AWS digital sovereignty pledge: A new, independent sovereign cloud in Europe

From day one, Amazon Web Services (AWS) has believed it is essential that customers have control over their data, and choices for how they secure and manage that data in the cloud. Last year, we introduced the AWS Digital Sovereignty Pledge, our commitment to offering AWS customers the most advanced set of sovereignty controls and features available in the cloud.

AWS offers the largest and most comprehensive cloud infrastructure globally. Our approach from the beginning has been to make AWS sovereign-by-design. We built data protection features and controls in the AWS cloud with input from financial services, health care and government customers — who are among the most security- and data privacy-conscious organizations in the world. This has led to innovations like the AWS Nitro System, which powers all our modern Amazon Elastic Compute Cloud (Amazon EC2) instances and provides a strong physical and logical security boundary to enforce access restrictions so that nobody, including AWS employees, can access customer data running in Amazon EC2. The security design of the Nitro System has also been independently validated by the NCC Group in a public report.

With AWS, customers have always had control over the location of their data. In Europe, customers who need to comply with European data residency requirements have the choice to deploy their data to any of our eight existing AWS Regions (Ireland, Frankfurt, London, Paris, Stockholm, Milan, Zurich and Spain) to keep their data securely in Europe. To run their sensitive workloads, European customers can leverage the broadest and deepest portfolio of services, including AI, analytics, compute, database, internet of things, machine learning, mobile services and storage. To further support customers, we’ve innovated to offer more control and choice over their data. For example, we announced further transparency and assurances, and new dedicated infrastructure options with AWS ‘Dedicated Local Zones’.

To deliver enhanced operational resilience within the EU, only EU residents who are located in the EU will have control of the operations and support.

Announcing the AWS European Sovereign Cloud

When we speak to public-sector and regulated-industry customers in Europe, they share how they are facing incredible complexity with an evolving sovereignty landscape. Customers tell us they want to adopt the cloud, but are facing increasing regulatory scrutiny over data location, European operational autonomy and resilience. We’ve learned that these customers are concerned that they will have to choose between the full power of AWS or feature-limited sovereign cloud solutions. We’ve had deep engagements with European regulators, national cybersecurity authorities, and customers to understand how the sovereignty needs of customers can vary based on multiple factors, like location, sensitivity of workloads, and industry. We recently announced our plans to launch the AWS European Sovereign Cloud, a new, independent cloud for Europe, designed to help public sector organizations and customers in highly-regulated industries meet their evolving sovereignty needs. We’re designing the AWS European Sovereign Cloud to be separate and independent from our existing ‘regions’, with infrastructure located wholly within the European Union, with the same security, availability and performance our customers get from existing regions today. To deliver enhanced operational resilience within the EU, only EU residents who are located in the EU will have control of the operations and support for the AWS European Sovereign Cloud. The AWS European Sovereign Cloud will launch its first AWS Region in Germany available to all European customers.

Built on more than a decade of experience operating multiple independent clouds for the most critical and restricted workloads.

The AWS European Sovereign Cloud will be sovereign-by-design, and will be built on more than a decade of experience operating multiple independent clouds for the most critical and restricted workloads. Like existing regions, the AWS European Sovereign Cloud will be built for high availability and resiliency, and powered by the AWS Nitro System, to help ensure the confidentiality and integrity of customer data. Customers will have the control and assurance that AWS will not access or use customer data for any purpose without their agreement. AWS gives customers the strongest sovereignty controls among leading cloud providers. For customers with enhanced data residency needs, the AWS European Sovereign cloud is designed to go further and will allow customers to keep all metadata they create (such as the roles, permissions, resource labels and configurations they use to run AWS) in the EU. The AWS European Sovereign Cloud will also be built with separate, in-region billing and usage metering systems.

Delivering operational autonomy

The AWS European Sovereign Cloud will provide customers with the capability to meet stringent operational autonomy and data residency requirements. To deliver enhanced data residency and operational resilience within the EU, the AWS European Sovereign Cloud infrastructure will be operated independently from existing AWS Regions. To assure independent operation of the AWS European Sovereign Cloud, only personnel who are EU residents, located in the EU, will have control of day-to-day operations, including access to data centers, technical support and customer service.

Control without compromise

Though separate, the AWS European Sovereign Cloud will offer the same industry-leading architecture built for security and availability as other AWS Regions. This will include multiple ‘Availability Zones’, infrastructure that is placed in separate and distinct geographic locations, with enough distance to significantly reduce the risk of a single event impacting customers’ business continuity.

