Cyber Defense eMagazine September Edition for 2022 #CDM

More documents

Recommendations

Info

eplacing the need for traditional enterprise telephone systems, including private branch exchange across the globe. Cloud telephony services further frees organizations from the burden of purchasing and storing standalone hardware such as handsets and private branch exchange boxes. It also sets the stage for equipping complementary unified communications as a service (UCaaS) features such as artificial intelligence (AI)- enabled customer support, keyword and voice analysis, interactive voice response (IVR), and call center capabilities. Organizations nowadays are utilizing cloud telephony services to better connect their teams and make their employees more satisfied, engaged, and focused in their roles. The term ‘cloud telephony’ signifies a multi-tenant access model, with subscribers paying to utilize a provider’s pool of shared and commoditized resources. As per Fact.MR, a leading market research firm, the global cloud telephony services industry is projected to reach a valuation of US$ 51.5 Billion by the end of 2032 and exhibit growth at a CAGR of 9.5% from 2022 to 2032. Surging need to reduce phone bills and the overall teleconferencing cost in an organization is expected to bode well for the industry. All cloud telephony platforms utilize voice over internet protocol (VoIP) technology. However, cloud telephony poses a security risk to an organization’s confidential data owing to the possibility of VoIP hacking. It mainly occurs because of the requirement of an internet connection for using the cloud calling feature. Which Are Some of the Common Techniques of VoIP Hacking? VoIP systems can face unique security risks due to their different setup and high dependence on the internet, as compared to the conventional telephone system. Below are some of the common types of VoIP hacking that a user should be aware of: • Social Engineering: It leverages human interaction instead of VoIP system technicalities. Poor execution of social engineering campaigns is one of the major factors that promotes this type of hacking. Various organizations, especially in emerging economies often fail to provide their employees with education regarding the risk of fraudulent phone calls made by hackers by disguising their caller IDs. Hackers often use tricky means to generate confidential information about a specific target and can utilize it later for malicious acts. • Toll Fraud: As international calls are expensive to make, potential attackers place those calls and the bills are charged to the company’s account. In toll fraud, attackers mainly target system users and admins with phishing scams to gain unauthorized access to an organization’s VoIP system. They usually leave a voicemail to a department in an organization questioning them about information like bank details. If the employee passes the verification codes, attackers can easily get access. • Unauthorized Use: It involves using an organization’s phone network to call other companies or individuals pretending to be someone else. Attackers mainly use robocalling and auto-dialing Cyber Defense eMagazine – September 2022 Edition 56 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
software with an organization’s cloud telephony system. Those who answer to the phone ID would receive a pre-recorded message, thereby compelling them to do specific things. • Spoofing: The majority of people use their caller IDs, however, it might not be the ideal way to know from where a particular call is coming from. Sometimes, an attacker can call an organization by using a fake caller ID and take advantage of the trust that an employee places on a familiar phone number. Attackers can then use the fake ID with another hacking technique like social engineering. • Eavesdropping: Adoption of insecure networks, which is characterized by the lack of Transport Layer Security (TLS) and Real-time Transport Protocol (SRTP), could enable hackers to keep their eyes on an organization’s network. It would help them to gather crucial information about the organization, its clients, and other aspects. By gaining the information, they can sell the organization’s intellectual properties to rivals, access its customers’ data for selling, and blackmail the organization with sensitive data. Renowned and start-up companies operating in the global cloud telephony space are striving to develop cutting-edge technological tools and services to help protect organizations against the aforementioned hacking techniques. Besides, some of the leading organizations are placing their own security teams to perform cybersecurity services, including the protection of cloud calling features. Checkmarx Launches Checkmarx API Security for Protecting APIs In August 2022, Checkmarx, a pioneer in the field of software security based in Israel, launched a new API security solution named Checkmarx API Security. It correlates and prioritizes vulnerable data from various AppSec engines. Every cloud-hosted, modern web, or connected mobile application exposes and uses APIs. These are used to call application functionality and to gain access to data. It further creates a large attack surface, thereby leading to a rising number of publicized API breaches and attacks. The new solution addresses numerous issues related to security in the software development lifecycle, including cloud calling. It helps in