BTS HelpDesk: 503-823-5199
1120 SW 5th Avenue, Suite 1111, Portland, OR 97204
Welcome to our blog. Here we will let you know the latest happenings in the information security world.
A co-worker of ours, a fellow City employee, found their mobile phone no longer had phone service. When contacted, the mobile phone provider found the number was moved to another phone!
How does that happen?!?
A SIM (subscriber identity module) is a little computer chip inside your phone that is unique to you and tells the network where your calls should route. The phone company provides the SIM, and programs their network to identify your phone number with your SIM.
An attacker targeted our co-worker with the intention of taking over the phone number. With the phone number, the attacker can access any computer account that uses the phone as a method of authentication and verification! Additionally, our personal email is often associated with text message backup access, so taking over email follows quickly in these attacks!
The intent in this attack was to steal money from online accounts (bank accounts, digital wallets, etc). Your phone could be an avenue into the City network as well, since we use our phones in MFA (multi-factor authentication) to get into our email and City resources.
This can happen to you!
For any City-owned mobile phones, contact BTS immediately by calling 503-823-5199.
To protect your personal phone and accounts, stay aware and cautious.
The Federal Trade Commission has advice to protect from SIM swap attacks: https://www.consumer.ftc.gov/blog/2019/10/sim-swap-scams-how-protect-yourself
Also, talk to your mobile phone provider. They will have specific settings and configurations you can activate to protect you and your family.
If you have questions or want to discuss this further, please open a Cherwell ticket via the BTS Help Portal and it will be routed to the Information Security Team.
If you see any of these malware strains on your enterprise networks, stop everything you're doing and audit all systems.
In this ZDNet article, the author describes various major malware families that are catastrophic to organizations. If these malware strains are found on our network, we need to clean quickly and scan the rest of the network for additional infections:
Microsoft's Director of Identity Services wrote an article urging customers to move away from phone (call or SMS) uses for Multifactor authentication.
On November 10th, 2020, Microsoft wrote an article outlining the dangers of using Phone-based Multi-Factor Authentication (MFA). They include both phone calls and SMS messages as dangerous due to the lack of security in the global phone system.
This is the latest in a series of changes recommending and now urging organizations like the City to move away from phone calls and text messages. The recommendation is to move to no-cost authentication applications like Microsoft Authenticator and Google Authenticator.
New Outlook Phishing Alert Button (PAB)
We are releasing a Phishing Alert Button (PAB) to both Outlook and the Office 365 web client. This feature will make it easier to report suspicious emails to BTS for review and take necessary action. Clicking on this button will report the suspicious email to BTS and delete the email from your mailbox. No further action is required from the user, like forwarding the email or opening a helpdesk ticket to report the suspicious email.
The below pictures show this feature option in different email clients.
The button does not replace the reporting requirement if you click the link or open the suspicious email's attachment