Continued AWS investment in Europe

The AWS European Sovereign Cloud represents continued AWS investment in Europe. AWS is committed to innovating to support European values and Europe’s digital future. We drive economic development through investing in infrastructure, jobs and skills in communities and countries across Europe. We are creating thousands of high-quality jobs and investing billions of euros in European economies. Amazon has created more than 100,000 permanent jobs across the EU. Some of our largest AWS development teams are located in Europe, with key centers in Dublin, Dresden and Berlin. As part of our continued commitment to contribute to the development of digital skills, we will hire and develop additional local personnel to operate and support the AWS European Sovereign Cloud.

Our commitments to our customers

We remain committed to giving our customers control and choices to help meet their evolving digital sovereignty needs. We continue to innovate sovereignty features, controls and assurances globally with AWS, without compromising on the full power of AWS.



Source link

#AWS #digital #sovereignty #pledge #independent #sovereign #cloud #Europe

Jim Cramer’s top 10 things to watch in the stock market Friday

My top 10 things to watch Friday, Nov. 3

1. U.S. stocks climb higher in premarket trading Friday, with S&P 500 futures up 0.46% after rising nearly 5% over the previous four sessions. Equities remain on track for their biggest weekly gain of the year. Government bonds also continue to rally this week, with the yield on the 10-year Treasury pulling back to around 4.5%. Oil prices tick up 0.78%, bringing West Texas Intermediate crude to just above $83 a barrel.

2. U.S. employment growth slows in October, with the economy adding just 150,000 jobs, according to the Labor Department’s monthly nonfarm payrolls report. That compares with September’s revised gain of 297,000 jobs and a Dow Jones estimate for October of 170,000 jobs. The news could take further pressure off the Federal Reserve in its ongoing battle to bring down inflation through higher interest rates.

3. Club holding Apple (AAPL) delivers an uneven fiscal fourth-quarter, with shares falling on lower-than-expected guidance for the current quarter. Analysts are using the results to reset expectations and lower price targets. Apple stock is down 1.7% in premarket trading, at $174.57 a share.

4. Semiconductor firm Skyworks Solutions (SWKS) reports a weak quarter as a result of Apple’s slowdown, prompting a slate of price-target reductions Friday. Barclays lowers its price target on the stock to $90 a share, down from $115, while maintaining an overweight rating on shares.

5. The takeaway from Club holding Starbucks‘ (SBUX) fiscal fourth-quarter beat is that the coffee maker needs so many more stores both in the U.S. and in China, while it’s barely begun to tackle India. Baird on Friday raises its price target on Starbucks to $110 a share, up from $100, while reiterating a neutral rating.

6. Barclays on Friday raises its price target on Club name Eli Lilly (LLY) to $630 a share, up from $590, while maintaining an overweight rating on the stock. The call seems like a good idea after Eli Lilly delivered solid quarterly results on the back of its blockbuster drug Mounjaro.

7. Shares of cybersecurity firm Fortinet (FTNT) plunge nearly 20% in early trading after its third-quarter results miss on analyst expectations, while providing a weak outlook for the current quarter. Multiple Wall Street firms downgrade Fortinet Friday on the weak quarter and signs secure networking is seeing slower growth.

8. Barclays lowers it price target on Clorox (CLX) to $115 a share, down from $118, while maintaining an underweight rating on the stock — and that seems harsh. The firm calls Clorox’s reduced outlook “prudent given the uncertainty ahead.” Clorox warned last month that an August cyber attack had significantly weighed on sales and profits.

9. KeyBanc upgrades Uber Technologies (UBER) to overweight from a neutral-equivalent rating, with a $60-per-share price target. The firm says Uber’s expense discipline should continue to drive earnings and free cash flow, while advertising “provides a lever to keep prices low to drive volumes.” Uber is set to report third-quarter results on Nov. 7.

10. Gordon Haskett upgrades Ross Stores (ROST) to buy from accumulate, with a $135-per-share price target. The firm says its third-quarter proprietary store manager survey “paints a positive picture” for both Ross and Club name TJX Companies (TJX).

Sign up for my Top 10 Morning Thoughts on the Market email newsletter for free.

What Investing Club members are reading right now

(See here for a full list of the stocks at Jim Cramer’s Charitable Trust.)

As a subscriber to the CNBC Investing Club with Jim Cramer, you will receive a trade alert before Jim makes a trade. Jim waits 45 minutes after sending a trade alert before buying or selling a stock in his charitable trust’s portfolio. If Jim has talked about a stock on CNBC TV, he waits 72 hours after issuing the trade alert before executing the trade.

