By Rudra Srinivas, Senior Feature Writer, CISO MAG

What’s a SIM Swapping Attack?

A SIM Swapping attack is one of the simplest ways cybercriminals bypass users’ 2FA protection. In a SIM swap attack, the attacker calls service providers and tricks them into changing a victim’s phone number to an attacker-controlled SIM card. This allows the attacker to reset passwords and access victims’ sensitive data.

How to Prevent SIM Swapping Attacks

The FBI recommended users follow certain security precautions to avoid SIM swapping threats. These include:

• Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums.
• Do not provide your mobile number account information over the phone to representatives who request your account password or pin. Verify the call by dialing the customer service line of your mobile carrier.
• Avoid posting personal information online, such as mobile phone numbers, addresses, or other personally-identifying information.
• Use a variety of unique passwords to access online accounts.
• Be aware of any changes in SMS-based connectivity.
• Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.
• Do not store passwords, usernames, or other information for easy login on mobile device applications.

Precautions for Mobile Carriers

• Educate employees and conduct training sessions on SIM swapping.
• Carefully inspect incoming email addresses containing official correspondence for slight changes that make fraudulent addresses appear legitimate and resemble actual clients’ names.
• Set strict security protocols enabling employees to effectively verify customer credentials before changing their numbers to a new device.
• Authenticate calls from the third-party authorized retailers requesting customer information.

Victim Reporting

If you suspect that you are a victim of SIM swapping:

• Contact your mobile carrier immediately to regain control of your phone number.
• Access your online accounts and change your passwords.
• Contact your financial institutions to place an alert on your accounts for suspicious login attempts and/or transactions.
• Report information concerning all suspicious activity to your local law enforcement agency or your local FBI field office (contact information can be found at www.fbi.gov/contact-us/field-offices.)
• Report the activity to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

The post FBI Issues a Lookout for SIM Swapping Attacks appeared first on CISO MAG | Cyber Security Magazine.

Senior Lecturer in Cyberpsychology at Nottingham Trent University Dr. Lee Hadlington, who’s research interests include employees’ adherence to workplace cybersecurity practices, said it makes sense that people’s sudden shift to telecommuting increased their anxieties about online threats.

“It is not surprising that individuals have started to worry more about cyber security, particularly when working from home. Many individuals were thrust into the ‘new normal’ of home working with very little preparation, training, or equipment. Let’s not forget, for most individuals in a workplace environment, cybersecurity is generally a second thought, and is usually something that is seen as the responsibility of someone else in the company. This, coupled with the fact that many home workers have less than perfect home working environments (e.g. desks in busy parts of the house, limited/poor internet connection, limited working knowledge of internet-based technology), means that these cyber security fears could be symptomatic of a combination of factors,” he said.

Also Read: How to Secure Your Home Wi-Fi Network

While worries about online security and privacy were prevalent among all survey respondents, remote workers reported elevated concerns about a myriad of issues, including:

• 65% of those who work from home said the internet is becoming a more dangerous place, compared to 54% of other respondents.
• 63% of remote workers said concerns about data privacy have changed how they use the internet, compared to 48% of other respondents.
• 71% of remote workers said they worry that new internet connected devices—such as wearables and connected home appliances—could lead to a violation of their privacy, compared to 64% of non-remote workers.
• 70% of remote workers felt increasingly uncomfortable connecting to public WiFi due to security risks compared to 63% of other respondents.

“Working from home could also have meant that individuals may have had more time to focus on other aspects of their working life and spent more time engaging in self-reflection and aspects of self-improvement; this could have included a re-assessment of cyber risks in their daily lives. The pandemic also meant people were isolated, with many turned to the one thing they did have access to – the Internet. Of course, spending more time engaged in one activity could lead to an increase in perceptions of risk, particularly when people are being subjected to negative news stories about cybersecurity related issues,” Dr. Hadlington explained.

According to F-Secure Security Consultant Tom Gaffney, managing security while working remotely takes technical security measures that protect data and devices, but also steps to keep people’s personal and professional lives separate.

“Steps everyone can take to secure themselves and their privacy when they work from home include updating their devices and software, ensuring their personal devices have security software installed, and some other basic infosec measures,” said Gaffney. “But keeping your personal and professional online activities separate from one another may be as important as any of these tips. Restricting what sort of things you do on each device and during which times can be an essential way to ease digital anxiety.”

