Week of July 26th, 2024

Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.

Here are this week’s top takeaways:

Biggest Global IT Outage in History–Ramifications and Reminders

Crucial systems across the world collapsed last Friday, triggered by one mistake in a single company. The CrowdStrike outage hit banks, airlines, and healthcare systems. 

This incident, described as the “largest IT outage in history”, serves as a reminder of the delicate balance of today's digital infrastructure– and of the potential for far-reaching consequences when an IT provider goes offline.

This week, CrowdStrike attempted to give out $10 UberEats voucher to affected clients. The cybersecurity company–whose software update affected 8.5 million computers worldwide –said in an email to its partners that it recognized the incident had caused extra work.

"To express our gratitude, your next cup of coffee or late night snack is on us!" CrowdStrike wrote, directing people to use a code to access the $10 credit.

CrowdStrike confirmed to the BBC that it sent the vouchers to "teammates and partners" who had helped customers deal with the impact of the outage. However, it was rescinded shortly thereafter. "Uber flagged it as fraud because of high usage rates," CrowdStrike clarified in a follow-up statement. It comes amid growing questions over what financial compensation CrowdStrike customers and people impacted by the outage will be able to claim.

Outside of reminders regarding the long-term reputational impacts of an IT supplier outage, operationally this situation has highlighted the strategic risks of relying on a single source of technology. This global outage showed how important it is to have diverse technological alliances to enhance national security and economic stability while simultaneously raising concerns about the potential for hostile states, ransomware groups, and individual threat actors to exploit such vulnerabilities.

As services begin to stabilize, this outage serves as a stark example for IT professionals, business leaders, and policymakers alike. The pressing need to reassess existing cybersecurity strategies and IT management practices is clear: bolstering system resilience to withstand large-scale disruptions needs to be a priority in 2024 and beyond.

New Study Reveals 67% of CISOs are Unprepared for Today's Cybersecurity Regulations

With new and updated regulations sweeping cybersecurity– including, but not limited to, the SEC's cybersecurity disclosure rules in the USA and the Digital Operational Resilience Act (DORA) in the EU–a significant challenge is emerging for many organizations: keeping abreast of cybersecurity regulation changes.

This is reflected in 67% of polled CISOs feeling unprepared for these new compliance regulations, while 52% admit to lacking “sufficient knowledge on how to report cyberattacks to the government.”

Despite their title, the majority of CISOs do not hold a position in the C-suite; subsequently, although they face enormous responsibility when it comes to cybersecurity standards for organizations, they often have fewer safeguards than the typical C-level leader. More specifically, CISOs are not always guaranteed protection under directors’ and officers’ (D&O) cyber-related liability insurance.

This lack of safeguards is top of mind for many security leaders, according to the recent 2024 Voice of the CISO report. For the second year in a row, the survey found that personal liability is an enormous concern for CISOs, who are grappling with more responsibilities and higher expectations.

What is Triangulation Fraud? How to Safeguard Online Sales in 2024 and Beyond

Fraud in the online retail industry is a persistent and evolving threat, impacting both buyers and sellers in various ways.

However, there is a particular type of fraud that appears deceptively harmless at first glance. The fraud we're talking about is known as "triangulation fraud".

Online retailers can benefit through an increase in sales due to these fraudulent transactions and are not directly involved in the scam, however, they should be deeply concerned about triangulation fraud taking place on their platform. The long-term implications of such fraud can tarnish a retailer's reputation, leading to a loss of trust and credibility among consumers. Understanding and addressing triangulation fraud is essential for maintaining the integrity and reliability of online retail businesses.

If you own or manage an online marketplace, here are some measures you can implement to help protect your business from triangulation fraud. These measures may be employed by online platforms being used as the bait platform (or being used to forward goods to the unsuspecting buyer:)

• Require Robust Identity Verification: Implement stringent verification processes for sellers. By requiring government-issued ID before a seller can begin completing transactions, online platforms can gain a higher degree of assurance regarding the legitimacy of seller's authenticity
• Leverage Fraud Detection Solutions That Leverage Telemetry: Some fraud detection solutions leverage telemetry to identify scammer activity across multiple platforms by sharing data between them. Telemetry can include user behavior data (such as login patterns, transaction history, and browsing patterns), device information (like device type, device ID, and geolocation), network data (including IP address, network speed, and traffic patterns), transaction data (such as amount, frequency, and payment methods), historical data (including past fraud incidents and account changes), behavioral biometrics (like typing speed and mouse movements), contextual data (such as time of day and environmental factors), and communication patterns (including email and SMS usage and social media activity)
• Real-Time Transaction Monitoring: Monitor transactions in real time to detect unusual purchasing patterns or behaviors indicative of fraud. Additionally, prevent sellers from using technologies that help mask their identity, blocking known TOR network exit nodes, or blacklisting seller IP addresses by geolocation to ensure the legitimacy of transactions
• Account Takeover Prevention: Implement measures to prevent account takeovers, such as monitoring for unusual login attempts, employing Zero Trust authentication mechanisms for sensitive functions in the application, and requiring the use of multi-factor authentication (MFA) and providing mechanisms for quick account recovery
• Listen to Customer Feedback: Actively monitor and respond to customer feedback and reports of suspicious activity to quickly identify and address potential fraud cases

Do you feel prepared in the fight against triangulation fraud? Why or why not?