UNDERSTANDING THE LATEST CYBER-CRIME TRENDS
What are some of the latest cyber-security threats affecting organizations?
Cyber-crime is a constantly evolving enterprise. Cyber-security threats are becoming more sophisticated, as cyber-criminals refine their methods of intrusion and attack. However, the past year has seen a resurgence in certain types of low-tech cyber-attacks that are nonetheless incredibly effective. Let’s discuss some of these resurgent types of attacks.
Business Email Compromise (BEC) is a type of scam that targets businesses working with foreign customers and suppliers, and/or businesses that regularly perform wire transfer payments. This scam is carried out by fraudsters compromising email accounts through social engineering or computer intrusion techniques to conduct the unauthorized transfer of funds.
BEC attacks take a variety of forms and target companies in many different industries, but the basic aim is the same: to gain access to a company’s network, often through a combination of phishing attacks and malware. This malware is then used to carry out surveillance on the organization and its senior executives. Later, at a time of their choosing, criminals can initiate the scam by sending emails, purportedly from senior executives, to someone in the organization (typically the finance department), and requesting an immediate transfer of funds.
Unfortunately, BEC scams are constantly evolving as fraudsters become more sophisticated and find new ways to carry out these attacks.
In 2019 Business Email Compromise represented $1.78 billion in losses, with $53.4 billion coming specifically from Corporate Data Breaches.
Phishing also remains one of the most effective entry points for cyber-attacks. More than a dozen banks in the US and Canada recently found themselves on the receiving end of a mobile phishing scam that claimed approximately 4,000 victims. In this case, scammers duped victims with messages containing links to phishing pages made to appear like legitimate mobile banking pages.
These fake banking websites were designed to look like the actual mobile versions of the institutional sites. They featured everything from the correct fonts, layouts, and sizes, to authentic links to related pages that users would expect on a banking website, including notices about security and privacy.
Consumers increasingly use mobile banking applications as their primary means to manage their finances, transfer funds, deposit checks, and pay bills. This makes the perfect target for cybercriminals who are starting to exploit these applications as a new attack vector.
Financial loss, reputational damage, time, resources, these types of attacks can create incalculable harm throughout an organization. Banks and other financial institutions have long been in the cross-hairs of scammers and these attacks are just the latest incident in a long line of cybercriminals targeting financial institutions.
What can you do to minimize these types of security threats?
These attack campaigns, whether via BEC or Phishing, are a low-risk/high-reward type of cyber-crime for hackers. This makes them a persistent threat to all businesses, especially financial institutions. There are many steps which can be taken to ensure that sensitive information is kept safe, including the use of strong passwords, the use of a mobile password manager to help keep passwords strong and unique across all of devices and accounts, locking applications when not in use, and signing out of accounts not being used.
The ability to verify a user’s claimed identity through various authentication factors has become crucial for NonStop systems, especially for users that will be logging-on to business-critical applications. Ineffective authentication comes with significant direct and indirect risks, including compliance penalties, data theft, loss of customer trust, and significant loss of revenue. There is an over-reliance on insecure forms of authentication, such as passwords and security questions, this can lead to security gaps that create opportunities for intruders.
By implementing additional security measures, such as strong passwords and the use of multi-factor authentication, users can prevent credentials from being compromised and avoid falling victim to these types of attacks.
Minimize security gaps with Multi-Factor Authentication
Modern authentication methods represent a more robust security structure, and also provide a better user experience when logging into applications. MFA also makes it easier for auditors to get answers to critical compliance questions; providing information such as which users are granted access to which system, and also how the access policy is being reliably enforced. Additionally, some of the modern MFA applications available today also include reporting capabilities, which ensure that compliance standards, such as PCI DSS, are being met.
CSP Authenticator+™ supports numerous authentication factors for NonStop. It provides a RESTful interface that supports multi-factor authenticated logins on NonStop systems. CSP Authenticator+ resides on the NonStop Platform and uses an OSS “bridge” to connect to the RESTful interface of the CSP Authenticator+ web server.
CSP Authenticator+™ Dashboard
CSP Authenticator+ can provide authentication services via Safeguard Authentication SEEP, or Pathway and Non-Pathway servers. Almost any application, including TACL, can now easily support multi-factor authentication (MFA).
Authentication methods such as RADIUS, RSA Cloud, Active Directory and Open LDAP are supported. Additional authentication methods include RSA SecurID, Email, Text Message, and Google Authenticator. You can now enable MFA logins for different applications, making them more secure!
CSP Authenticator+ Key Features:
- Support for various authentication methods
- Browser-based user-friendly interface
- Standardized authentication across platforms
- Configurable for all or selected users
- Support for virtual addressing
For complimentary access to CSP-Wiki®, an extensive repository of NonStop security knowledge and best practices, please visit wiki.cspsecurity.com
We Built the Wiki for NonStop Security ®
The CSP Team