THE ABOVE INVESTING CLUB INFORMATION IS SUBJECT TO OUR TERMS AND CONDITIONS AND PRIVACY POLICY, TOGETHER WITH OUR DISCLAIMER.  NO FIDUCIARY OBLIGATION OR DUTY EXISTS, OR IS CREATED, BY VIRTUE OF YOUR RECEIPT OF ANY INFORMATION PROVIDED IN CONNECTION WITH THE INVESTING CLUB.  NO SPECIFIC OUTCOME OR PROFIT IS GUARANTEED.

Source link

#Jim #Cramers #top #watch #stock #market #Friday

Phishing scams targeting small business on social media including Meta are a ‘gold mine’ for criminals

With so much of daily life happening over social media, it’s not surprising that small businesses are relying more and more on Instagram, Facebook and other platforms to spread the word about their business and sell products.

But there is one big catch: small business owners are at a big disadvantage on these platforms when it comes to cybersecurity. 

Take it from Pat Bennett, an entrepreneur who sold granola in the Cleveland area and got about half of her sales through Instagram. The business was already under pressure from the rising cost and availability of sweeteners and oats when her business Instagram page, Pat’s Granola, came under attack. 

The attack looked innocuous. Bennett received a message on Instagram from a small business owner she knows personally. Using a link, her acquaintance asked Bennett to vote for her in a contest. It was a legitimate contest, and it wasn’t unusual for Bennett to communicate with people on Instagram Messenger. As it turned out, it was an attack that went to everyone in her contact’s address book. Bennett lost control of her Instagram and Facebook accounts and hasn’t regained access, despite using all the channels Meta recommends. 

With help, she was able to track the IP addresses to Europe, but that wasn’t enough to avoid a worst-case scenario. Bennett received a letter saying she could regain control of her accounts if she paid close to $10,000. She declined to pay the ransom and had to start all over again. 

Pat Bennett, a Cleveland-based entrepreneur who sells granola says about half of her sales are through Instagram, but she became victim to an Instagram Messenger hack that resulted in Bennett to losing control of her Instagram and Facebook accounts, and she hasn’t regained access, despite using all the channels Meta recommends.

Source: Pat Bennett

Bennett’s experience isn’t isolated. As it turns out, small businesses like Pat’s Granola are frequent targets of hacking rings. CNBC quarterly surveys of small business owners in recent years have indicated that many do not rate the risk of cyberattack highly, yet the FBI says that in recent years a wave of hacks has targeted small business. In 2021, the FBI’s Internet Crime Complaint Center received 847,376 complaints regarding cyberattacks and malicious cyber activity with nearly $7 billion in losses, the majority of which targeted small businesses.

Small business owners say social media giants such as Meta have done little to help them address the problem. 

A Meta spokesperson declined to offer specific comment in response to small business owner concerns, but pointed to its efforts to protect businesses targeted by malware. The company has security researchers that track and take action against “threat actors” worldwide and has detected and disrupted nearly 10 new malware strains this year. Malware can target victims through email phishing, browser extensions, ads and mobile apps and various social media platforms. The links look innocuous and rely on tricking people into clicking on or downloading something. 

Why Main Street is an easy target 

With marketing and selling over Instagram and other social platforms being an attractive way for small businesses to reach and expand their customer base, it’s not surprising that criminal organizations have followed.

According to SCORE, a nonprofit partly funded by the U.S. Small Business Administration, nearly half of small business owners cited social media as their preferred digital marketing channel. Compare that to 51% who cited their company website and 33% who prefer online advertising. Moreover, 73% of business owners said they consider social media to be their most successful digital marketing channel, with 66% citing Facebook, 42% citing Alphabet’s YouTube and 41% Instagram. 

“Criminals are in the business of stealing, so you’re going to go where you can make money and get away with it. And social media accounts of small businesses are like a gold mine,” said Joseph Steinberg, a cyber security privacy and AI expert, who sees small business social media accounts as “low hanging fruit.” 

Bryan Palma, chief executive officer at Trellix, a cybersecurity company that worked with the FBI and Europol to take down Genesis Market, an “eBay” for cybercrime criminals, earlier this year, said he has been seeing a range of cybercriminals targeting platforms such as Instagram, YouTube and Facebook. Some are independent hackers, while others are larger, organized crime groups that target social media accounts with more than 50,000 followers. 

Common online scams to watch out for

One common scam, Palma said, is criminals will create a fake Instagram page notifying the user that there’s a problem with their post, and they should “click here, and we’ll help you fix it.” The link redirects users to a fake site asking them to type in their Instagram credentials. 

