Latitude Financial Services has been “hacked”

Security No Comments

Huh???, why the quotes?

A hack is not really a hack when a spear phising attempt is able to obtain employee credentials, who are then used to basically bypass all security measures that are in place. Is it really a “burglary” when you leave the front-door open, or more an invitation for criminals to go “shopping”?

The Latitude security page shows a somewhat troublesome image that seems to be in line with the policies and procedures that are followed in the company. Too much “easy going” will eventually catch up with you.

Irrespective of terminology, the fallout of the breach is significant, with detailed information of a large customer base being stolen. Latitude Financial Services observed a breach that had all the hallmarks of a relatively simple spearphishing campaign and it most likely took only one employee with enough authorisation in one or more systems, to do this significant damage.

This comes just days after I wrote about the poor state of security in the financial services industry and the lack of preventative measures that should’ve been in place to prevent this from happening. Latitude is not the only one and it is just matter of time that other institutions will see the same fate.

Actions to take now

I know I’m sitting on the side line here making a high level analysis, but when relatively simple things like credential theft through phising happens, you can imagine that awareness training and Verifier Impersonation Resistant MFA technologies have not been used at Latitude.

I’ve said it before, customer and employee phishing awareness as well as full proof MFA solutions will prevent this to the extent that attempts to breach into environments are only possible under physical duress of the owner of the token.

As an authorised partner of KnowBe4 and Yubico, we can help in bringing you solutions that tackle both the main two problems that have a root cause of the breach at Latitude. Ask us for a demo of KnowBe4 and how this can help your organisation in elevating awareness of the various phishing methodologies and how to thwart them, or click here to register directly.

Contact us for Yubico solutions to help you and your customers to obtain maximum, phising resistant, MFA protection.

Kind regards,

Erwin

Print Friendly, PDF & Email

Subscribe to our newsletter to receive updates on products, services and general information around Linux, Storage and Cybersecurity.

The Cybersecurity option is an OPT-OUT selection due to the importance of the category. Modify your choice if needed.

Select list(s):