The post How Remote Work Increase Digital Anxiety appeared first on CISO MAG | Cyber Security Magazine.

There are numerous examples of publicly recorded incidents showing the cost to rebuild as significantly more than the ransom requested. Over the last few years, the cost of remediation has increased from $0.78 million in 2020 to $1.85 million in 2021. With 54% of attacks succeeding in encrypting data and only 65% of that data being restored on average, CEOs and business leaders need to weigh up the cost of downtime and the impact on their business. But even if the ransom is paid, there is no guarantee that a decryptor will be forthcoming or that, if provided, it will even work.

This February, CISOs and cybersecurity experts from across Europe will gather in London on the 22 – 23 February to share lessons learned and benchmark resilience and business continuity planning at the Ransomware Resilience Summit Europe, enabling you to better protect your businesses from attack.

Join PaloAlto alongside Paul Haywood, Global CISO at BUPA; Munawar Valiji CISO of Trainline, Erez Liebermann, Partner and Co-Chair of US Data solutions at Linklaters, and Katherine Demidecka, Strategic Consultant from Mandiant as they highlight the importance of an effective response plan and how you can effectively determine roles and responsibilities during an attack.

Over the two days, you’ll focus on how to prevent, detect, respond, and recover from ransomware attacks, with first-hand encounters from Graeme King, Cyber Managing Director of Volante Global alongside interactive discussions and experience sharing with Sanne Group, The Cyber Resilience Centre and Scottish Power Offshore Renewables.

Are you a CISO or cybersecurity expert looking to share your experiences and knowledge with others? Get in contact with Simon today to find out how you can join the discussion at simon.sahadevan@kisacoresearch.com

Join us this 22 – 23 February in London. Find out more today.

Use your exclusive discount code CISOMAG10 for 10% off.

Based in the USA? Check out our Washington D.C. event instead.

The post Ransomware: To Pay or Not to Pay? appeared first on CISO MAG | Cyber Security Magazine.

Based in Taiwan, QNAP is a manufacturer of NAS devices. QNAP researchers recommended that all QNAP NAS consumers follow the security setting instructions and update their products to prevent unauthorized intrusions.

How to check whether your NAS is exposed to the Internet

The researchers stated that the NAS devices are prone to various cyberthreats if they are exposed to the Internet. To check whether your NAS device is exposed to the Internet:

• Open the Security Counselor on your QNAP NAS.
• Your NAS is exposed to the Internet and at high risk, if it shows “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP” on the dashboard.”

QNAP suggested the below security instructions for NAS security:

1. Disable the Port Forwarding function of the router

Go to your router’s management interface, check the Virtual Server, NAT, or Port Forwarding settings, and disable the NAS management service port (port 8080 and 443 by default).

2. Disable the UPnP function of the QNAP NAS

Go to myQNAPcloud on the QTS menu, click the “Auto Router Configuration,” and unselect “Enable UPnP Port forwarding.”

NAS Devices Under Attack!

This is not the first that QNAP NAS devices have been under attack. Earlier, QNAP released a security advisory warning its users about a new cryptomining malware targeting its network-attached storage (NAS) devices. A NAS device is an internet-connected storage device that allows data storage and retrieval from a central location for authorized network users and clients. Once the malware infects a NAS device, the CPU usage becomes unusually high, where a process named “oom_reaper” could occupy around 50% of the total CPU usage. QNAP stated the infection could be removed by rebooting the affected devices. Read More Here…

The post Researchers Found New Ransomware DeadBolt Targeting NAS Servers appeared first on CISO MAG | Cyber Security Magazine.

The agency opined that the growing sophisticated cyber threats could not be mitigated with the conventional perimeter-based defenses. Citing Log4j vulnerability as the latest evidence, OMB stated that adversaries continue to find new gateways to penetrate the targeted systems.

The Zero-Trust Security Model 

A zero-trust security model is a process of designing a cybersecurity architecture based on the “never trust, always verify” concept. OMB stated the zero-trust strategy allows organizations to detect, isolate, and respond to different types of cyber risks. It will serve as a roadmap for shifting the Federal government to a new cybersecurity model.

