Safe Systems, a national provider of fully-compliant IT and security services for community banks and credit unions, has been closely monitoring the recent uptick in reports of companies experiencing breaches or ransomware attacks. Over the last two weeks, Safe Systems has been made aware of a very sophisticated phishing scam that successfully breached multiple companies and then used those victims to breach others.
This breach appears to be targeting banks and credit unions with the primary goal to falsely convince the institution to approve wire transactions. In several cases, the attempts have come very close to being successful.
CIO INFLUENCE: Apprentice Now Joins Amazon Web Services Training Partner Program to Deliver AWS Cloud Skills Training
The capability for the phishing campaign to exploit weaknesses in multifactor authentication (MFA) and effectively bypass it makes the breach particularly dangerous for organizations without Azure AD Conditional Access Policies to reinforce their security in Azure.
To mitigate the risk of attack, Safe Systems is advising all financial institutions to take both reactionary and preventative measures.
CIO INFLUENCE: PlainID Launches The PlainID Technology Network to Enable Identity Aware Security for Advanced Access Control
Actions include:
- Ensure employees are aware of the ongoing phishing campaign
- Confirm employee training on cyber security and phishing is in place and effective
- Continue phishing simulations and regular end user training to bolster employee awareness
- Implement multifactor authentication (MFA) if not already in place
- If using Microsoft Exchange Online for email, confirm individual management of account settings and Azure account security
- Implement Conditional Access Policies to add multiple layers of access controls to institution’s Azure environment
“Safe Systems is focused on the safety and security of our customers as well as the entire financial community,” said Darren Bridges, president at Safe Systems. “While it is very difficult to eliminate all cyber threats, it is our mission to continue providing top-tier services to combat the most complex attacks.”
CIO INFLUENCE: Ascend.io Launches Solution in Partnership with Snowflake, Enabling Cost Savings for Data Teams
[To share your insights with us, please write to sghosh@martechseries.com]
