DEFENSESTORM

Cyber Security RESOURCES

Thought leadership and customer testimonials are some of the many ways we build a community of trust. These cyber security resources highlight our recent research and success stories.

Cyber security risk management solutions from DefenseStorm.
“I Handed Over $50,000 in a Shoe Box”

Fraud Squad

“I Handed Over $50,000 in a Shoe Box”

With cybercriminals always devising new methods to target consumers, cybersecurity experts emphasize the importance of security awareness in preventing fraud. However, despite being an acclaimed financial-advice columnist, Charlotte Cowles [Brooklyn, NY] fell victim to a manipulative scam that cost her $50,000.

Live Oak Bank and DefenseStorm Testimonial

Webinars & Videos

Live Oak Bank and DefenseStorm Testimonial

Learn about how Rich Friedberg, CISO, at Live Oak Bank works with DefenseStorm to face challenges in managing cyber risk & steps he is taking to protect his customers against threats.

Cybersecurity Risk 2024: Keeping Pace with Evolving Standards

Insights

Cybersecurity Risk 2024: Keeping Pace with Evolving Standards

A proposed rule from the Federal Deposit Insurance Corporation (FDIC) will establish new regulatory standards and increase the focus of cybersecurity risk management and governance while bringing an expectation of faster response times and real-time remediation of deficiencies.

Everything You Need to Know About the Alleged AT&T Data Leak

Threat Alerts

Everything You Need to Know About the Alleged AT&T Data Leak

Reports of a massive AT&T data leak have surfaced, with around seventy million customers potentially affected. The data is reportedly for sale on a leak forum or website.

New Account Takeover Fraud Prevention Functionality – Community Watchlists

Insights

New Account Takeover Fraud Prevention Functionality – Community Watchlists

DefenseStorm has updated its Account Takeover Fraud Prevention further enhancing its capabilities as a powerful cyber risk management solution.  Organizations can now join the Community Watchlists within Account Takeover Fraud Prevention, where they not only receive alerts of new threats, but can add a threat to the watchlist directly from the Alert view.

Hi, It’s Your Financial Institution…or is it?

Fraud Squad

Hi, It’s Your Financial Institution…or is it?

New and innovative applications are touted as a fun way to make prank calls, but they aren’t just being used by teenagers to pull a fast one on a friend. Fraudsters are using these apps to mimic legitimate business numbers and send text messages or calls that appear to be from the victim’s trusted financial institution (FI) in a scam called bank spoofing. Scammers on the other end of the call attempt to acquire sensitive information such as bank account numbers, passwords, personal identification numbers (PINs), and authentication codes that allow money transfers or access to the account.

New Guidance for Managing Cybersecurity Risks with NIST CSF 2.0

Insights

New Guidance for Managing Cybersecurity Risks with NIST CSF 2.0

NIST’s Cybersecurity Framework (CSF) is designed to help institutions of all sizes and sophistication levels manage and reduce their unique cybersecurity risks. With the release of CSF 2.0, the guidance provided by NIST has expanded the practice and controls that institutions can use to best understand, assess, prioritize, and communicate its cybersecurity efforts.

Romance Scam to Money Mule

Fraud Squad

Romance Scam to Money Mule

Romance scams continue to gain prevalence as scammers use online dating platforms and social media to prey on vulnerable individuals looking for love.  Continue reading to learn how a man nearly fell victim to a romance scam where the perpetrator intended to use him as a money mule, but the scam was stopped before any transactions occurred, thanks to a concerned bank employee.

AnyDesk Threat Alert

Threat Alerts

AnyDesk Threat Alert

DefenseStorm is aware of an incident involving  AnyDesk and the compromise of some of their production systems.  The incident was reported by AnyDesk on 2/2/2024.  We have not been able to locate any usable technical details or IOCs at this time.  AnyDesk is a widely used remote desktop software that allows users to access and control computers from anywhere in the world.

Love, Lies and Deception: A Romance Scam

Fraud Squad

Love, Lies and Deception: A Romance Scam

With the rise of online dating and social media, millions of people flock to digital platforms to find love. But from behind the protection of a computer screen, scammers exploit the most vulnerable people seeking romance and relationships, ultimately leaving the unsuspecting victim with a broken heart and an empty bank account.

