SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) ISC StormCast for Friday, December 6th, 2024
8 snips
Dec 6, 2024 Explore the intricate web of business email compromise, highlighting prevention strategies and the urgency of proactive management. Dive into alarming vulnerabilities in Mitel's MyCollab platform, featuring authentication bypass risks and the need for quick patches. The conversation also celebrates Alan Paller's induction into the Cybersecurity Hall of Fame, underscoring his impact on the field. Plus, discover insights on the Lorex 2K Indoor Wi-Fi Security Camera and HPE Aruba vulnerabilities, keeping you updated on the latest in cybersecurity developments.
AI Snips
Chapters
Transcript
Episode notes
Preventing BEC Attacks
- Blocking inbox rules could prevent this type of attack.
- However, this might be too restrictive for users.
Detecting BEC Attacks
- Detecting the entire attack behavior is more effective than relying on single alerts.
- The attacker's creation of a new inbox rule, rather than forwarding emails, led to the attack's detection.
BEC Attack Timeline
- A business email compromise attack unfolded over three days, starting on May 20th.
- The attacker successfully triggered a payment by creating a new inbox rule, a common tactic that can bypass security measures.