That’s similar to what happened to Cai Dixon, owner of Copy-Kids, which makes video content for kids. Dixon created an active online Facebook group with 300,000 followers and was getting as much as $2,000 a month in performance bonuses. In March, she got a message purporting to be from Meta, asking if she would like a blue badge verification. Because she was already in contact with Meta employees over Messenger, she believed the message and gave her private information. 

Turns out, it was a phishing scheme. Almost immediately, Dixon lost control of the account and the Facebook group she had spent years cultivating. The hackers removed Dixon and all the other page moderators and started posting animal cruelty videos, videos of heavy machinery and fake content. When she finally talked to someone on Facebook, “they said the only thing I could do was to tell all my friends to report it hacked and then they could take it down.” 

Cai Dixon, owner of Copy-Kids, which makes video content for kids, created an active online Facebook group with 300,000 followers and was getting as much as $2,000 a month in performance bonuses. But in March, a phishing scheme led Dixon to lose control of the account and the Facebook group she had spent years cultivating.

Source: Cai Dixon

These common hacks for small businesses offer little recourse.

“It’s especially damning for a small business, which has a pretty minuscule security budget compared to a General Electric or GM, which are running the best tools,” said Greg Hatcher, founder of White Knight Labs. 

Companies with 100 or fewer employees experience 350% more social engineering attacks than larger companies, according to Barracuda, a cloud security company. More than half of social engineering attacks are phishing, and one in five organizations had an account compromised in 2021. 

Social media companies are aware of the problem, but fending off attacks on small businesses is time-consuming and expensive. It’s one matter when a large Fortune 500 company that spends millions on advertising or a high-profile individual encounters a hacker. But when it comes to small business owners, there’s less financial incentive. 

“It is often better for social media companies from a purely bottom line to ignore small businesses when they have problems,” Steinberg said, adding that small businesses are generally getting the service for free or close to free. 

Two-factor authentication and cybersecurity tools

Though the threat seems vast, cybersecurity experts said the most effective defense is fairly basic. Not enough people use the security features that social platforms already offer, like two-factor authentication. Entrepreneurs can also use business password managers, designed for multiple users who may need access to the same accounts. 

“Small businesses don’t have to be completely hung out to dry. They can have good cyber hygiene, with a good password policy,” said Hatcher, emphasizing length, ideally 30-40 characters, over complexity as well as two-factor authentication. 

Knowing what to look for and being wary of any links or requests for information can also go a long way. For the unfortunate who get hacked and lose access to accounts, the Identity Theft Resource Center is a nonprofit that can help victims figure out the next steps.   

For now, the online world is still under-regulated and monitored.

Cyberattacks conducted through tech giants have caught the attention of the federal government’s main cyber agency, the Cybersecurity and Infrastructure Security Agency. In an interview with CNBC’s “Tech Check” in January of this year, CISA director Jen Easterly said, “Technology companies who for decades have been creating products and software that are fundamentally insecure need to start creating products that are secure by design and secure by default with safety features baked in,” she said. But the U.S. government has so far taken a cautious approach with support for small business specifically – a spokeswoman for the U.S. Cybersecurity Infrastructure Agency told CNBC in January that it doesn’t regulate small business software, instead pointing to a blog post with guidance aimed at helping businesses large enough to have a security program manager and an IT lead.

“There are a lot of people spending the majority of their time in the virtual world, but the resources are not as extensive. We still have more resources protecting streets,” Palma said. Some of the big online scams get addressed, but there are many “smaller issues” that are costing people and small businesses real money, but governments and companies aren’t equipped to deal with it. “I think over time, we have to shift that balance,” he said. 

Source link

#Phishing #scams #targeting #small #business #social #media #including #Meta #gold #criminals

Chinese companies are shipping rifles, body armor to Russia

Chinese companies, including one connected to the government in Beijing, have sent Russian entities 1,000 assault rifles and other equipment that could be used for military purposes, including drone parts and body armor, according to trade and customs data obtained by POLITICO.

The shipments took place between June and December 2022, according to the data provided by ImportGenius, a customs data aggregator.

China North Industries Group Corporation Limited, one of the country’s largest state-owned defense contractors, sent the rifles in June 2022 to a Russian company called Tekhkrim that also does business with the Russian state and military. The CQ-A rifles, modeled off of the M16 but tagged as “civilian hunting rifles” in the data, have been reported to be in use by paramilitary police in China and by armed forces from the Philippines to South Sudan and Paraguay.

Russian entities also received 12 shipments of drone parts by Chinese companies and over 12 tons of Chinese body armor, routed via Turkey, in late 2022, according to the data.

