vCISO Can Protect Against New Ransomware Threats and Old Scams

Category: Data Security , ThreatAdvice , vCISO
Author: NXTsoft

The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the National Security Agency (NSA) issued a warning about the increased use of a Conti ransomware in more than 400 attacks on U.S. and international organizations. Not all cyber threats are new, some have been around for quite some time, and still remain dangerous, such as robocalls, and an oldie but baddie, the Nigerian Prince scam.

Because Information security is complicated and constantly evolving, protecting the privacy, security, integrity, and accessibility of information should be a top priority for any business. A company’s in-house chief information security officer (CISO), through edification, can diminish cybersecurity risks of employees and customers. However good CISOs may be problematic for many organizations, including financial institutions and fintechs. A viable option is a virtual CISO or vCISO.

Securing Against Ransomware

In a typical Conti ransomware attack, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment. To secure systems against Conti ransomware, CISA, FBI, and the NSA, in its alert recommended implementing mitigation measures including multi-factor authentication (MFA), network segmentation, and keeping operating systems and software up to date.

The warning said Conti differs from other ransomware-as-a-service (RaaS) models in that developers pay the deployers of the ransomware a wage rather than a percentage of the proceeds from a successful attack.

Conti actors often gain initial access to networks through:

  •  Spear phishing campaigns using tailored emails that contain malicious attachments or links.
  • Malicious Word attachments containing embedded scripts or malware — such as TrickBot and IcedID — with the eventual goal of deploying Conti ransomware.
  • Stolen or weak remote desktop protocol (RDP) credentials.
  • Phone calls.
  • Fake software promoted via search engine optimization.
  • Other malware distribution networks (e.g., ZLoader).
  • Common vulnerabilities in external assets such as exploitation of unpatched assets.

CISA and the FBI have also observed Conti actors using Router Scan, a penetration testing tool, to maliciously scan for, and brute force, routers, cameras, and network-attached storage devices with web interfaces. Conti actors are known to exploit legitimate remote monitoring and management software and remote desktop software as backdoors to maintain persistence.

Old Scams Still Create Security Threats It is not just new threats causing concerns. A new study from Juniper Research, Robocall Mitigation: Emerging Strategies, Competitor Leaderboard & Market Forecasts 2021-2026, found that consumers will lose $40 billion to fraudulent robocalls globally in 2022; rising from $31 billion in 2021.

The study also predicted over 110 billion unwanted robocalls globally next year. North America is the region most plagued by fraudulent robocalling; accounting for 45% of global losses forecast for next year despite representing just 5% of worldwide mobile subscribers.

Fraudulent robocalls pose threats to consumers by encouraging the disclosure of personal information that fraudsters can use for identity theft. In most robocall fraud cases, fraudsters impersonate an authentic brand or enterprise to gain the call recipient’s trust.

The report identified brand authentication technologies as a critical element of mitigation frameworks that will emerge to combat fraudulent robocalls by verifying the brands and enterprises. However, standardizing services across all stakeholders, including mobile operators, brands and mobile operating system developers, will be essential to creating a service that combats fraud in real-time. As well as someone at the organization charged with implementing such technology.

Use our secure Data Breach Tool

Another con still making the rounds is the Nigerian prince letter scam, also known as the 419 fraud or foreign money exchange fraud. The Internet has provided an efficient means to carry out this advance-fee scamming, a modern version of the "Spanish Prisoner" con, dating back to the French Revolution. Today, the 419 letters represent one of the longest-running Internet frauds, sent out by the tens of thousands to e-mail lists. The email hunts for a small investment on the part of the recipient in return for the pledge of a huge return, which never arrives.

Outrageous as the scam appears, it rakes in more than $700,000 from Americans alone (according to a 2018 report by ADT Security Services), at an average of $2,133. Overall, Americans lose over $26 million to scams each year, according to ADT.

Several years ago, Kaspersky researchers identified Nigerian phishers, the same scammers who specialized in so-called Nigerian letters, as mastering new techniques for stealing money – this time, from companies. They are usually the ones behind business email compromise attacks.

While the Nigerian prince-style schemes can cost a lot if someone fall for them, investment fraud and romance scams are the most expensive for victims.

vCISOs Protect from Old and New Frauds

Ultimately old and new cons succeed because technology and globalization have made targeting victims as easy as the click of a mouse. Staying up to date with dangers and vulnerabilities facing individuals and businesses is frequently a 24/7 occupation that requires looking at the past and understanding evolving information security threats.

A vCISO, an outsourced infosec expert with management experience provides organizations with security awareness about new and old cybersecurity threats. A vCISO’s core objective functions as a channel to internal business and technology crews by providing a vigorous and pliable security plan and oversight.

The vCISO also provides protection and flexibility of business resources on a continuing basis. The position can manage information security planning and management; controls and standards; regulatory guidelines and compliance; organizational and management infrastructure planning, business continuity proposals; and risk, database and supply chain management.

Get comprehensive cybersecurity with ThreatAdvice vCISO

ThreatAdvice vCISO, NXTsoft’s flagship virtual CISO software solution, provides the cybersecurity oversight an organization needs. ThreatAdvice's vCISO service will provide ongoing risk assessment and vulnerability management and also alert the business and advise on required actions. More importantly ThreatAdvice vCISO ensures the proper solutions and protocols are in place to significantly reduced the likelihood of a cybersecurity event.

ThreatAdvice vCISO provides employee cybersecurity training and education, intelligence on potential threats and a comprehensive cybersecurity monitoring solution delivered through a proprietary virtual CISO dashboard. The vCISO dashboard allows organizations to communicate securely with the vCISO team, access completed reports and policies, view upcoming and completed tasks and more. ThreatAdvice vCISO also warehouses security information in one place with oversight and interpretation from a dedicated virtual CISO team.

September 29, 2021
Back
Share this post on social media