I. Simple ‘Vishing’ attack breaks 2FA
Attackers spoofed phone numbers / VoIP numbers to make authentic looking calls to employees and cajoled them into logging on to a phishing site.
Then they used these credentials including 2FA OTPs in real time to log in to the corporate network.
CISO Check:
Can your users recognise vishing attacks? Do you simulate these attacks during social engineering tests?
II. Big Tech goes down
Gmail for business was down last week. Again.
AWS and Azure have been down in the last couple of months too.
What happens when the always-on cloud fails?
CISO Check:
What is the impact of cloud service failure to your business?
Do you know how many of your business partners depend on the cloud to provide you services?
Does your BCP need to have a scenario for cloud failure?
III. Quote of the week
Risk comes from not knowing what you are doing - Warren Buffet
Have an original interesting cybersecurity quote? Let us know in the comments and we will publish it along with your name in our quotes section.