Although the customs data does not show that Beijing is selling a large amount of weapons to Moscow specifically to aid its war effort, it reveals that China is supplying Russian companies with previously unreported “dual-use” equipment — commercial items that could also be used on the battlefield in Ukraine.

It is the first confirmation that China is sending rifles and body armor to Russian companies, and shows that drones and drone parts are still being sent despite promises from at least one company that said it would suspend business in Russia and Ukraine to ensure its products did not aid the war effort.

The confirmation of these shipments comes as leaders in the U.S. and Europe warn Beijing against supporting Russia’s efforts in Ukraine. Western officials have said in recent weeks that China is considering sending weapons to Russia’s military, a move that could alter the nature of the fighting on the ground in Ukraine, tipping it in Russia’s favor. Officials are also concerned that some of the dual-use material could also be used by Russia to equip reinforcements being deployed to Ukraine at a time when Moscow is in desperate need of supplies.

Da-Jiang Innovations Science & Technology Co., also known as DJI, sent drone parts — like batteries and cameras — via the United Arab Emirates to a small Russian distributor in November and December 2022. DJI is a Chinese company that has been under U.S. Treasury sanctions since 2021 for providing the Chinese state with drones to surveil the Uyghur minority in the western region of Xinjiang.

In addition to drones, Russia has for months relied on other countries, including China, for navigation equipment, satellite imagery, vehicle components and other raw materials to help prop up President Vladimir Putin’s year-old war on Ukraine.

It’s currently unclear if Russia is using any of the rifles included in the shipment data on the battlefield — Tekhkrim, the Russian company, did not respond to an emailed request for comment. But the DJI drones have been spotted on the battlefield for months. DJI did not immediately respond to a request for comment.

The National Security Council did not comment on the record for this story. The Chinese embassy in Washington said in a statement that Beijing is “committed to promoting talks for peace” in Ukraine.

“China did not create the crisis. It is not a party to the crisis, and has not provided weapons to either side of the conflict,” said embassy spokesperson Liu Pengyu.

Asked about the findings in the data obtained by POLITICO, Poland’s Ambassador to the EU Andrzej Sadoś said that “due to the potential very serious consequences, such information should be verified immediately.”

Although Western sanctions have hampered Moscow’s ability to import everything from microchips to tear gas, Russia’s still able to buy supplies that support its war effort from “friendly” countries that aren’t following the West’s new rules, like China or the Gulf countries.

“Some commercial products, like drones or even microchips, could be adapted. They can transform from a simple benign civilian product to a lethal and military product,” said Sam Bendett, an adjunct senior fellow at the Center of Naval Analyses Russia Studies in Washington, noting that dual-use items could help Russia advance on the battlefield.

Experts say it is difficult to track whether dual-use items shipped from China are being sold to buyers who intend to use the technology for civilian purposes or for military means.

“The challenge with dual-use items is that the export control system we have has to consider both the commercial sales possibilities as well as the military use of certain items,” said Zach Cooper, former assistant to the deputy national security adviser for combating terrorism at the National Security Council.

In cases where the Kremlin craves specific technology only produced in say the U.S., EU or Japan, there are wily ways for Moscow to evade sanctions, which include buying equipment from middlemen located in countries with cordial trade relations with both the West and Russia.

Russia managed to import more than 800 tons of body armor worth around $10 million in December last year, according to the customs data from ImportGenius. Those bulletproof vests were manufactured by Turkish company Ariteks and most were imported straight from Turkey, although some of the shipments arrived to Russia via the United Arab Emirates. Russia also imported some body armor from Chinese company Xinxing Guangzhou Import & Export Co.

Trade data also shows that Russian state defense company Rosoboronexport has imported microchips, thermal vision devices and spare parts like a gas turbine engine from a variety of countries ranging from China to Serbia and Myanmar since 2022.

Dual-use items could also be a way for China to quietly increase its assistance to Moscow while avoiding reprisals officials in Washington and Europe have been threatening in recent weeks if China goes ahead with sending weapons to the Russian military.

Most recently, German Chancellor Olaf Scholz told reporters last week that there would be “consequences” if China sent weapons to Russia, although he also said that he’s seen “no evidence” that Beijing is considering delivering arms to Moscow.

“We are now in a stage where we are making clear that this should not happen, and I’m relatively optimistic that we will be successful with our request in this case,” he said.

