SEC Fines Morgan Stanley Smith Barney $35 Million Over Failure to Secure Customer Data
Article Link: https://www.techrepublic.com/article/sec-fines-morgan-stanley-smith-barney-35-million-over-failure-to-secure-customer-data/
- Morgan Stanley Smith Barney (MSSB) has earned itself a $35 million fine from the U.S. government after failing to protect the personally identifiable information (PII) of millions of customers. In a notice posted by the SEC, it was announced that the company consented to the agency’s finding that it violated federal regulations regarding the safeguarding and disposal of customer data.
- Tasked with decommissioning thousands of hard drives and servers with customer data on several occasions, MSSB hired a moving and storage firm with no experience in data destruction and failed to monitor the firm’s work.
- The agency’s investigation found that the moving firm sold thousands of the servers and hard drives, some with customer PII, to a third party. Those devices ultimately were resold on an internet auction site, still with the customer data on them.
Multi-Factor Authentication Fatigue Attacks are on the Rise: How to Defend Against Them
- One of the most popular ways of circumventing MFA is spamming an employee whose credentials have been compromised with MFA authorization requests until they become annoyed and approve the request through their authenticator app. It’s a simple yet effective technique that exploits the human factor and has become known as MFA fatigue.
- While enabling MFA for all accounts is highly encouraged and a best practice, the implementation details matter because attackers are finding ways around it. Organizations need to both train their employees to spot these new attacks and put technical controls in place to lower the potential for MFA abuse.
- Restricting available MFA methods (such as utilizing token or code based, as opposed to push notifications), enforcing rate limits for MFA requests, and detecting location changes for authenticated users can mitigate some of these risks. If some authentication providers don’t offer these controls, customers should ask for them.
How to Protect Your Organization’s Single Sign-On Credentials From Compromise
Article Link: https://www.techrepublic.com/article/how-to-protect-your-organizations-single-sign-on-credentials-from-compromise/
- By allowing the same credentials to access different systems, SSO offers several benefits. These include fewer account credentials targeted for phishing attacks, less time dealing with login attempts, and fewer password resets and other issues for your help desk and IT staff.
- The downside with SSO credentials is they’re greatly desired by cybercriminals who can use them to gain access to a variety of applications and systems. Analyzing the Dark Web, BitSight found that 25% of the companies on the S&P 500 and half of the top 20 most valuable public U.S. companies had at least one SSO credential for sale in 2022.
- Recommendations for securing SSO credentials include utilizing adaptive MFA that looks at contextual information beyond a typical MFA portal and utilizing universal two-factor authentication, such as physical security keys or fobs, to gain system access.
Okta: Credential Stuffing Accounts for 34% of all Login Attempts
Article Link: https://www.bleepingcomputer.com/news/security/okta-credential-stuffing-accounts-for-34-percent-of-all-login-attempts/
- Credential stuffing attacks are when threat actors attempt to use leaked credentials from other sites to gain access to users’ accounts. This type of attack takes advantage of “password recycling,” which is the bad practice of using the same credential pairs (login name and password) across multiple sites.
- Okta reports that the situation has worsened in 2022, as the identity and access management firm has recorded over 10 billion credential stuffing events on its platform in the first 90 days of 2022. This number represents roughly 34% of the overall authentication traffic, which means that one-third of all attempts are malicious and fraudulent.
- Okta Report: https://auth0.com/blog/top-insights-from-our-2022-state-of-secure-identity-report/
Microsoft 365 Phishing Attacks Impersonate U.S. Govt Agencies
Article Link: https://www.bleepingcomputer.com/news/security/microsoft-365-phishing-attacks-impersonate-us-govt-agencies/
- An ongoing phishing campaign targeting U.S. government contractors has expanded its operation to push higher-quality lures and better-crafted documents. The lure in these phishing emails is a request for bids for lucrative government projects, taking them to phishing pages that are clones of legitimate federal agency portals, such as the Department of Transportation and Department of Commerce.
- Building upon what they have previously achieved, the phishing actors behind this campaign have implemented careful formatting revisions to increase their phish success rates.
- If unsure about a specific project, try searching the URLs online, as many of these long-lasting campaigns have published indicators of compromise confirming their fraudulent nature.
US to Award $1B to State, Local, and Territorial Governments to Improve Cyber Resilience
Article Link: https://www.helpnetsecurity.com/2022/09/21/us-grants-cyber-resilience/
- The US government will award $1 billion in grants to help state, local, and territorial (SLT) governments address cybersecurity risks, strengthen the cybersecurity of their critical infrastructure, and ensure cyber resilience against persistent cyber threats.
- The grantees don’t have to adopt a specific cybersecurity framework, but their plan must include how they aim to implement the following best practices: Multi-factor authentication, enhanced logging, data encryption for data at rest and in transit, end use of unsupported/end of life software and hardware that are accessible from the Internet, prohibition use of known/fixed/default passwords and credentials, the ability to reconstitute systems (backups), and migration to the .gov internet domain.
- More information from CISA: https://www.cisa.gov/cybergrants
Cyber Risk and CFOs: Over-Confidence is Costly
Article Link: https://www.kroll.com/en/insights/publications/cyber/cyber-risk-and-cfos
- Chief Financial Officers are highly confident in their companies’ abilities to ward off cyber security incidents, despite being somewhat unaware of the cyber vulnerabilities their business faces, according to a survey of 180 CFOs. Almost 87% of the surveyed executives expressed this confidence, yet 61% of them had suffered at least three significant cyber incidents in the previous 18 months. The price tag on these incidents was between $10 million and $25 million for about one-third of companies who suffered a significant security incident, and more than $25 million for almost 16% of the companies.
- Moreover, the CFOs admitted to being out of the loop: 6 out of 10 were not regularly briefed by the cyber team, and nearly 4 out of 10 had never received such an update
- As cyber security takes on more importance for a company—impacting operations, revenue and costs, reputation, and company value—so does the financial risk of cyberattacks. Judging by the survey results, CFOs are out of the loop when it comes to cyber planning.
Domain Shadowing Becoming More Popular Among Cybercriminals
Article Link: https://www.bleepingcomputer.com/news/security/domain-shadowing-becoming-more-popular-among-cybercriminals/
- Domain shadowing is a subcategory of DNS hijacking, where threat actors compromise the DNS of a legitimate domain to host their own subdomains for use in malicious activity but do not modify the legitimate DNS entries that already exist.
- Threat analysts at Palo Alto Networks (Unit 42) discovered that the phenomenon of “domain shadowing” might be more prevalent than previously thought, uncovering 12,197 cases while scanning the web between April and June 2022.
- Essentially, subdomain phishing pages are hosted on domains with good reputations, gaining the trust of victims. The true URL is unrelated to the genuine domain but isn’t flagged by browsers.
- Unit 42 Report: https://unit42.paloaltonetworks.com/domain-shadowing/
