Cyber News Roundup: What’s Siphoning the Most Money Out of Companies?

Editor’s Note: This is your weekly cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive weekly updates here.

Business email compromise. While not as headline-grabbing as ransomware, business email compromise (BEC) attacks account for the highest financial losses across companies — $1.77 billion in losses in 2019, according to the FBI. In ZD Net’s article, This cybersecurity threat costs business millions. And it’s the one they often forget about, walks through what these attacks entail.  

A BEC is an attack whereby cyber criminals use social engineering to trick an employee into transferring a large sum of money to an account. Often these messages mimic real senders that the victim knows, such as a boss, colleague, or other known and trusted business contact, writes ZD Net’s Danny Palmer. He states, “The lucrative nature of BEC scams is even pushing some cyber-criminal operations away from malware and ransomware attacks and towards wire-transfer fraud.” 

We may think we’re immune to clicking and transferring money at someone’s request, yet Palmer writes, “BEC is so successful is because the nature of doing business online means actions often need to be taken quickly — and with more people working remotely than ever before, checking to see if that email really came from your colleague is more difficult.” 

CSO Magazine offers 14 tips to stop business email compromise, here are the top five: 

1. Ensure desktop and web email clients run the same version. Keeping desktop and web email clients up to date avoids problems with syncing and updates.  

2. Be wary of last-minute email account address changes. If suddenly you receive an email from a vendor regarding a financial matter and the email address has changed, call them and request verification of the email address. 

3. Check email addresses for slight changes. Small changes can make fraudulent email addresses appear legitimate by resembling actual clients’ names. The letter “l” is one of the worst characters to use in an email address. Is that a lowercase “l” or the number “1”? 

4. Enable multi-factor authentication for all email accounts. Multi-factor authentication (MFA) ensures that attackers must have something else — phone, key, device, fob, authentication app — in their possession to access your email. 

5. Prohibit automatic forwarding of email to external addresses. In many email compromises, forwarding rules may be only seen in web applications and not in the desktop email clients. Email forwarding is so pervasive that Microsoft has even blocked outbound mail forwarding automatically in Microsoft 365.  

SolarWinds Attack Aftermath 

The SolarWinds hack was “one of the worst breaches in U.S. history,” according to WSJ. The impact of the SolarWinds hack was immense and is still being felt across government agencies and the technology industry — especially since many entities still don’t know if they were hacked or not. “We continue to maintain that this is an espionage campaign designed for long-term intelligence collection,” said Brandon Wales, acting director with the Cybersecurity and Infrastructure Security Agency (CISA). 

The latest news is that Russian state-backed hackers are responsible for the SolarWinds attack…and that it likely involved 1,000 engineers or more to pull it off, according to InfoSecurity Magazine. Investigators suspect the Russian espionage operation “went far beyond the compromise of the small software vendor publicly linked to the attack… The revelation is fueling concern that the episode exploited vulnerabilities in business software used daily by millions,” reports WSJ.  

A quick overview. Hackers inserted malicious code into a legitimate SolarWinds software update that was spread and infected high-profile companies and government entities. CNET reports, “this is known as a supply-chain attack because it infects software as it’s under assembly. It’s a big coup for hackers to pull off a supply-chain attack because it packages their malware inside a trusted piece of software.” 

SolarWinds is the maker of network-management software. The company has more than 300,000 customers, including U.S. government agencies — including parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury — and the vast majority of Fortune 500 companies, including Microsoft, Cisco, Intel, and Deloitte.  

Post-Pandemic Business Face Increased Cyber Threats: Cybersecurity Checklist 

We know that all businesses — big and small — are targets for cyber threats, especially now with the increase in security breaches during the pandemic. A good resource for Oregon-based small businesses is America’s SBDC Oregon, a Cyber Oregon sponsor, with 19 centers across the state assist small businesses with advising, classes, and access to the resources they need to be successful. Here’s a cybersecurity checklist for small businesses from Business2Community:   

  • Dual-layered Account Protection and Passkeys. Private keys and passwords are integral parts of any digital account setup. Password-cracking is reportedly one of the highest links to cybercrimes. This is why it is important to set up strong passwords when working digitally. It is essential to note that passwords can be easily predicted when linked to the user, while others can be accessed through a combination of words in the dictionary. 
  • Educating Employees and Customers on Cybersecurity. Timely access to useful information on the threats that could be faced when operating digitally goes a long way in addressing malicious attacks for businesses. In addition to regular updates on managing or interacting with the business network, the place of information on cyber-hygiene should not be neglected. 
  • Enable Private and Secure Connections. In the course of browsing through a network or conducting business digitally, streams of data are exchanged – which are susceptible to being exploited for malicious purposes. Cybercriminals divert traffic from one network to another by intercepting data. 
  • Routine Security Checks and Updates. Performing security checks on the strength and safety of the network upon which businesses of all levels are run is a sure way of maintaining such a company’s integrity. Scheduling cybersecurity checks help to note lapses in security and possible solutions. 
  • Liaisons with Cloud-based Networks. Data invariably make up the bulk of any business. Proper data processing and storage is a remarkable way of fostering more customer engagement through anticipation and accommodation of customer needs. Therefore, it is crucial for small businesses looking to advance to store or back up relevant data properly. 

Partner blog post of interest: McAfee: Ransomware and DDOS is on the Rise: Tips for Distance Learning in 2021