Among the military items China has been considering shipping to Russia are drones, ammunition and other small arms, according to a list that has circulated inside the administration and on Capitol Hill for months, according to a person who read that document. And intelligence briefed to officials in Washington, on Capitol Hill and to U.S. allies across the world in the last month, suggests Beijing could take the step to ship weapons to Russia.

“We do see [China] providing assistance to Russia in the context of the conflict. And we see them in a situation in which they’ve become increasingly uncomfortable about the level of assistance and not looking to do it as publicly as might otherwise occur and given the reputational costs associated with it,” Avril Haines, the U.S. director of national intelligence, said in a congressional hearing March 8. “That is a very real concern and the degree of how close they get and how much assistance they’re providing is something we watch very carefully.”

As data about dual-use item shipments to Russia becomes available, Western countries are expected to ramp up efforts to quell these flows.

“We’ve already started to see sanctions against people [moving] military material to Russia. I’m sure we’re going to be seeing the EU and other countries target those people that are helping a lot of this material to get to Russia,” said James Byrne from the Royal United Services Institute, a U.K.-based defense think tank.

Beijing continues to deny that it is ramping up support for Russia in Ukraine. However, several of its top officials have recently traveled to Moscow. President Xi Jinping is expected to make an appearance there in the coming weeks. China recently presented a 12-point peace proposalfor the war in Ukraine, though it was criticized by western leaders for its ambiguity and for its lack of details about the need for the withdrawal of Russian troops.

Leonie Kijewski contributed reporting from Brussels.



Source link

#Chinese #companies #shipping #rifles #body #armor #Russia

‘Phishing-as-a-service’ kits are driving an uptick in theft: What you can learn from one business owner’s story

Cody Mullenaux and his family. Mullenaux was the victim of a sophisticated wire fraud scheme that has resulted in $120,000 being stolen

Courtesy: Cody Mullenaux

Banks have spent enormous amounts on cybersecurity and fraud detection but what happens when criminal tactics are sophisticated enough to even fool bank employees? 

For Cody Mullenaux, it meant having more than $120,000 wired from his Chase checking account with little hope of ever recouping his stolen funds.

The saga for Mullenaux, a 40-year-old small business owner from California, began on Dec. 19. While Christmas shopping for his young daughter, he received a call from a person claiming to be from the Chase fraud department and asking to verify a suspicious transaction.

The 800-number matched Chase customer service so Mullenaux didn’t think it was suspicious when the person asked him to log into his account via a secured link sent by text message for identification purposes. The link looked legitimate and the website that opened appeared identical to his Chase banking app, so he logged in. 

“It never even crossed my mind that I was not speaking with a legitimate Chase representative,” Mullenaux told CNBC.

Gone are the days when the only thing a consumer had to be wary of was a suspicious email or link. Cybercriminals’ tactics have morphed into multipronged schemes, with multiple criminals acting as a team to deploy sophisticated tactics involving readymade software sold in kits that mask phone numbers and mimic login pages of a victim’s bank. It’s a pervasive threat that cybersecurity experts say is driving an uptick in activity. They predict it will only get worse. Unfortunately, for victim of these schemes, the bank isn’t always required to repay the stolen funds.

After he was logged in, Mullenaux said he saw large amounts of money moving between his accounts. The person on the phone told him someone was in his account actively trying to steal his money and that the only way to keep it safe was to wire money to the bank supervisor, where it would be temporarily held while they secured his account.

Terrified that his hard-earned savings was about to be stolen, Mullenaux said he stayed on the phone for nearly three hours, followed all the instructions he was given and answered additional security questions he was asked. 

CNBC has reviewed Mullenaux’s cellular records, bank account information, as well as images of the text message and link he was sent.

A team of scammers

Cody Mullenaux, the inventor and founder of Aquaphant, a technology company that converts moisture from the air into filtered water, with his team and family.

Courtesy: Cody Mullenaux

Little recourse for victims of wire scams

Mullenaux said he feels frustrated and defeated about his experience trying to recover his stolen funds.

“No matter what they do to try and safeguard customers, scammers are always one step ahead,” Mullenaux said, adding that his money would have been safer in a shoebox than in a big bank that cybercriminals are targeting.

The Federal Trade Commission advises that any customer who thinks they might have sent money to scammers via a wire transfer should immediately contact their bank, report the fraudulent transfer and ask for it to be reversed.

Time is critical when trying to recover funds sent via fraudulent wire transfer, the FTC told CNBC. The agency said victims should also report the crime to the agency as well as the FBI’s Internet Crime Complaint Center, the same day or next day, if possible. 

Mullenaux said he realized something was wrong the next morning when his funds had not been returned to his account.