discovering zombie and shadow APIs, eliminates the requirement of additional API-specific tools, and finds out APIs in source code to fix and identify problems. FCC Chairwoman Jessica Rosenworcel Proposes Restrictions on Ringless Voicemails Jessica Rosenworcel, chairwoman of the Federal Communications Commission (FCC), proposed restrictions on ringless voicemails in February 2022. The new norm would require callers to gain a consumer’s consent before providing a ringless voicemail, which is referred to as a message left in the mailbox without ringing their phones. As per Rosenworcel, ringless voicemail can lead to frauds like robocalls, as well as be invasive. Thus, it needs to be put under stringent consumer protection norms. The proposal came in after phones in the U.S. received more than 50 billion robocalls back in 2021. The number was significantly higher than that of 2020, in which only 4 billion robocalls were received by consumers. Cyber Defense eMagazine – September 2022 Edition 57 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Critically Important Organization?
Page 3 and 4:
How Can Businesses Build Customer C
Page 5 and 6: @MILIEFSKY From the Publisher… We
Page 7 and 8: Welcome to CDM’s September 2022 I
Page 9 and 10: Cyber Defense eMagazine - September
Page 23 and 24: Critically Important Organization?
Page 25 and 26: • Factors and metrics to consider
Page 27 and 28: Zero Trust Momentum Seventy-six per
Page 29 and 30: Information Warfare and What Infose
Page 31 and 32: Influence: Surface and measure the
Page 33 and 34: ecording a 10% hike from 2020 findi
Page 35 and 36: 5G Technology - Ensuring Cybersecur
Page 37 and 38: on a great scale, the newness of th
Page 39 and 40: Are Cyber Scams More Common and How
Page 41 and 42: Antivirus Software Keeping your com
Page 43 and 44: Avoiding the Risks of Ransomware St
Page 45 and 46: • How are you protecting home fie
Page 47 and 48: Black Hat Trip 2022 - Perception Po
Page 49 and 50: compared to legacy sandboxing solut
Page 51 and 52: Building A Layered Plan for Battlin
Page 53 and 54: The Challenge of Hyperconnected Fra
Page 55: Can Cloud Telephony Services with M
Page 59 and 60: Crack The Code Cybersecurity Workfo
Page 61 and 62: Photo Cred: Photo Cred: UofL Cybers
Page 63 and 64: More information on the Cybersecuri
Page 65 and 66: Virtual training addresses the high
Page 67 and 68: How Can Businesses Build Customer C
Page 69 and 70: associated access entitlements. A z
Page 71 and 72: have been able to quickly get servi
Page 73 and 74: How To Guard Critical Infrastructur
Page 75 and 76: 2. Control endpoint privileges. No
Page 77 and 78: especially when maxed out on events
Page 79 and 80: It Isn't Your Daddy's Oldsmobile An
Page 81 and 82: Full and Systematic Vehicle Cyberse
Page 83 and 84: Long-Term Impacts A Data Breach Can
Page 85 and 86: Encrypt data and update software re
Page 87 and 88: Perception Point has been built as
Page 89 and 90: company developed a 24/7 managed In
Page 91 and 92: Government agencies varied broadly
Page 93 and 94: About the Author Marc Kriz is a Str
Page 95 and 96: Looking at the two studies over a f
Page 97 and 98: Patch Zero Days In 15 Minutes Or Be
Page 99 and 100: Advanced SQL Behavioral Analysis fr
Page 101 and 102: New normal, new problems The “new
Page 103 and 104: About the Author Ivar Wiersma is th
Page 105 and 106: world attacks on open-source softwa
Page 107 and 108:
Protecting The Enterprise in The Di
Page 109 and 110:
About the Author Anurag Lal is the
Page 111 and 112:
Market potential GitHub claims to h
Page 113 and 114:
The Implications of Zero Trust for
Page 115 and 116:
Integrating Zero Trust at the Data
Page 117 and 118:
Threat Modeling: Bridging the Gap B
Page 119 and 120:
What’s next for threat modeling?
Page 121 and 122:
2. Adopt trust security Consider ho
Page 123 and 124:
7. Secure your dependencies As you
Page 125 and 126:
Top Trends in Cyber Security Post-P
Page 127 and 128:
improve cybersecurity. As the conne
Page 129 and 130:
The migration of electronic healthc
Page 131 and 132:
About the Author Coley Chavez is th
Page 133 and 134:
A tool to make money Cybercriminals
Page 135 and 136:
Using Identity for Access Is a Huge
Page 137 and 138:
Never make your own keys - physical
Page 139 and 140:
What We Have Learnt Building a Glob
Page 141 and 142:
Businesses transact with, rely upon
Page 143 and 144:
Why CSOs Are Decluttering Their Cyb
Page 145 and 146:
The Middle Ground To effectively co
Page 147 and 148:
• Surge in utilization of cloud s
Page 149 and 150:
trustworthiness and accountability.
Page 151 and 152:
Why Throwing Money at Cybersecurity
Page 153 and 154:
2. Automated Analytics The human pr
Page 155 and 156:
SSL VPNs are available as stand-alo
Page 157 and 158:
About the Author Timothy Liu is Co-
Page 159 and 160:
Preparing Having never been to mult
Page 161 and 162:
Overall, this was a great conferenc
Page 163 and 164:
One of the unique things about DefC
Page 165 and 166:
Of where I was able to spend time a
Page 167 and 168:
In the end, DefCon was by far one o
Page 169 and 170:
they have. I was happy to share my
Page 171 and 172:
Cyber Defense eMagazine - September
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
CyberDefense.TV now has 200 hotseat
Page 191 and 192:
Books by our Publisher: https://www
Page 193 and 194:
Page 195:
show all

Cyber Defense eMagazine September Edition for 2022 #CDM

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?