Cyber Week in Review: CISCO Security Breach, Roku’s Major Breach, Are Bots Going to Outnumber Human-Generated Internet Traffic? And more.

We have now reached more than 22,730 subscribers! Thanks for your unwavering support! Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network.?

Be sure to read the "My thoughts" section to learn strategies for navigating and combating cyber attacks. I'm here to assist you in avoiding and battling these threats should they ever affect you.?

Contact me if you have any questions regarding your enterprise's cybersecurity strategy --> Luigi Tiano.?

?

Multifactor Authentication Compromised: Cisco Issues Security Breach Notification?

?

Cisco disclosed that on April 1, a threat actor breached one of the providers used to send multifactor authentication (MFA) messages, specifically affecting Duo, a company acquired by Cisco in 2018. The breach involved the telephony supplier's system used by Duo to send MFA messages via texts and phone calls, with the threat actor gaining access through a phishing attack on a provider employee's credentials. While the breached logs contained metadata but no message content, Cisco reassured that the hacker didn't access or utilize message contents nor manipulate the system to send messages.??

?

The provider canceled the compromised credentials, analyzed activity logs, and informed Cisco upon discovery. Cisco received a copy of the logs and is offering them to affected customers. However, details about the number of affected individuals and the provider targeted remain undisclosed. Cybersecurity experts warn that this incident exemplifies a concerning trend of threat actors targeting critical components of security infrastructure, exploiting vulnerabilities in third-party providers to disrupt major companies' services. ( therecord.com ) ?

?

My Thoughts: This breach highlights the importance of implementing stringent security protocols not only within an organization's internal systems but also across its network of third-party providers. Third party risk continues to be a concern for many. Companies must ensure that comprehensive security measures, such as regular phishing awareness training and robust credential management practices, are in place not only for their employees but also for their vendors and suppliers. Additionally, conducting thorough assessments of third-party security postures and establishing clear communication channels for incident reporting are essential steps in mitigating the risks posed by supply chain vulnerabilities.??

?

Explore our wide range of solutions ?

?

Will bots soon outnumber human-generated internet traffic??

The latest Bad Bot Report from Imperva reveals a concerning trend: malicious bot activity has surged by 10% annually, now constituting one third of total internet traffic. Overall, bots represent nearly half of all internet traffic, with 30% of API attacks in 2023 attributed to bots, 17% of which targeted business logic vulnerabilities. Notably, bad bot traffic from residential ISPs has spiked to 26%. Nanhi Singh, Imperva's general manager of application security, cautions that bots are capable of various malicious activities including web scraping, account takeover (ATO), spam, denial of service, and data exfiltration, warning that automated bots may soon surpass human-generated internet traffic. Access the full report via the link provided in the episode's show notes. (Imperva.com ) ?

?

My Thoughts: With bots increasingly infiltrating online systems and perpetrating account takeover attacks, enterprises must raise their awareness.? Advanced bot detection techniques, coupled with continuous monitoring and threat intelligence, are paramount to addressing these threats effectively. Assurance IT is equipped to help enterprises protect, prepare and recover from breaches. Book some time with me here. ?

?

Roku reports 576,000 compromised accounts??

?

Approximately 576,000 Roku accounts were compromised in a recent cyberattack, resulting in unauthorized purchases, the company announced. This incident follows a previous breach affecting over 15,000 accounts. The unauthorized purchases, made in fewer than 400 cases, included streaming subscriptions and Roku hardware. However, sensitive personal information like credit card numbers was not accessed. The breach occurred due to "credential stuffing," where hackers use stolen login credentials from one platform to access others. Roku has reset passwords for affected accounts, notified customers, and implemented two-factor authentication for all accounts to enhance security. This breach comes after a similar incident last month, where Roku accounts were accessed for attempted purchases of streaming subscriptions. Though sensitive information wasn't compromised, hackers reportedly sold stolen account details online. Meanwhile, AT&T recently disclosed a data leak affecting about 73 million customers, leading to class-action lawsuits. ( forbes.com ) ?

?

My Thoughts: It's clear that no one is immune to these attacks. The unauthorized purchases made on these accounts serve as a chilling example of the potential consequences of lax cybersecurity measures. Whether it's reaching out to us, resetting passwords, enabling two-factor authentication, or staying vigilant against phishing attempts, every precaution counts. Ignoring the risks is not an option in today's world, where the next breach could be just around the corner.?

?

Would you like to understand how we help enterprises? Give us a call here: 514-654-4145?

?

Police discover advanced phishing service platform?

?

An international operation, codenamed PhishOFF and Nebulae, has led to the arrest of 37 individuals involved in the cybercrime service LabHost, renowned for its sophisticated phishing operations targeting banks and high-profile organizations. This crackdown, led by Europol, involved arrests across several countries, including Australia, the U.K., and the U.S., and resulted in the confiscation of LabHost's infrastructure. LabHost, operating as a Phishing-as-a-Service (PhaaS) provider, offered a wide range of phishing templates and tools, enabling cybercriminals to conduct large-scale phishing attacks with ease. The disruption of LabHost's operations highlights the global effort required to combat cybercrime and underscores the growing threat posed by PhaaS platforms, which empower even novice threat actors to orchestrate sophisticated attacks. As cybercriminal networks continue to evolve and expand their operations, international collaboration remains crucial in combating these borderless and highly organized threats. ( thehackernews.com ) ?

??

My Thoughts: This operation exposes the consequences of complacency in cybersecurity measures. Organizations must face the harsh reality that cybercriminals are relentless and will exploit any vulnerability. It's no longer sufficient to simply react to threats; proactive defense strategies are essential.?

?

This includes robust employee training, stringent security protocols, and constant vigilance. Moreover, failure to prioritize cybersecurity is not just negligent—it's reckless. Organizations must recognize that the cost of inaction far outweighs the investment in robust defense mechanisms. The era of turning a blind eye to cyber threats is over.??

Make Assurance IT your go to place for weekly news and true insights from real experts.?

Subscribe to our YouTube channel to see all of our podcasts and tech videos.

?