We came across this recent Joint Cybersecurity Advisory paper: “Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization,” co-authored by the Cybersecurity & Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC). The topic strikes a familiar chord, yet we both appreciate the thorough analysis provided by the authors to educate cybersecurity professionals on the details and mitigating factors. In our view, sharing real life experiences helps get the message across more impactfully than discu ..read more

With the turn of the 20th century and the rise of the internet, transactions and services became increasingly digital – and so did our identities. Unlike physical identities where a person is in complete control of their identification documents and knows when these documents are missing or stolen, digital identities are stored on servers and databases owned by third-party vendors that offer their services in a digital format. So, it’s highly unlikely a person would know when their digital identity is stolen or compromised. In effect, a cybercriminal could pose as a legitimate user and inflict ..read more

While breaches targeting identity as the initial attack vector are on the rise, with increasing success and significant financial and reputational damage inflicted, IdPs are quickly becoming the attack vector of choice. Attackers maximize the payload by infiltrating the most critical system in your organization designed to secure access to all your company and customer data. The Threat in Context Once a user with access to the organization’s IdP is compromised through an account takeover (ATO) attack, detection becomes increasingly difficult. The attacker gains persistence within the network ..read more

In recent months, ransomware attacks have gained attention and become a top concern across multiple industries. The threat has affected many well-known brands, ranging from cable providers and aircraft manufacturers to mortgage servicers and title insurance companies. Ransomware is a type of malware used to infect computers and encrypt data. Once infected, the ransomware attempts to spread to connected systems. This can include computers accessible on the network, shared drives, and backups. The goal of the attack is to render data and applications unusable for the victim until a ransom is pai ..read more

Thanksgiving in the U.S. signals the start of the holiday shopping season, stretching all the way to Christmas. During this time, businesses offer various deals and incentives, triggering a surge in orders, deliveries, and returns of goods. Unfortunately, this season is also a prime opportunity for attackers seeking to capitalize on unsuspecting individuals, employing identity-based cyberattacks such as phishing to compromise users’ credentials and take control of their accounts. In fact, the FBI reported almost 12,000 victims reporting non-payment/non-delivery scams during the 2022 holiday sh ..read more

Passwords, while integral to security measures, can pose significant threats due to their inherent vulnerabilities. Weak or reused passwords, susceptibility to phishing and brute-force attacks, and potential insider threats all make passwords a weak link in your security posture. Although ubiquitous and seemingly secure, passwords can pose a significant threat to organizations for various reasons. Common issues include the use of weak or easily guessable passwords and password reuse across multiple accounts, making it easier for malicious actors to gain unauthorized access. Additionally, the p ..read more

As digital transformation continues to change the way we do business and interact with various entities and organizations, cyberattacks continue to intensify and compromise user accounts and identities. Identities are the largest attack vector with weak/compromised credentials and phishing attacks being two of the most successful type of attacks. Organizations are taking notice, and many have implemented various security controls such as multi-factor authentication (MFA), single sign-on, and training employees to identify a phishing attack. Additionally, many run ad-hoc simulated phishing atta ..read more

With the explosion of Software as a service applications, organizations are juggling a lot – from rollout out hybrid/remote work policies; supporting employee, contractor and vendor hiring and off-boarding; managing various identities, and ensuring only authorized users have access to what their job requires. This work has become critical to ensuring smooth processes, preventing account take over (ATO) attacks and reducing costs. System for Cross-domain Identity Management (SCIM) is transforming Identity and Access Management in SaaS platforms, workflow, and Identity lifecycle management. SCIM ..read more

Why it’s time to move to high assurance passwordless MFA with physical proximity. The most common MFA authenticators are vulnerable because they do not have a proximity-based factor as a requirement. The cybercrime marketplace of offering stolen credentials to enable access-as-a-service attacks continues to dominate the market with a 6 fold increase in number of credentials stolen by malware. Passwords as the single factor of authentication has become a thing of the past and many security conscious organizations have now adopted multi-factor authentication (MFA) as the standard. MFA incorporat ..read more

Over the past few years, digital transformation has been relentless. Businesses of all sizes are at the forefront, continuously adapting to an ever-evolving digital landscape. One of the biggest challenges is managing the surge in cyberattacks, where the number and sophistication of phishing attacks have reached unprecedented levels, especially since the adoption of generative artificial intelligence (GenAI) has led to cybercriminals being able to launch more accurate and effective phishing campaigns. The need to protect your organization from threats has never been greater. The introduction o ..read more