Cybercriminals are making moves…
a War, and a Warning

In times of chaos, cybercriminals thrive.

This was the theme of our post just a few weeks ago. How could we have predicted that, practically overnight, that premise would be tested in such a stark and horrific way on the world stage.

The emotional impact, economic fallout, and social disruption of this violent geo-political earthquake is likely to send shockwaves reverberating around the globe for weeks, months, maybe even years. And it has created the perfect environment for opportunistic cyber criminals to make their move.

Direction from the FBI & CISA

Our experts and protection agencies are fully engaged and standing tall.  The FBI and the Cybersecurity and Infrastructure Security Agency (CISA), recently put out a joint statement warning U.S. businesses of their increased risk for malicious cyber-intrusions as evidenced by reports of destructive ransomware and malware attacks currently targeting Ukrainian enterprises. Nefarious assaults of the same sort, warns the advisory, are likely to spill over into other nations and could inflict significant damages to U.S. enterprise operations and critical systems.

The notice advises organizations to take immediate steps to harden network defenses, including active monitoring and aggressive filtering of suspicious traffic.

Humans are the Weak Link

As we have noted before, the common element behind nearly every successful cyber intrusion is human error. It takes just one contact with a vulnerable individual to unleash a packet of malware or gain access to internal networks.  That said, while IT administrators have been focusing their security efforts on protecting data networks like email and text, they are overlooking criminal intrusions through the relatively unprotected pathway of the voice network, or phone system. 

The ubiquitous, unassuming, ever-present telephone has become a primary tool used by cyber criminals.  The issue is not the hardware or phone infrastructure.  Rather, it’s the actual phone call.  The great majority of businesses have nothing in place to filter or remove calls from cybercriminals and bad actors…even though it is possible to identify those callers!

More than Nuisance, they are Nefarious

We all know that robocalls, call spoofers and spam calls are a growing nuisance. But that bad traffic is also providing cover for vishers (voice phishers) looking to extract credentials and key information from an unsuspecting employee utilizing advanced techniques, including social engineering which they can then use to infiltrate internal systems. It is also the new channel of choice for malicious saboteurs’ intent on inflicting damage through computer-generated spam storms, TDoS events, or other network-degrading activities.

Having honed their skills in psychological manipulation during the pandemic years, cybercriminals are now quite adept at exploiting periods of political, social and economic upheaval to identify vulnerable individuals through the power of the voice connect. And they will relentlessly probe until they find that weak link.

The Swiss Cheese Defense

Which brings to mind the Swiss cheese defense. As a common metaphor made popular during the covid pandemic, it suggests that no single type of protective action is adequate against a formidable, albeit formless, intruder. But when several layers are stacked together, you minimize and, eventually, eliminate any openings. Today, that analogy holds equally true whether talking about a deadly virus or a cyber threat.

Multiple Layers of Defense

Mutare was the first company to launch a truly effective voice traffic filter for the enterprise. Mutare’s solution, Voice Traffic Filter, is unique in the marketplace because it eliminates bad or unwanted calls before they enter the client’s network.

Built primarily on a massive dynamic database of known bad actors, vishers and robocall numbers, the filter provides immediate relief from nuisance calls ringing through and disrupting employees.

As bad actors evolve their techniques of attack, additional layers of protection have been added. These heightened powers provide best-in-class protection against spoof calls and spoof storms, have a seamless integration for STIR/SHAKEN attestation, and enable Custom Rules controls that enable each client to identify and flag specific suspicious numbers or number types to drop or divert (think numbers that start with the +7 country code…). The filtering system itself is backed by another unique layer of protection, Voice CAPTCHA.  This feature offers an additional layer of vetting for calls flagged as suspicious but not yet proven to be unwanted.

So, while no one layer can provide complete protection, together they create a near-impenetrable barrier.  Mutare’s Swiss Cheese Defense is comprised of five slices of cheese:  Proprietary Dynamic Database, Spoof Radar, STIR/SHAKEN, Custom Rules and Voice CAPTCHA.

Minimize Contact, Minimize Risk

No doubt the current, horrific crisis of violent conflict on the ground will give rise to new and ever-more nefarious forms of cyber-warfare, and the voice network will remain a favored target. In past posts we have talked about the FAIR model methodology for measuring and managing information risk. All of the measurable factors, including Contact Frequency, Threat Capability, Threat Event Frequency and Vulnerability of the organization, have now taken on significant new meaning and higher values as a result of current hostilities. It’s gratifying to see organizations around the globe uniting in their support for a country under attack. At the same time, they can also bolster what FAIR refers to as their Resistance Strength against negative fallout by minimizing the volume of bad voice traffic traversing the enterprise voice network in pursuit of human contact.