Cyber Defense eMagazine February Edition for 2022

More documents

Recommendations

Info

Three Types of Cyber Criminals Functionally, there continue to be three principal types of cyber criminals – and they are consistent with the three types of identity thieves: • Money-motivated criminals, who commit identity theft, privacy infractions, and cyber crimes for the financial payoff • State-sponsored and terrorist attackers, who desire to perpetrate disruptive effects on critical infrastructure systems and other vulnerable databases • Thrill-seekers, who find satisfaction in being able to interfere with the smooth operations and lives of individuals and organizations holding protected information, such as personally identifiable information (PII). High Tech versus High Touch Over the years, the main changes have been in the tools and methods the cyber criminals utilize to perpetrate their exploits. Mirroring these developments, the responses have tended to concentrate on exploit-by-exploit methods, rather than more generalized criminal actions. One interesting constant has been the phenomenon of social engineering, otherwise known as manipulation of the target in order to gain access to sensitive information to which the criminal is not authorized – and then to use that information to perpetrate identity fraud (unlawful use of the personal information accessed by identity theft). Phone Scams to Email and Text Scams For about the same time period as the ICFE has been engaged in the CITRMS® program, the Federal Trade Commission has been responsible for the administration of the “Do Not Call” list. It’s no coincidence that one of the principal means used by identity thieves is the spam call, in which the perpetrator pretends to be a family member or trusted organization seeking to extract sensitive information from the target individual or company. Many of the reported cases of identity theft begin with the call to the phone number of the target, using manipulative scripts to produce urgency and the desire to help in a critical situation – but resulting in the undue sharing of sensitive information. As the internet has augmented, or even replaced, conventional phone conversations, social engineering has leaped from spam calls to spam emails. These provocations typically involve some unrealistic offer or urgent message seemingly from a known party (but actually from the cyber criminal). And, of course, the proliferation of social media platforms and usage expands these types of provocative communication into text messaging (often referred to as “smishing” in the vernacular). Cyber Defense eMagazine – February 2022 Edition 18 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Quite often the perpetrator claims to be calling or emailing from a government agency with urgent need to get information to maintain the target’s benefits or tax status; of course, Social Security and the Internal Revenue Service are the agencies most often cloned by the criminals. Also common is the hyperlink which appears to come from a legitimate source, often a company where the target already has an account, but directed to a bogus website where the target’s username and password are collected by the criminals; this information is then used to hijack the target’s real accounts. Privacy As identity theft threats have developed, an important aspect of the legal and regulatory response has arisen out of privacy concerns and consumer rights. This response started with the adoption of privacy laws by States and has become a focal point for federal action. In addition to setting standards and requirements for holders of protected sensitive information, broader provisions have been created, such as disclosure and notification standards and even private rights of action. Under private rights of action, affected parties whose sensitive information has been compromised due to failure on the part of the holders, can sue for damages directly rather than waiting for government fines or punitive actions. It’s easy to see how any failures in cybersecurity practices resulting in data breaches involving protect personal information can trigger the provisions and penalties of privacy laws and regulations. As a result, privacy initiatives have become a major driver with immediate effect on cyber practices. It’s worth noting that even compliance with privacy laws may not provide a complete shield against liability in the event of a breach. In the view of the ICFE, in identity theft risk management, substantial coverage of privacy issues is a necessity, especially as they affect vulnerable demographics, such as seniors, children, and veterans. ICFE is pleased to report that this emphasis on privacy issues has resulted in the acceptance for CE credit by the leading organization in the field, the International Association of Privacy Professionals. Enter Cyber Attacks and Cybersecurity By the time of the most recent update to the CITRMS® XV course, cybersecurity had developed to the point that the ICFE included a whole section on the topic. We were fortunate enough to count on Gary Miliefsky, Publisher of Cyber Defense Magazine, to provide that content for the course. At this juncture, ICFE is undertaking to launch an update and expansion of the CITRMS® course. This will include an enhanced section on Cybersecurity, developments in the attack vectors, public and private responses, and the implications for consumers, businesses, and organizations with the responsibility of maintaining the confidentiality, integrity, and accessibility of sensitive information. Cyber Defense eMagazine – February 2022 Edition 19 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2: How Criminals Have Migrated Through
Page 3 and 4: Combining True MDR & SOC for Robust
Page 5 and 6: @CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8: Cyber Defense eMagazine - February
Page 17: How Criminals Have Migrated Through
Page 21 and 22: • Identity Access Management (IAM
Page 23 and 24: About The Author Active with the IC
Page 25 and 26: Given the rise in cyber-attacks, th
Page 27 and 28: Why is that? Let’s take COVID-19
Page 29 and 30: soon as possible and base it on str
Page 31 and 32: How Do I Reliably Identify You If I
Page 33 and 34: validation, what can be a very reli
Page 35 and 36: How To Improve Federal Endpoint Det
Page 37 and 38: What should agencies look for in a
Page 39 and 40: Decision Trees in Case of a Ransomw
Page 41 and 42: expertise’s recommended returning
Page 43 and 44: was sentenced to 12 years for payin
Page 45 and 46: Verify But Trust Managing insider t
Page 47 and 48: We now live in a world where the in
Page 49 and 50: 2. Cryptographic Failures - Cryptog
Page 51 and 52: Conclusion Penetration testing is a
Page 53 and 54: 1. Increase enterprise security pro
Page 55 and 56: minimise the impact on business per
Page 57 and 58: Today's Digital Battlefield Demands
Page 59 and 60: UAE can be a cyber security powerho
Page 61 and 62: Why Ransomware is Only a Symptom of
Page 63 and 64: Response vendor that can leverage a
Page 65 and 66: Critical IT infrastructure had to b
Page 67 and 68: Killware is the Next Big Cybersecur
Page 69 and 70:
The most effective way to defend ag
Page 71 and 72:
Combining True MDR & SOC for Robust
Page 73 and 74:
especially those who want to build
Page 75 and 76:
intelligence, data logs, and advanc
Page 77 and 78:
But when it comes to cybercrime, a
Page 79 and 80:
of in 2022. In effect, ransomware h
Page 81 and 82:
Detect Ransomware Data Exfiltration
Page 83 and 84:
Advanced SQL Behavioral Analysis fr
Page 85 and 86:
In contrast, the corresponding reac
Page 87 and 88:
of how PCs, laptops, and other Wind
Page 89 and 90:
Cyber Insurance: What Executives Ne
Page 91 and 92:
Keeping Premiums Low Once Coverage
Page 93 and 94:
Data Security Must Be a Priority as
Page 95 and 96:
sites like Facebook or LinkedIn. Cy
Page 97 and 98:
Why Building Managers Need to Prior
Page 99 and 100:
It should also provide the means fo
Page 101 and 102:
Cyber Defense eMagazine - February
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
CyberDefense.TV now has 200 hotseat
Page 125 and 126:
Books by our Publisher: https://www
Page 127 and 128:
Page 129 and 130:
show all

Cyber Defense eMagazine February Edition for 2022

Create successful ePaper yourself

Delete template?

Save as template?