By: Tim Prugar
The transnational WannaCry Ransomware Attack exploded across the internet early Friday Morning on May 12th, and it’s aftershocks are still being felt early this week as some machines in Asian Markets are being booted up for the first time after the weekend. For the curious, Nicole Perlroth over at the New York times provides an outstanding overview of the background events leading up to this cyber attack, but the basic facts are relatively simple. A hacker or team of hackers identified a vulnerability in the Server Message Block (SMB) Protcol in Microsoft Software, and put together a ransomware attack that spreads through a system’s file-sharing capabilities. The attack would immediately encrypt all of the system’s files, demanding a Bitcoin payment for the de-encryption and safe release of the pertinent documents. The attack, like many, was unleashed via a simple phishing ploy – an unsuspecting victim downloaded and opened a file they shouldn’t have that contained the malicious software. The rest was a nightmare for the cybersecurity community.
While the WannaCry threat can reasonably be classified as “cyber terrorism”, and patches to protect machines from being infected have already been issued, Information Security Officers should use this incident as an opportunity to pull lessons about protecting all channels from attacks from bad actors. What can fraud experts, CISOs, and Call Center Leaders learn from the WannaCry attacks?
1. The Human is the Weakest Link In the Fraud Chain
The methods through which WannaCry spread and replicated may have been automated, but the door for access was opened by a human being. Basic social engineering is at the heart of many of these phishing, SMSishing, and vishing scams, and the phone is one of the most lucrative channels for manipulating a human being to a desired end. CISOs and Call Center Leaders should be investing heavily in training agents to identify and recognize common social engineering methods and tricks, and should consider exploring technologies that are able to identify calls real-time that have been spoofed or otherwise manipulated. There is a high correlation between ANI Spoofing and phone fraud attempts, so more information allows agents to “trust but verify” with more complete data.
2. The Cost of Attacks Go Beyond Money
The big story of the WannaCry attacks isn’t the absolute value of the money extorted (some reports have it at less than $60,000), but the “collateral damage” losses of disruption to services, man hours lost, and even potential health implications. The WannaCry ransomware didn’t just infect computers in a vacuum – it infected computers at Universities, the British National Health System, train stations in Germany, and multi-national corporations based out of France and China. Similarly, when fraud teams do cold “dollars and cents” cost benefit analyses of fraud solutions for the Contact Center, they often look only at their absolute number of fraud losses, and compare that to the cost of the solution. CISOs and Contact Center Leaders should look at the problem holistically: How much time are we losing due to caller authentication? Can we quantify the damage being done to our brand due to fraud and data breaches? Are fraudsters leveraging information stolen at the contact center level to make larger, more costly fraud attacks elsewhere?
3. Hackers and Fraudsters Are Very, Very Good At Exploiting Vulnerabilities
Some hackers and fraudsters are organized criminal enterprises; others are impish troublemakers. Either way, these people are experts at identifying weaknesses in security systems and exploiting them for their own gain. Just as the architects of the WannaCry attack masked their malicious software to get a foot in the door, so too do those looking to commit account takeover or identity theft through the Contact Center mask their phone number to minimize the likelihood of detection. By using ANI Spoofing, fraudsters look to mimic the phone number of an existing customer to bypass ANI-matching authentication procedures, or look to mimic a completely random phone number to hide their own identity. Either way, these fraudsters are leveraging spoof as the main method for their attacks, and any technologies that can detect these spoofing attempts real-time provide an added layer of much-needed security at the Contact Center level.
So what can CISOs and Contact Center Leaders do in the wake of the WannaCry attack to ensure that all channels are adequately defended from bad actors?
Security Leaders would be wise to conduct a thorough audit of Contact Center authentication and security protocols to ensure that vulnerabilities and weaknesses in the call flow are identified, isolated, and addressed in a timely fashion. Tools such as blacklists, voice biometrics, and anti-spoof technology are all strong safeguards to keep bad actors out, but they are used best in tandem as a layered solution to provide the highest possible level of Contact Center security.
Tim Prugar is Next Caller's Director of Customer Success. He can be reached at email@example.com.