How to protect your organization in the era of deepfakes
Earlier this month, the groundhog did not see his shadow (and we’re still waiting on that early spring). But maybe Punxsutawney Phil sensed something else blossoming — the global takedown of ransomware gang, Lockbit.
Last week, an international law enforcement operation successfully arrested and indicted members of the infamous ransomware group. They hacked the hackers by taking control of their infrastructure, seizing source code, and obtaining decryption keys to help victims.
For more on the latest from Covus and the threat landscape, keep reading.
![[BANNER] Threat Intel Corner](https://4476289.fs1.hubspotusercontent-na1.net/hub/4476289/hubfs/threat_intel_corner_100height%20(1).webp?upscale=true&upscale=true&width=688&height=119&name=threat_intel_corner_100height%20(1).webp)
We’ve all done our assigned security awareness training and know the telltale signs of a phishing email: urgent asks, misspelled URLs, suspicious attachments.
But what if you joined a conference call where the CFO confirmed the legitimacy of the message, despite all the warning signs?
A recent phishing scam played out just like this, where the victim joined a call full of deepfake versions of their colleagues. The employee — persuaded that the request was real after coming face-to-face with the CFO — transferred about $25.6 million to 5 different (threat actor-controlled) bank accounts.
What happened and how can you protect your org?
💡 Yes, the rise of deepfakes is concerning. But even with new technology, a scammer’s playbook for phishing attacks is still the same. Apply pressure, create urgency, and convince a victim to transfer funds. Tried-and-true security controls are still applicable (and more important than ever!) to defend your organization. Learn more about how out-of-band authentication works to combat scams.
Do you have the right controls in place? Log in to your Risk Dashboard to see tailored recommendations for improving your security posture.
![[BANNER] Risk Advisory Tips](https://4476289.fs1.hubspotusercontent-na1.net/hub/4476289/hubfs/ra_tips_100height%20(1).webp?upscale=true&upscale=true&width=688&height=101&name=ra_tips_100height%20(1).webp)
The actions you take in the first 48 hours of business disruption dictate how quickly you can resume operations. No pressure. ⚠️
Because it’s so important to act fast, we’ve outlined exactly what you need to have in place for an effective business continuity and disaster recovery (BCDR) strategy.
Here are five key steps to get you started on a BCDR strategy:
-
Assess and understand your current risks
- Conduct an analysis of your organization’s current risk landscape.
-
Define clear roles and responsibilities
- Establish a dedicated BCDR team and make sure every individual knows when and where they are needed in the event of a disruption.
-
Develop and document your BCDR strategy
- Outline a strategy to address your organization's risks and document playbooks for potential scenarios.
-
Implement regular training and drills
- Schedule drills to make sure your BCDR team knows how to react.
-
Secure and test your backups
- Establish a process and assign ownership to ensure that data backups are secure and tested regularly.
Of course, this is all easier said than done. For more information on establishing a BCDR strategy at your organization, read the full blog.
![[BANNER] Threat Alerts](https://4476289.fs1.hubspotusercontent-na1.net/hub/4476289/hubfs/threat_alerts_100height%20(2).webp?upscale=true&upscale=true&width=688&height=115&name=threat_alerts_100height%20(2).webp)
The Corvus Scan is a powerful asset that enables us to identify which policyholders may be at greater risk for vulnerabilities. In response, we send tailored, time-sensitive notifications with direct guidance for remediation.
We’ve gathered a monthly round-up of our alerts and threat intel updates below:
ScreenConnect Vulnerabilities | February 2024
ConnectWise issued a security advisory for critical security vulnerabilities (CVE-2024-1708 & CVE-2024-1709) in ConnectWise ScreenConnect, an application commonly used for remote desktop management. The security vulnerabilities are trivial to exploit and could allow a remote attacker to take control of the system. The vulnerabilities are already being heavily exploited by ransomware gangs. We recommend affected organizations upgrade to a patched version, at least 23.9.8, immediately. See our article for more information.
Fortinet Vulnerability | February 2024
A critical security flaw (CVE-2024-21762) has been discovered in Fortigate SSL VPNs and is likely being exploited in the wild. The vulnerability allows for an unauthenticated attacker to execute arbitrary code or commands. Security patches have been released and should be applied as soon as possible. See our article for more information.
JetBrains TeamCity Vulnerability Advisory | February 2024
JetBrains issued a fix for a critical security flaw (CVE-2024-23917) in their TeamCity continuous integration and continuous deployment (CI/CD) product. The vulnerability allows an unauthenticated attacker to take over vulnerable instances with admin privileges. Security patches have been released and are recommended to be applied as soon as possible.
Change Healthcare (CHC) Incident | February 2024
On February 21, 2024, CHC, a healthcare technology and business management vendor for many healthcare systems and providers, announced that it experienced a data security incident. Hundreds of healthcare providers throughout the country utilize CHC for eligibility clearance and revenue cycle management, and this incident has disrupted the availability of some of its services, which may have financial implications for organizations. If your organization is impacted by the incident, please consider submitting a claim via the email provided on your policy to discuss this in more detail with a Corvus claims manager.