OMB’s new federal zero-trust strategy envisions a Federal government where:

• The federal staff has enterprise-managed accounts, allowing them to access everything they need to do their job while remaining protected from even targeted, sophisticated phishing attacks.
• The devices that Federal staff use to do their jobs are consistently tracked and monitored, and the security posture of those devices is taken into account when granting access to internal resources.
• Agency systems are isolated, and the network traffic flowing between and within them is reliably encrypted.
• Enterprise applications are tested internally and externally and can be made available to staff securely over the internet.
• National security and data teams work together to develop data categories and security rules to automatically detect and ultimately block unauthorized access to sensitive information.

Also Read: Step Up Cybersecurity! White House Warns About Rising Ransomware Attacks

“In the face of increasingly sophisticated cyber threats, the Administration is taking decisive action to bolster the Federal government’s cyber defenses. This zero-trust strategy is about ensuring the Federal Government leads by example, and it marks another key milestone in our efforts to repel attacks from those who would do the U.S. harm,” said Acting OMB Director Shalanda Young.

“Security is the cornerstone of our efforts to build exceptional digital experiences for the American public. Federal agency CIOs and IT leaders are leaning into this challenge, and the zero trust strategy provides a clear roadmap for deploying technology that is secure by design and responsive to the needs of our workforce so they can better deliver for the American public,” said Federal Chief Information Officer Clare Martorana.

The post U.S. Government to Adopt The Zero-Trust Security Model appeared first on CISO MAG | Cyber Security Magazine.

The research, State of CCPA Compliance: Q1 2022, report found that 44% of organizations did not provide any mechanism for consumers to exercise their data rights, disconnecting themselves in compliance. Most organizations failed to implement CCPA regulations despite stating they needed to comply.

What is California Consumer Privacy Act?

The California Consumer Privacy Act (CCPA) was passed in 2018 and took effect on January 1, 2020. The Act gives California citizens data and privacy rights regarding how organizations use their data. Under the CCPA, users have the right to:

• Know what personal information is being collected.
• Know whether their data is being traded.
• Say “No” to the sale of their information.
• Request an organization to delete their sensitive data.
• Not be victimized for exercising their privacy rights .

Organizations that fail to meet compliance with the CCPA may attract a penalty ranging between $2,500 to $7,500, based on the data violation type.

Companies Being Non-Compliant to CCPA

The research found that 45% relied on inefficient and costly manual processes such as email and web forms for submitting and responding to data requests. Less than 11% of companies use DSAR management automation solutions. Only 15.6% of companies in California had a DSAR management automation solution, and 59.3% of them used manual processes.

The research surveyed over 5,175 U.S. companies with revenues ranging from $25 million to more than $5 billion.

Also Read: California Consumer Privacy Act Puts Additional Pressure on Financial Organizations

“The findings of our research show that companies are woefully unprepared for CCPA compliance, especially when it comes to enabling and responding to consumers’ data privacy rights. An overwhelming majority manually responds to data requests, with only a small number implementing DSAR management automation solutions. The reliance on manual processes exposes them to high DSAR compliance costs, long response times, errors that will erode consumer trust, and non-compliance actions by the California Privacy Protection Agency (CPPA),” said Vijay Basani, founder and CEO of CYTRIO.

Other Key Findings:

• Although B2C companies collect more consumer data, there was no statistically significant difference in the number deploying DSAR management automation solutions compared with B2B companies (11.3% for B2C vs. 10.3% for B2B)
• Large companies (with more than 10,000 workers) were more likely to have a commercial DSAR management automation solution. Over 60% did so with the increasing number of DSARs and streamlining related costs as potential reasons.
• Highly-regulated industries lagged in commercial solution deployment, including health care, financial services, and insurance.
• There is a strong correlation between revenue and deploying a DSAR management automation solution. High revenue earners (companies over $100 million) were more likely to have an automated solution, with companies over $5 billion in revenues especially eager.

“Overall, the survey results show that more needs to be done for CCPA compliance, and many lack the right resources and tools to meet the requirements. The prevalent reliance on manual processes and the inability to address DSAR may increase the risks of a company’s operations and shows we have more work to do in building awareness,” said Darshan Joshi, Chief Technology Officer at CYTRIO.

The post 89% of Organizations Are Non-compliant With CCPA Law appeared first on CISO MAG | Cyber Security Magazine.

