Ben Brigida, Director of SOC operations at Expel comments on the growing risk of API vulnerabilities for businesses, and how to mitigate vulnerabilities
January 2023 by Ben Brigida, Director of SOC operations at Expel
The comment by Ben Brigida, Director of SOC operations at Expel on how the T-Mobile breach exposure of customer
information could result in increased phishing attacks against affected
customers and the growing risk of API vulnerabilities for businesses,
and how to mitigate vulnerabilities.
“T-Mobile’s data breach incident highlights the threat faced by customers when the companies they use have their sensitive data leaked to the public. When customer data is stolen in a breach, it should be noted that the costs and consequences for those individuals who find themselves in the midst of a personal data leak can be significantly long-lasting. Data leaks that include sensitive information such as customer’s username and email can enable threat actors to craft highly sophisticated and convincing phishing attacks. The inclusion of emails and phone numbers in a data breach makes it likely that customers will be the target of email and possibly SMS based fraud campaigns. According to our research, 52% of the incidents that Expel customers experienced in Q3 2022 were BEC attacks in Microsoft 365 (formerly Office 365). The study also found that the threat does not seem to be slowing down any time soon, and attackers are even improving their ability to evade added protections like multifactor authentication (MFA). Being a sophisticated, email-based scam targeting organisations and individuals just about everywhere, a successful BEC attack can essentially allow cyber criminals to perpetrate other types of attacks, including phishing. If the victim can be tricked into handing over their credentials, the attacker can effectively enter “through the front door.” Once an attacker has valid credentials and is inside the network, they will likely be able to access essential controls and sensitive information - which is why it’s important for organisations to take pre-emptive measures. So what can be done to reduce the effects of these attacks in the future? From a business perspective, companies should make sure that their phishing training keeps up with current threats to prepare their employees for more sophisticated phishing attacks. Regular training that deploys a level of sophistication is critical to ensure employees are ready for more targeted attacks, particularly those that are tailored to their business unit. For example, finance teams may come across invoice-themed schemes, while recruiters may see résumé-themed phishing lures. Additionally, multi-factor authentication (MFA), ideally with phish-resistant FIDO security keys, will significantly reduce the risks associated with credential theft through phishing. Organisations can also consider deploying a secure email gateway to monitor incoming and outgoing emails for signs of an attack.”