Issue: Cloudflare has, once again, fell victim to a cybersecurity concern. While not as severe as previously, Cloudflare announced that they lost a significant portion of their logs for half of a day in mid-November. They claim this is the result of a coding error and not an attack. Either way, logs are critical for system monitoring and vulnerability or malware detection.
While that is possible, this is now two security-related hits the security giant has taken in the last 6 months.
Resolution: With this increase in security-related concerns, it is recommended that any firms or individuals using Cloudflare technology take precautionary steps and pursue alternative solutions.
As part of this warning, it is also advised to include this question in your regular vendor review; a Cloudflare vulnerability with one of your vendors leads to a vulnerability within your firm. There is a likely chance one of your vendors uses Cloudflare.
Risk 2: High
Issue: Details have finally been released regarding the recent attack on T-Mobile and its infrastructure. While the attack did release limited customer data, it has now been revealed that the purpose of the attack was to target internal routing and navigation within the T-Mobile infrastructure.
What does this mean? It means that the malicious actors, based out of China, were creating a map of the T-Mobile network to better exploit it in the future. This is called network reconnaissance - and typically foretells a future attack.
Resolution: While T-Mobile is reacting and proactively trying to monitor and patch its system, the fact still remains that the blueprints of their network have now been compromised.
T-Mobile users should be extra cautious about what information is shared with the telecom company and ensure they have backup communication plans in the even of a future outage.
Risk 3: High
Issue: Microsoft 365 is, once again, under attack and the target this time is specifically their Multi-Factor Authentication Service. The new phishing attack is known as Rockstar 2FA. This is a new attack style specific to MFA access and are increasing rapidly in numbers.
Resolution: Ideally, users should now be setting up more than two factors of authentication on all systems that permit it. While many finance and accounting applications still only support two factors, using multiple factors where possible is critical.
Removing easier-to-breach factors such as text/sms or e-mail should be standard now. Migrate all text/sms/e-mail factors to other factors that are more secure.
Continue to be ever diligent with e-mails and authentication methods.
Financial Guardians is a proud member of InCite, the recently launched online community exclusively for tax professionals, bookkeepers, and accountants. InCite members receive a 30% discount.
