Three New Cyber Threats - July Edition
1. Double Cyber Extortion Threats
Cybercriminals use malware to both take control of systems and as well to threaten to publish client info
A recently completed study has found that cybercriminals have expanded their attacks on institutions with client data. Previously they had used malware to take control of a company’s systems, blocking the organization from functioning until they were paid ransom. However, over the last twelve months, double threats have become common. The cybercriminals not only block companies from functioning. They also threaten to publish stolen client data should the company find a way around their malware and not pay ransom.
For wealth managers, the risk of having stolen client data published is exceptionally problematic. The organization and its management may be sued by the affected clients. It is also at risk of an enforcement action under Regulation S-ID as well as under the SEC’s new cyber regulations likely to be approved in October or November.
2. New Bluetooth device can steal passwords from devices
Compromising firm online accounts with stolen passwords
A new, inexpensive device will connect with devices such as iPhones, iPads and Android phones and capture their passwords. The device costs only $70 to build and can connect with any Bluetooth enabled device within 50 feet.
A cybercriminal trying to breach a wealth manager can use the device to steal their passwords and access company systems. Employees need to be educated on the importance of going into their device settings and turn off Bluetooth whenever they are not using it.
3. NSO Group’s Pegasus spyware & Apple lockdown mode
Preventing cameras and microphones from being turned on without their user’s permission
There have been multiple reports on new spyware that allows outsiders to turn on device cameras and microphones without their user’s knowledge or permission. It has been used to spy on journalists and activists by police and intelligence organizations. However, it could also be used to steal confidential client information from wealth management firms.
Apple has become so concerned about this new type of spyware that it has created a new lockdown mode as an optional setting as part of its new operating software. Although it blocks this type of malware, the device becomes much more cumbersome to use including blocking message attachments, some Web browsing, and the functioning of Facetime.