1-888-643-2217 Email ABEX
Keeping you updated

Category Archives: Cyber Risk Management

Cyber Claims Case Study: CEO Swindle

One of the most common types of social engineering is CEO fraud. This is typically a targeted attack where a fraudster impersonates the CEO or another senior executive within an organisation and instructs a member of the finance department to make an urgent payment to a particular account for a specific reason. Even traditional businesses who might not think they have a strong cyber exposure can lose thousands in attacks like this.

CFC’s latest cyber claims case study tells the story of a manufacturer who fell victim to CEO fraud and the financial fallout the company experienced as a result.

The key takeaway points are:

  • CEOs and senior executives are prime targets for cybercriminals. They tend to act as the face of their respective companies and have bigger profiles on company websites and social media accounts, allowing cybercriminals to gather valuable information about them. Cybercriminals also know that employees are instinctively less likely to question instructions from senior executives. CEOs and senior executives therefore need to be especially conscious of sticking to good cybersecurity practices, and employees need to be particularly alert to suspicious emails and have robust authentication procedures in place.
  • Cybercriminals are becoming increasingly sophisticated. In the past, it was not uncommon to see blatant attempts at funds transfer fraud over email, with an urgent appeal for help or bogus prize give-aways being just two examples. Now, however, we are seeing far more nuanced attacks, with fraudsters sending convincing credential phishing emails to gain access to email accounts, setting up forwarding rules on email accounts to avoid detection and making use of seemingly legitimate invoice templates to add authenticity to their scams.
  • Lots of businesses don’t think they need to purchase cyber insurance because they believe they have good IT security in place, such as firewalls and anti-virus software. But this ignores the fact that people are often the weakest link in an organisation’s IT security chain. With increasingly sophisticated attacks like this on the rise, it makes it difficult for employees to tell the difference between a real email and a fake email or a real invoice and a fake invoice, and it makes the chances of a successful social engineering attack against a business increasingly likely.

Read the full case study here

Source: cfcunderwriting.com


Vulnerability Found in Multi-Factor Authentication

CFC sent us the advisory below to share regarding a new multi-factor authentication (MFA) vulnerability.  Whether you have your cyber policy with CFC or elsewhere, please review and take steps to minimize your exposure.

CFC has become aware of a significant new security vulnerability that can be easily exploited to bypass multi-factor authentication (MFA). MFA is commonly used to protect against phishing attacks and compromised passwords, which are two of the most common root causes of cyber claims seen by our incident response team. Even worse, we’ve become aware of tools available on the dark web that exploit this vulnerability and expect substantial use of the tool to compromise previously protected environments.

How it works

A new penetration testing tool has been published by a security researcher that automates phishing attacks against multi-factor authentication protected websites. This tool, dubbed Modlishka, sits between a user and a target website such as Outlook 365 or Gmail.

The victim receives authentic content from the legitimate site but all traffic and all the victim’s interactions with the legitimate site pass through and are recorded on the Modlishka server. Any passwords a user may enter are automatically logged on this server, while the reverse proxy also prompts users for 2FA tokens when users have configured their accounts to request one.

If attackers are on hand to collect these tokens in real-time, they can use them to log into victims’ accounts and establish new and legitimate sessions. We have seen a similar method used to intercept other web services such as Citrix Web Access.

You can find more information here.

Steps to take

  1. Disable web access to email or remote desktop environments where possible
  2. Use hardware tokens as a means of multi-factor authentication (FIDO 2.0 and U2F)
  3. Implement phishing awareness and education:
    • Do not click on links in emails, and instead type the address in your browser
    • Avoid suspicious email attachments or links, and if necessary, verify the sender
    • Never hand over your credentials such as passwords or sensitive information such as bank account numbers
    • Check that the website address looks right and is spelled correctly
  4. Use DMARC in order to protect against spoofing of email domains

3 Network Security Threats to Watch Out for in 2019

Cyber security attacks continue to increase in both size and severity. In order to truly protect themselves, businesses must remain informed on the latest cyber security trends. While it can be difficult to predict the emergence of new risks, the following is a list of major threats experts have identified for 2019 and ways to protect your business:

