January 2024 - Latest Cyber Security News
Each month we post a round-up of cyber security news that we find insightful and contribute to a more full understanding of the world of cyber security.
Enhancing Customer Security: FCC's New Regulations Combatting SIM-Swapping and Port-Out Fraud
The Federal Communications Commission (FCC) has introduced new rules to safeguard customers against SIM-swapping attacks and port-out fraud. These rules require wireless providers to verify customer identity securely before transferring phone numbers to new devices or carriers. Additionally, customers must be promptly notified of any SIM changes or port-out requests on their accounts. This move addresses the increasing threat of SIM swapping, which allows attackers to intercept text message-based two-factor authentication codes, compromising online accounts and corporate networks. Source
Microsoft Cautions Against Storm-0539 Threat Group's Holiday Season Gift Card Fraud Tactics
Microsoft has issued a warning about Storm-0539, a threat group engaging in gift card fraud and theft during the holiday season. This group conducts sophisticated email and SMS phishing attacks to spread malicious links, leading victims to phishing pages that steal credentials and session tokens. Storm-0539 can bypass multi-factor authentication, persist in environments with compromised identities, and escalate privileges to access sensitive information. They focus on retail organizations that have gift card-related services and collect data for further attacks. Microsoft has been monitoring this financially motivated group since at least 2021. Source
Dismantling Human Trafficker Networks Exploiting Victims in Cyber Scam Operations
Interpol's Operation Turquesa V targeted human traffickers who forced individuals into online scam operations. This international law enforcement effort led to the arrest of hundreds of people smugglers and the rescue of 163 potential victims. Many victims were lured with promises of good jobs in cryptocurrency, only to be coerced into cyber scam centers. The operation also resulted in the freezing of $286,000 in criminal proceeds. It included over 850,000 checks at major transit points, uncovering a significant increase in migration patterns from China. Source
CISA and ENISA Forge Alliance for Enhanced Information Sharing
The US Cybersecurity and Infrastructure Security Agency (CISA) and the European Union Agency for Cybersecurity (ENISA) have signed an intel-sharing agreement to enhance cross-border information sharing and cooperation in cyber security. This agreement consolidates previous collaborations and introduces new cooperative measures, including sharing best practices for incident reporting and threat intelligence. Additionally, it fosters a systematic process for sharing threat intelligence and aims to improve detection and response to global cyber threats. Source