He immediately drove to his local Chase bank branch where he was told he had likely been the victim of fraud. Mullenaux said the matter wasn’t handled with any sense of urgency, and a reverse wire transfer attempt, which the FTC suggests customers ask for, wasn’t offered as an option.

Instead, Mullenaux said the branch employee told him he would receive a packet in the mail within 10 days that he could fill out to file a claim. Mullenaux asked for the packet immediately. He filled it out and submitted it the same day.

That claim, along with a second one Mullenaux filed with the executive branch, were denied. The employees investigating the matter said Mullenaux had called to authorize the wire transfers.

Cody Mullenaux and his daughter. Mullenaux had been shopping for Christmas gifts for his daughter when he received a call from a man impersonating a Chase fraud department employee.

Courtesy: Cody Mullenaux

CNBC provided Chase with Mullenaux’s cellular phone records that showed he never made any outgoing phone calls to Chase on the day in question. The records also suggest, when compared with the wire transfer records, that it could not have been Mullenaux who called Chase to authorize the wire transfers because all three were authorized and went through while Mullenaux was still on the phone with the scammers.

However, that didn’t change the bank’s decision and, again, Mullenaux’s claim was denied since he had shared his private information with the criminals.

Scammers exploited regulatory loopholes

Whether the scammers realized they were doing it or not, they successfully exploited two loopholes in current consumer protection legislation that resulted in Chase not being required to replace Mullenaux’s stolen funds. Legally, banks do not have to reimburse stolen funds when a customer is tricked into sending money to a cybercriminal.

However, under the Electronic Fund Transfer Act, which covers most types of electronic transactions like peer-to-peer payments and online payments or transfers, banks are required to repay customers when funds are stolen without the customer authorizing it. Unfortunately, wire transfers, which involve transferring money from one bank to another, are not covered under the act, which also excludes fraud involving paper checks and prepaid cards.

The cybercriminals also transferred funds from Mullenaux’s personal checking and savings accounts to his business account before initiating the wire transfers. Regulation E, which is designed to help consumers get their money back from an unauthorized transaction, only protects individuals, not business accounts.

A representative for Chase said that the investigation is ongoing as the bank tries to recover the stolen funds.

That is something Mullenaux says he is praying for. “I pray that this tragedy is somehow reconciled, that [bank] management sees what happened to me and my money is returned.”

Mullenaux has also filed reports with the local police and the FBI’s Internet Crime Complaint Center, but neither have contacted him about his case.

Sophisticated scamming tactics on the rise

It’s not just Chase customers being targeted by cybercriminals with these sophisticated schemes. This past summer, IronNet uncovered a “phishing-as-a-service” platform that sells ready-made phishing kits to cybercriminals that target U.S.-based companies, including banks. The customizable kits can cost as little as $50 per month and include code, graphics and configuration files to resemble bank login pages.

Joey Fitzpatrick, a threat analysis manager at IronNet, said that while he can’t say for certain that this is how Mullenaux was defrauded, “the attack against him bears all the hallmarks of attackers leveraging the same sort of multimodal tools that phishing-as-a-service platforms provide.”

He expects “as-a-service”-type offerings will only continue to gain traction as the kits not only lower the bar for low- to medium-tier cybercriminals to create phishing campaigns, but it also enables the higher-tier criminals to focus on a single area and develop more sophisticated tactics and malware.

“We’ve seen a 10% increase in deployment of phishing kits in January 2023 alone,” Fitzpatrick said.

In 2022, the company saw a 45% increase in phishing alerts and detections.

But it’s not just phishing schemes on the rise, it’s all cyberattacks. Data from Check Point showed in 2022 there was a 52% increase in weekly cyberattacks on the finance/banking sector compared with attacks in 2021.

“The sophistication of cyberattacks and fraud schemes has significantly increased during the last year,” said Sergey Shykevich, the threat group manager at Check Point. “Now, in many cases cybercriminals don’t rely only on sending phishing/malicious emails and waiting for the people to click it, but combine it with phone calls, MFA [multifactor authentication] fatigue attacks and more.”

Both cybersecurity experts said banks can be doing more to educate customers. 

Shykevich said the banks should invest in better threat intelligence that can detect and block methods cybercriminals use. An example he gave is comparing a login to a person’s digital “fingerprint,” which is based on data such as the browser an account uses, screen resolution or keyboard language.

Best advice: Hang up the phone

Source link

#Phishingasaservice #kits #driving #uptick #theft #learn #business #owners #story

Building Europe’s future, focusing on IT skills rather than degrees

As the digital transformation of economy and society accelerates, the question of a just and inclusive transformation must be at the forefront of considerations for deciders in the public and private sector.

