i
Tech Tip: Trust but verify
Matthew Cosgrove GreenStone VP of Information Security
The previous few months have been busy for cybersecurity professionals. We have seen two large scale alleged nationalstate cyber-attacks that have impacted tens of thousands of organizations throughout the globe across every industry. 2020 ended with a supply-chain attack against SolarWinds, that impacted over 18,000 organizations that used their network monitoring software. This attacked allowed the cyber-criminals the ability to spy on state and federal computer networks. Then in March, Microsoft was impacted by 4 zero-day vulnerabilities that have left over 30,000 on-premises Exchange servers compromised. An Exchange server is used by organizations for email communication, among other things. A single Exchange server can host hundreds of individual email accounts. This means that the number of individual email accounts compromised will be unknown for months if not years to come. Fortunately, GreenStone was not impacted by either of these recent cyber-attacks. We followed the prescribed guidance from CyberSecurity & Infrastructure Security Agency (CISA), Department of Homeland Security (DHS) and the vendors. The sheer number of newly compromised email accounts mean consumers everywhere could begin to see a tsunami of phishing emails from legitimate email accounts. These phishing emails could contain very specific or sensitive information that normally only the sender would know. This might include loan information or other sensitive conversation information. According to a report released by NTT Communications “59% of phishing attacks in the Americas relate to finance” (NTTSecurity, 2018). The reason the cybercriminals keep doing this is because of the endless potential for financial gain.
49
Spring 2021 — Partners