“Critical services for Canadians through @GAC_Corporate are currently functioning. Some access to the Internet and internet-based services are not available as part of the mitigation measures, and work is underway to restore them. There is no indication that other departments have been impacted by this incident. There are systems and tools in place to monitor, detect, and investigate potential threats, and to take active measures to address and neutralize them when they occur,” said a statement from Canada’s Treasury Board

Investigation is Ongoing

While the officials did not mention the attackers behind the security incident, the security officials stated that a probe had been initiated to find the details.

Also Read: Canada Revenue Agency Shut Down Services after Cyberattacks

“This investigation is ongoing. We are unable to comment further on any specific details for operational reasons. Our cyber defense and incident response teams work 24/7 to identify compromises and potential alert victims within the GC and Canadian critical infrastructure. The incident response team offers advice and support to contain the threat and mitigate any potential harm,” the statement added.

Canada’s Cybersecurity Guidance

The cyberattack news comes immediately after the Canadian Centre for Cybersecurity warned critical infrastructure operators to raise awareness and take mitigations against known Russian state-sponsored hackers.

The Cyber Centre urged Canadian critical infrastructure network defenders to:

• Be prepared to isolate critical infrastructure components and services from the internet and corporate/internal networks if those components would be considered attractive to a hostile threat actor to disrupt. When using industrial control systems or operational technology, perform manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
• Increase organizational vigilance. Monitor your networks, focusing on the TTPs reported in the CISA advisory. Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging to better investigate issues or events.
• Enhance your security posture: Patch your systems with a focus on the vulnerabilities in the CISA advisory to enable logging and backup. Deploy network and endpoint monitoring (such as anti-virus software), and implement multifactor authentication where appropriate.
• Have a cyber incident response plan, a continuity of operations, and a communications plan, and be prepared to use them.
• Inform the Cyber Centre of suspicious or malicious cyber activity.

The post Global Affairs Canada Hit by Cyberattack appeared first on CISO MAG | Cyber Security Magazine.

According to research from Cynerio – a health care IoT security platform, several medical IoT devices are prone to cyberattacks exposing hospitals and patients’ data to various cyberthreats. In its 2022 State of Healthcare IoT Device Security Report, Cynerio stated that medical IoT security has remained unaddressed despite increased healthcare cybersecurity investments. It’s found that nearly 53% of connected medical devices and other IoT devices in hospitals have known critical vulnerabilities. If compromised, these vulnerabilities could allow an attacker to perform multiple criminal activities like impacting service availability, data confidentiality, or patient safety.

Key Findings:

• IV pumps make up 38% of a hospital’s routine health care IoT footprint, and 73% of these have a vulnerability that could jeopardize patient safety, data confidentiality, or service availability if it were to be exploited by an adversary.
• Devices running versions older than Windows 10 account for most devices used by pharmacology, oncology, and laboratory devices and make up a plurality of devices used by radiology, neurology, and surgery departments, leaving patients connected to these devices vulnerable.
• The most common IoMT and IoT device risks are connected to default passwords and settings that attackers can often obtain easily from online manuals, with 21% of devices secured by weak or default credentials.
• Network segmentation can address over 90% of the critical risks presented by connected medical devices in hospitals and is the most effective way to mitigate most risks presented by connected devices.

Also Read: How Brainjacking Became a New Cybersecurity Risk in Health Care

“Health care is a top target for cyberattacks, and even with continued investments in cybersecurity, critical vulnerabilities remain in many of the medical devices hospitals rely on for patient care. Visibility and risk identification is no longer enough. Hospitals and health systems don’t need more data – they need advanced solutions that mitigate risks and empower them to fight back against cyberattacks, and as medical device security providers, it’s time for all of us to step up. With the first ransomware-related fatalities reported last year, it could mean life or death,” said Daniel Brodie, CTO, and co-founder, Cynerio.

Medical IoT Devices and Cybersecurity

With multiple intrusions and attacks on connected medical devices, the health care providers continued to be the primary target for cybercriminals. However, the most concerning issue for the health care sector is cyberattacks on implanted medical devices. Several cybersecurity experts stated that threat actors can hijack certain connected medical devices implanted in a human’s body or brain — they are calling this Brainjacking. Read More Here…

The post Over Half of Medical IoT Devices Found Vulnerable to Cyberattacks appeared first on CISO MAG | Cyber Security Magazine.