Cyber Scams and the Election: What You Need to Know

Insights

Cyber Scams and the Election: What You Need to Know

Cyber scams and election season just go together, and as election season begins to ramp up, so will cyber scams and the variety of tactics that bad actors will deploy in the attempt to obtain your personal information.

The Rise of Banking Trojans in Rogue Mobile Apps

Insights

The Rise of Banking Trojans in Rogue Mobile Apps

Banking trojans continue to evolve and succeed due to their ability to persist, bypass security, and evade detection on mobile devices. As investment from fast-moving threat actors continues to increase, traditional security practices are unable to keep up.

Pasadena Federal Credit Union Testimonial

Case Studies

Pasadena Federal Credit Union Testimonial

Pasadena Federal Credit Union was consistently disappointed in their previous IT vendors, so they began the daunting task of shopping around for a cyber risk management solution. The wanted a relationship- a partner, and DefenseStorm was the obvious choice for them. Within a few months of signing, a simple phone call from DefenseStorm proved a real return on investment in their new partnership.

Cyber Security Software: GRID Active Governance Reporting Functionality

Insights

Cyber Security Software: GRID Active Governance Reporting Functionality

DefenseStorm has made a cyber security software update to our GRID Active Governance Program with new functionalities, further enhancing its capabilities as a powerful cyber risk management solution.  Organizations now can link dashboards to task schedules for scheduling and documenting report reviews.

The Tech Support Scam That Cost a Senior Citizen Her Life Savings

Fraud Squad

The Tech Support Scam That Cost a Senior Citizen Her Life Savings

Technology is advancing at an unprecedented pace, and even the most tech-savvy individuals can find themselves in need of assistance to remain connected and productive. Unfortunately, with the increased demand for tech support comes a rise in fraudulent activity exploiting this important service. Senior citizens are the most vulnerable group because they are more likely to seek help in navigating the complexities of technology.

Venture Tech 2023 Podcast: Interview with DefenseStorm CEO, Steve Soukup

Webinars & Videos

Venture Tech 2023 Podcast: Interview with DefenseStorm CEO, Steve Soukup

Learn how DefenseStorm helps your credit union drive change, and enable growth without compromising safety, by approaching cybersecurity with the same risk management disciplines you use in other areas of business.

 

Cyber Risk Assessment Functionality: Exception Tracking and Reporting

Insights

Cyber Risk Assessment Functionality: Exception Tracking and Reporting

DefenseStorm’s cyber risk assessment solution has recently been updated with new functionalities, further enhancing its capabilities as a powerful cyber risk management solution with GRID Active Risk Assessment Exceptions.

Safeguarding Credit Unions with Threat Intelligence with Elizabeth Houser and James Bruhl

Webinars & Videos

Safeguarding Credit Unions with Threat Intelligence with Elizabeth Houser and James Bruhl

Listen to Director of Cyber Defense, Elizabeth Houser, and Director of Cyber Threat Intelligence, James Bruhl discuss with NAFCU about what threat intelligence is and why is it important to Financial Institutions.

Cyber Security Alerts: Apple’s Name Drop Feature

Insights

Cyber Security Alerts: Apple’s Name Drop Feature

Keeping up with cyber security alerts is important and Apple just rolled out a new default feature for iPhone and Apple watch that allows nearby users to share contact information with one another. This feature has sparked some concern in online social communities and even prompted law enforcement agencies to release statements and privacy warnings over the last few days due to the concern that people could “drop” information on another user’s phone at random, which seems scary.

CISO on Cyber Risk: Embracing Accountability and Transparency in the Wake of the SolarWinds Lawsuit

Insights

CISO on Cyber Risk: Embracing Accountability and Transparency in the Wake of the SolarWinds Lawsuit

Cyber risk Insights from the desk of DefenseStorm’s Chief Information Security Officer, William Wetherill.