  1. Viruses and worms—Computer viruses and worms are malicious programs designed to infect core systems and destroy essential data. What’s more, viruses and worms can replicate themselves, infecting an entire network quickly. To protect your system, install anti-malware on all network devices.
  2. Drive-by download attacks—Drive-by download attacks generally refer to the unintentional download of malicious code from an app, operating system or browser, which, in turn, opens you up for an attack. What’s most concerning about these attacks is users don’t have to click, download or open anything to become infected. The best way to avoid these types of attacks is to keep your web browsers updated and ensure users don’t navigate to potentially dangerous sites.
  3. Phishing attacks—Phishing scams are a common strategy for hackers—one that requires minimal technical know-how and can be deployed via email. With every opened email, users risk becoming the victim of monetary loss, credit card fraud and identity theft. Successful phishing attacks oftentimes go unnoticed, which increases the risk of large and continued losses, particularly for businesses. To avoid becoming the victim of an attack, organizations need to train users on how to identify and avoid common phishing scams.

For more information on network security threats and prevention strategies, contact your insurance broker today.

© Zywave, Inc. All rights reserved


5 Tips to Make Your Passwords More Secure

Because identity theft and data breaches are becoming an ever-growing problem, it’s important to not only have a different password for each account, but to make those passwords easy to remember and hard to guess. The following are tips you can use to make your password harder to crack:

  1. Change your passwords every 90 days. This might seem like a hassle at first, but hackers have a better chance at cracking your passwords if they never change. It’s also a good idea to avoid reusing passwords.
  2. Make your passwords at least eight characters long. Generally, the longer a password is, the harder it is to guess.
  3. Don’t use the same password for each account. Hackers target lower security websites and then test cracked passwords on higher security sites. Make sure each account has a different password.
  4. Include uppercase letters and special characters in your password. Special characters include symbols like “#,” “*,” “+” and “>.” These symbols can make your password more complex and harder to guess.
  5. Avoid using the names of spouses, kids or pets in your password. All it takes for a hacker to crack passwords that include these things is a little research on social media sites like Facebook and Twitter.

© Zywave, Inc. All rights reserved


Choosing the Right Type of Cyber Testing for Your Business

Taking the initiative to invest in cyber security and improve employee security awareness is vital for defending a business from cyber attacks. However, it may be necessary for businesses to re-evaluate their efforts on occasion to make sure their security measures are effective. Vulnerability scans, penetration testing and red team exercises are three types of tests that businesses can use to assess their cyber security.

Vulnerability Scans

Vulnerability scans and assessments use automated tools to identify cyber weaknesses. They’re typically used to find known or common vulnerabilities, such as those used in past breaches and those that provide paths of least resistance for attackers trying to enter the network. Vulnerability scans are most useful for small and mid-sized organizations with limited cyber security resources.

Penetration Tests

Penetration tests are simulated attacks that use information acquired from vulnerability scans in an effort to access or penetrate the enterprise network. When a penetration test occurs, enterprises and security professionals may or may not know of the test in advance. Penetration tests can be performed by internal staff or external vendors. They’re most beneficial for organizations of medium maturity looking to uncover gaps in security.

Red Team Exercises

When using a red team to assess security, employees assume the exercise is a real-life situation and do not know about it in advance. Red team exercises help organizations gauge realistic responses to attempted attacks by mimicking attackers and attempting to break into the organization in any way possible. Mature organizations with specialized cyber security skills would benefit most from red team exercises, which can uncover security gaps both inside and outside of the network. Red team exercises can be conducted by internal staff or by external vendors.

Once an organization identifies which type of testing is appropriate, it should also assess the frequency of the testing. Ultimately, every new or updated technology should be subjected to thorough testing to detect and address new vulnerabilities before outside attackers find them.

© Zywave, Inc. All rights reserved


Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.



ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook

Connect with us on LinkedIn