Tenable’s Security Response Team analyzed 1,825 data breach incidents disclosed between November 2020 and October 2021. The analysis included in the 2021 Threat Landscape Retrospective (TLR) report revealed an overview of the attack vectors, vulnerabilities, and insights that will help organizations prepare for the upcoming security challenges in 2022.

Some 21,957 common vulnerabilities and exposures were reported in 2021, representing a 19.6% increase over the 18,358 reported in 2020 and a 241% increase over the 6,447 disclosed in 2016. From 2016 to 2021, vulnerabilities increased at an average annual percentage growth rate of 28.3%.

The top vulnerabilities in 2021 include:

1. CVE-2021-26855 — Proylogon, Microsoft Exchange Server
2. CVE-2021-34527 —  Printnightmare, Windows Print Spooler
3. CVE-2021-21985 —    VMWARE VSPHERE
4. CVE-2021-22893 —  Pulse Connect Secure
5. CVE-2020-1472 —  Zerologon, Windows  Netlogon Protocol

Also Read: Suffered a Data Breach? Here’s the Immediate Action Plan

Other key findings from the report:

• Ransomware had a monumental impact on organizations in 2021, responsible for approximately 38% of all breaches.
• 6% of data breaches were the result of unsecured cloud databases.
• Unpatched SSL VPNs continue to provide an ideal entry point for attackers to perform cyberespionage, exfiltrate sensitive and proprietary information, and encrypt networks.
• Threat groups, particularly ransomware, have increasingly exploited vulnerabilities and misconfigurations in Active Directory.
• When security controls and code audits are not in place, software libraries and network stacks commonly used amongst OT devices often introduce additional risks.
• Ransomware groups favored physical supply chain disruption as a tactic to extort payment, while cyberespionage campaigns exploited the software supply chain to access sensitive data.
• Health care and education experienced the greatest disruption from data breaches.

“Migration to cloud platforms, reliance on managed service providers, software, and infrastructure as a service have all changed how organizations must think about and secure the perimeter. Modern security leaders and practitioners must think more holistically about the attack paths within their networks and how they can efficiently disrupt them. By examining threat actor behavior, we can understand which attack paths are the most fruitful and leverage these insights to define an effective security strategy,” said Claire Tills, Senior Research Engineer, Tenable.

The post 40 Billion User Records Exposed Globally in 2021 appeared first on CISO MAG | Cyber Security Magazine.

“We were attacked, but so far so good as we took anticipatory measures and most importantly public services at Bank Indonesia were not disrupted at all,” said Bank Indonesia’s spokesperson in a media statement.

Cybercriminals leverage ransomware to penetrate targeted network systems, infect critical files, and encrypt them, making them inaccessible to others. Threat actors often demand a ransom to decrypt the infected systems.

Conti Ransomware Suspected

While Bank Indonesia did not reveal the ransomware operators behind this attack, security experts suspect this could be from the Conti ransomware group. Conti is a Russian-speaking ransomware group that reportedly victimized more than 400 organizations worldwide, of which 290 are in the U.S. alone. Conti attackers infiltrate victim networks through phishing emails (malicious links or attachments) or stolen/cracked remote desktop protocol (RDP) credentials. These cyber actors then steal files, encrypt servers and workstations, and demand ransom.

Also Read: Cybercriminals Make Twitter a Playing Field to Target Indonesian Banks

Cyberattacks on Indonesia

Security incidents on Indonesian financial organizations have become prevalent in recent times. A cyber intelligence report from Group-IB recently found traces of an ongoing fraudulent campaign based on Twitter targeting Indonesia’s largest banks.  Cybercriminals posed as bank representatives or customer support team members on Twitter to lure and gain the trust of targeted victims. This massive campaign, which began in January 2021, ballooned 2.5-fold (from 600 in January) to a total of 1,600 fake Twitter accounts impersonating banks until early March. It is found that over seven large Indonesian financial institutions have been targeted under this campaign. The scam affected over two million Indonesian bank customers active with legitimate bank handles on Twitter.

The post Bank Indonesia Suffers Ransomware Attack, Suspects Conti Involvement appeared first on CISO MAG | Cyber Security Magazine.