The Importance of Cyber Security Asset Management

Insights

The Importance of Cyber Security Asset Management

Cyber security asset management is a critical concern for any organization, regardless of its size or industry. For financial institutions (FIs), it’s vital due to the sensitive data and valuable assets they are entrusted to safeguard. While there are many aspects to consider in building a robust cybersecurity program, one crucial component is effective asset management.

Fraud Prevention Releases: User Behavior Analytics (UBA) model in GRID Active

Insights

Fraud Prevention Releases: User Behavior Analytics (UBA) model in GRID Active

GRID Active Fraud Prevention is powered by machine learning and helps financial institutions to proactively detect fraud and monitor suspicious non-monetary activities, complementing rules-based approaches to detect fraudulent activities.

SIM Swapping – A Tried and True Tactic

Insights

SIM Swapping – A Tried and True Tactic

SIM Swapping is nothing new and if you stay up to date with cybersecurity news and events, you are likely bombarded with technical analysis of the latest in ransomware, malware, dropper, trojan, or vulnerability that was exploited by bypassing controls and using “living off the land” techniques. 

While these tactics, techniques, and analyses are incredibly important and useful, we can often forget that it’s sometimes the simple, age-old ways of getting your information and property that can also harm us.

Holiday Fraud Delivery Notification Scams: “You have a package for delivery!”

Fraud Squad

Holiday Fraud Delivery Notification Scams: “You have a package for delivery!”

With the holiday season just around the corner, it’s a time for celebrations, travel, and shopping, but it’s also prime time for fraudsters to prey on unsuspecting consumers. Amidst the hustle and bustle of planning and festivities, people become easy targets for scammers.

Critical Severity Authentication Vulnerability: CVE-2023-22518

Threat Alerts

Critical Severity Authentication Vulnerability: CVE-2023-22518

A recent vulnerability has been discovered for Confluence Server and Data Center and is being tracked as CVE-2023-22518.  At this time of this writing, this vulnerability is NOT known to have been exploited; however, Atlassian is recommending that those impacted take immediate action.  The below information was taken directly from the Atlassian FAQ page for CVE-2023-22518, and the page was last updated on November 1, 2023.

Account Holder Fraud Prevention in Banks: Alert Enhancements

Insights

Account Holder Fraud Prevention in Banks: Alert Enhancements

As fraud prevention in banking continues to be crucial in today’s digital landscape, it’s imperative for fraud investigators to utilize efficient tools that empower and support their investigative work.  The current Trigger and Alert views have been strategically modified to enhance the service provided to fraud investigators where they can now see relevant information that is intuitive to their role.

The Impact of AI on Cybersecurity Part 3: The DefenseStorm Approach to Cybersecurity and AI

Insights

The Impact of AI on Cybersecurity Part 3: The DefenseStorm Approach to Cybersecurity and AI

In our final entry into our series, The Impact of AI on Cybersecurity, we will explore how DefenseStorm utilizes AI in our own built-for-banking technology.

Deepfake Scam “Mom, Dad, I need your help.”

Fraud Squad

Deepfake Scam “Mom, Dad, I need your help.”

In our latest article in Fraud Squad series, we cover a deepfake scam that started with a call, a familiar voice, and a frantic plea for help. One couple is scammed out of nearly $10,000 when they received a call from whom they believed to be their incarcerated son requesting money for bail.

Cyber Threat Surveillance Operations (CTS Ops) Team

Datasheets

Cyber Threat Surveillance Operations (CTS Ops) Team

DefenseStorm Cyber Threat Surveillance Operations (CTS Ops) team is an extension of your cybersecurity team to bolster your cyber defenses and ensure your FI is threat ready. Our team’s professional expertise and certifications make them your ally in the fight against cybercrime, diligently working to stop threats from becoming costly and destructive attacks. 

 

 

Firewall Security: Strengthening the Weakest Link in Cybersecurity

Insights

Firewall Security: Strengthening the Weakest Link in Cybersecurity

Innovations in technology and security are top of mind for banks and credit unions, and when it comes to firewall security, it is critical to strengthen the weakest link in your cybersecurity efforts. As cyber risks evolve, institutions of all asset sizes must prioritize and invest in strengthening cybersecurity efforts.