (nobody there but me) so I can provide live training (almost) just like before! You can see me wave my hands and make faces while a wall of fascinating facts and practical tips slideshow across your screens, wherever you and your employees may be.
Contact me to schedule your employee training sessions. They're fun! ☺