BW Cyber Services is aware of a clever new attack method by cyber criminals (mostly based out of Nigeria) focusing on the asset management industry – most particularly Hedge Funds, Commodity Pool Operators, and especially Private Equity. Specifically, these highly specialized criminals are using the readily available information on LinkedIn (and other open-source sites to include company websites) to identify employees who work in the asset management industry and deal with high-value wire transfers. Once identified, the attackers are focusing their efforts to identify and compromise the homebased “Residential” firewalls utilized by these employees.
Consequently, BW Cyber Services urgently recommends organizations to ensure that their employees who are conducting business remotely from home – which is now the norm due to COVID-19 – have modern firewalls that are tested, patched, and upgraded regularly. This focus is especially important for any employees who are involved with wire transfers or interact with Subscription Documentation or other sensitive files that contain Personally Identifiable Information (PII). These same criminals have proven very effective in using compromised Subscription Documents to similarly target investors as well.
Why Residential Firewalls Are At Risk
Residential firewalls are often found to lack appropriate native protections and related security controls to identify or prevent sophisticated cyber-attacks. A basic residential-grade firewall (typically supplied by your Internet provider) is designed for ease of use, so anyone with little IT knowledge can install and configure it.
Unfortunately, residential firewalls prioritize speed and cost over security. As a result, lower cost is a strong indicator of lower quality (especially as it relates to security) and durability (in terms of the equipment’s ability to stay current with rapidly evolving security threats); further and most disconcerting, many residential firewalls are unsupported and therefore cannot have their software upgraded. Given they are built to be disposable, they will need to be completely replaced much more frequently than a commercial-grade firewall.
How BW Cyber Services Can Help
In response to the concerns outlined above, BW Cyber Services offers “BW Secure™” – a rapid, cost-effective solution to quickly Penetration Test (PenTest) the home firewalls utilized by your remote workforce. This process will quickly identify vulnerable firewalls as well as provide immediate solutions to either remediate any identified vulnerabilities or provide suggestions for the replacement of any substandard firewalls to ensure your employees and related data are properly protected.