The monthly security awareness summary is intended to keep staff informed of recent threats so that they can be properly prepared to defend themselves against the never-ending variety of attacks that they will encounter on a regular basis. Perspective: A New Year, A New Set of Threats Automation is constantly evolving, and recent advancements in attack tools and methods are demonstrating that malicious automation can expected to have significant ramifications. Researchers have proven that automated tools can successfully predict a user’s new password based on analyzing older stolen passwords, which makes the probability of a data breach infinitely higher. A recent test had a malicious bot infiltrate a network, scan all systems and exfiltrate all of the available data within 15 seconds. There is a good change that 2019 will be the year that these types of attacks become real. Make sure that your protections are in place. The success of Office 365 has made it a large target for phishing attacks. Phishing as a service has finally hit its stride in 2018, and many of the available “kits” for rental are designed to spoof the Office 365 platform. The kits are highly sophisticated, ensuring that a normal user probably would not be able to recognize the falsified landing page. Ensure that your staff is trained on how to detect phishing attacks and that they are vigilant about opening unsolicited emails. Two Factor Authentication has received a lot of press recently as a solution for account takeover attacks, but the bad guys have already figured out ways phish second-factor authentication codes sent via SMS. While the process involves phishing and a large amount of redirection, it has been proven successful in many parts of the world. It may be of value to consider tokens or other alternate methods for authentication for high- risk accounts 15 Senators have introduced a Federal data privacy bill which would require companies that collect personal data from users to take reasonable steps to safeguard the information. The bill also has additional consumer protections, providing unified approach to data privacy across the nation, instead of the patchwork of protections provided at the state-level. The bill would let states to pursue their own legal actions against companies for privacy violations, but would "allow the FTC to intervene" in those enforcement efforts. ~Stay Secure If you found this information valuable, we recommend taking a look at our weekly threat intelligence brief. For more information, contact us here. Bob Gaines Director 646.375.9500 x114 rgaines@accumepartners .com AccumeView: Executive Cybersecurity Pulse
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The monthly security awareness summary is intended to keep staff informed of recent threats
so that they can be properly prepared to defend themselves against the never-ending variety of
attacks that they will encounter on a regular basis.
Perspective: A New Year, A New Set of Threats
Automation is constantly evolving, and recent advancements in attack tools and
methods are demonstrating that malicious automation can expected to have significant
ramifications. Researchers have proven that automated tools can successfully predict a
user’s new password based on analyzing older stolen passwords, which makes the
probability of a data breach infinitely higher. A recent test had a malicious bot infiltrate
a network, scan all systems and exfiltrate all of the available data within 15 seconds.
There is a good change that 2019 will be the year that these types of attacks become
real. Make sure that your protections are in place.
The success of Office 365 has made it a large target for phishing attacks. Phishing as a
service has finally hit its stride in 2018, and many of the available “kits” for rental are
designed to spoof the Office 365 platform. The kits are highly sophisticated, ensuring
that a normal user probably would not be able to recognize the falsified landing page.
Ensure that your staff is trained on how to detect phishing attacks and that they are
vigilant about opening unsolicited emails.
Two Factor Authentication has received a lot of press recently as a solution for account
takeover attacks, but the bad guys have already figured out ways phish second-factor
authentication codes sent via SMS. While the process involves phishing and a large
amount of redirection, it has been proven successful in many parts of the world. It may
be of value to consider tokens or other alternate methods for authentication for high-
risk accounts
15 Senators have introduced a Federal data privacy bill which would require companies
that collect personal data from users to take reasonable steps to safeguard the
information. The bill also has additional consumer protections, providing unified
approach to data privacy across the nation, instead of the patchwork of protections
provided at the state-level. The bill would let states to pursue their own legal actions
against companies for privacy violations, but would "allow the FTC to intervene" in those
enforcement efforts.
~Stay Secure
If you found this information valuable, we recommend taking a look at our
weekly threat intelligence brief. For more information, contact us here.
AccumeView: Executive Cybersecurity Pulse January 2019
accumepartners.com
• If you see or suspect any suspicious activity when using the internet or email, report it immediately.
• Keep current with emerging state privacy and incident response laws (California and Colorado are mentioned in this issue of AccumeView) to ensure your organization is ready for tightening regulatory requirements.
If you have questions about any of the above recommendations, or about their implementation, feel free to reach out to Accume for additional information.
If you found this information valuable, we recommend our weekly threat
intelligence brief, which has additional operational details for you and
your staff. For more information, contact us here.