“The Digital Decade is about making digital technology work for people and businesses. It is about enabling everyone to have the skills to participate in the digital society. To be empowered. It is about empowering businesses. It is about the infrastructure that keeps us connected. It is about bringing government services closer to citizens. Europe’s digital transformation will give opportunities for everyone.” Margrethe Vestager, executive vice president for A Europe Fit for the Digital Age, July 2022.

The Digital Decade is about making digital technology work for people and businesses.

The European Union (EU) has grasped the urgency and importance of providing digital skills to citizens, declaring 2023 the European Year of Skills. Reaching the EU’s goal of 80 percent of Europeans with basic digital skills and 20 million ICT specialists by 2030 won’t happen in a snap. The opportunities here are immense: the World Economic Forum predicts 97 million new jobs related to technology. Many promise to be better jobs than the ones they will replace. Because skills in cybersecurity or the internet of things, for example, can lead to positions that offer opportunities for advancement and life-changing opportunities for people everywhere, including underprivileged or marginalized communities around the world.

The scale of the digital skills challenge and opportunity demands close collaboration with the tech industry, governments, and academia — to close the gap in technology skills that stood at 2 million unfilled tech jobs globally in 2022[1].

What’s more, those who have been displaced will in many cases be good candidates to upskill for the new roles. A high percentage of these jobs don’t necessarily require a high-level degree, for example. Many roles demand candidates have the right tech skills rather than degrees.

Accessibility and flexibility are key

If there is one glaring truth that surfaces from all my encounters throughout Europe it’s that for a training and upskilling program to work, learners must be empowered in ever more flexible ways, to learn where and when they want.

For a training and upskilling program to work, learners must be empowered in ever more flexible ways, to learn where and when they want.

A learner-centric approach is what will make a training program relevant to learners. I firmly believe that our focus on regularly offering new pathways and learning formats is one of the main reasons the Cisco Networking Academy has managed to empower over 17 million learners in 25 years.

Our new Skills For All offering, which proposes self-paced introductory and intermediary courses in cybersecurity, networking and data management, will continue to contribute to this success. It lowers the barriers to entry by allowing learners to dip their toes in the water on their own terms before deciding whether to take the plunge.

Jobs in IT can provide an accessible opportunity for people looking to change their lives and launch themselves into a new career. This is even more true for the underprivileged, underrepresented and underserved.

One obvious starting point is addressing the gender gap in tech. Historically, 26 percent of Networking Academy students over the past 25 years have been women. We’ve made strides forward, but we seek more to benefit from the wider perspective and fresh ideas that the strong inclusion brings of women in the IT sector. This flexibility, however, must be accompanied with a clear effort to remain accessible to as many stakeholders as possible. One of the secrets to the success of our program is the long-term collaboration with public-sector education, administrations, and even armed forces. A collaboration that rests on our focus on keeping our program free of charge and vendor agnostic, and on focusing on training learners in the skills required in the industry.

Reaching every sector with the right digital skills

The challenge we face is that the digital transformation in Europe is not exclusively the business of tech and IT. It impacts everything, from the average agricultural cooperative in Romania, Greece, France or Spain that needs to understand the impact that digital transformation can have on farming, to the local administrations needing to better protect the information of their citizens as increasing numbers of services digitize.

Each scenario requires skills-focused learning pathways so that learners can quickly and easily acquire the knowledge they need in a simplified format.

A responsibility to the future

Today, we are at a critical turning of the tide. I look forward to being able to touch down in any European city in 10 years and see the impact of the talent that we’ve nurtured and empowered. Talent that includes more women, minorities, people with disabilities, adult reskillers, school leavers… the list goes on.

Cisco stands ready to support Europe in its objectives to bring digital skills to more citizens to maximize the opportunity that technology offers, by developing the next generation of talent.

At Cisco, we feel we have a responsibility to make the digital transformation an inclusive one. And I’m incredibly excited to see how our incredible ecosystem of over 11,800 educational institutions and more than 29,000 instructors will strive to deliver on our goal of upskilling 25 million people in the next 10 years.

Cisco stands ready to support Europe in its objectives to bring digital skills to more citizens to maximize the opportunity that technology offers, by developing the next generation of talent who will push the capabilities of technology even further and to give people the skills to engage with technology more securely. Because when people are empowered to craft a more inclusive digital transformation journey, it becomes synonymous with a more prosperous society.


[1] https://technation.io/people-and-skills-report-2022/#key-statistics



Source link

#Building #Europes #future #focusing #skills #degrees