Category: News

Cyber security has always been vital but we need to make a conscious effort of learning how to keep ourselves safe as the fine line between our online and offline lives is indistinguishable. Protecting yourself online — your identity, data, and devices — is critical in today’s world where the internet is prevalent in nearly every aspect of our lives. More and more people rely on the internet for financial services, business and social connection and of course work and daily tasks.

National Cyber Security Awareness Month, now in its eighteenth year, encourages individuals, businesses and institutions to take time to educate themselves about cyber risks and online safety practices. This year’s theme is “Do your Part, Be Cyber Smart”.

Since its inception, Cybersecurity Awareness month has grown exponentially, reaching consumers, small and medium-sized businesses, corporations, educational institutions and others across the U.S. 

This year alone, ransomware attacks involved schools, healthcare organizations, fuel pipelines, food suppliers, and several organizations, often resulting in disruptions that have impacted public health, the supply chain, plus national and economic safety and security.

Some facts and figures of cybersecurity risk:

• 88% of data breaches are caused by human error. (Tessian)

• The average total cost of a data breach in 2020 was $3.86 million and took an average of 280 days to identify and contain. (IBM)

• The use of new breach techniques has boomed as a result of the COVID-19 pandemic, with 35% of breaches having leveraged new techniques in 2020. (Cynet)

It seems coronavirus cases because of the new delta variant are not the only ones on the rise, pandemic-related email scams are too.

Researchers at security firm Proofpoint found out that in June, coronavirus related phishing attempts increased 33 percent, compared previously when concerns about the virus temporarily waned. The increase came when Google searches for “delta variant” were peaking. This type of attack will only evolve to reflect new coronavirus concerns.

Phishing is a type of scam where hackers send emails in attempts to trick recipients into clicking a link or attachment. They know that employers or health organizations sending out communication about the coronavirus compels people to click as dictated by their emotion.

In line with this, the tactics have evolved together with the pandemic. When many Americans were out of work, phishing scams focused on unemployment claims as well.

We’re slowly learning to live with ongoing precautions of the pandemic, and the coronavirus, for many, has gone from a novel threat to a banal reality. And by banal, that means employers are asking for negative test results, return-to-work feedback forms and, in some cases, proof of vaccination. That’s certainly fertile ground for phishing and ransomware.

Next time you receive an email with coronavirus updates, or those from fake health organizations asking for proof of vaccination or messages saying you’ve been let go, stop and read closely and check for signs of phishing. Keep an eye out for misspelled Web addresses, grammatical or spelling errors and slightly altered email domains. Also verify requests through a second channel just to be safe. Hackers have poor customer service and won’t go the extra mile in stealing important information. These digital criminals move on to an easier target once there is even the slightest inconvenience.

Internet security watchdog group Citizen Lab said last week, an Israeli spyware company named NSO Group developed a tool to break into Apple products with a never-before-seen technique that defeats security systems designed by Apple in recent years.

The spyware, named Pegasus, used a method to inconspicuously infect Apple devices without being detected by the victims. In the past, we could only learn that our devices were infected by spyware only after receiving a suspicious link texted to our phone or email. But NSO’s zero click remote exploit meant victims received no such warning, and the flaw enabled full access to a person’s digital life. It is considered the Holy Grail of surveillance because it allows governments, lawbreakers and mercenaries to invisibly break into someone’s device without tipping the victim off.

The discovery of this infection means that since March, more than 1.65 billion Apple products in use worldwide have been at risk to NSO’s spyware. Apple’s security team had worked around the clock to develop a fix. Ivan Krstić, Apple’s head of security engineering and architecture, commended Citizen Lab for its findings and urged customers to run the latest software updates for the fixes to take effect, by installing iOS 14.8, MacOS 11.6 and WatchOS 7.6.2.

Later this year, plans to introduce new security defenses for Apple’s texting application iMessage in its next iOS 15 software update, are expected.

On the other hand, NSO did not immediately respond to inquiries.

As cyberattacks proliferated this year, the most recent ones around the world have taken down operations at medical facilities, grocery chains, and gasoline pipelines plus potentially put some intelligence agencies in compromising situations. But they have been a bonanza for cybersecurity start-ups. These companies that sell security products and services have a bigger market and mission than ever before. So far, breaches have fueled concerns among companies and governments, leading to increased spending on these products. Investors have poured more than $12.2 billion into start-ups that ensure their cloud security, identity verification and privacy protection.

The money is flooding into those that are getting to grips with hackers in new ways. Traditionally, security systems at companies relied on the idea of securing a perimeter such as firewalls to protect access to their corporate network. But a shift to cloud computing over the past several years has rendered the perimeter and dependency on corporate networks obsolete. The pandemic provided momentum when people shifted to remote work, which required securing remote access systems.

Other internet security businesses have also benefited. One in particular that makes sure users are who they say they are when they join a platform, collected $394 million last month.

In conclusion, with security start-ups going public or being acquired for large sums, and cybersecurity threats mounting, the financial gain is likely to continue. When something like this hits the average person’s mind, people realize that this is definitely here to stay.

Although it is one of the world’s biggest consultancy firms, Accenture wasn’t spared from being targeted by ransonmware gang Lockbit. The firm has confirmed the incident and Accenture spokesperson Stacey Jones said in a statement, “We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from back up. There was no impact on Accenture’s operations, or on our clients’ systems.”

LockBit has targeted thousands of organisations since being active in September 2019. They have claimed responsibility for the attack last Tuesday. According to cybercrime monitoring firm Cyble, August 12 was the ransom deadline and they demanded $50 million for 6 terabytes of data. 

Paying of ransoms is strongly discouraged by cyber experts. One of the reasons is because ransom payers don’t necessarily get all their data back, and it is highly likely that what they do get back cannot be trusted.

Since most consulting firms sell technology and cybersecurity services to their clients, they need to be critical against security threats. If they can’t prevent breaches of their own operations then how can clients be assured that they can be trusted to offer quality service, especially in keeping sensitive information. Breaches can and do occur but they need to be vigilant in maintaining the highest cyber defenses.

Mastercard conducted a survey on new payments across 18 markets globally and a majority of consumers polled said they were willing to consider cashless methods such as digital or mobile wallets, QR codes and even cryptocurrencies on e-commerce sites. Sandeep Malhotra, executive vice president of products and innovation for Asia Pacific at Mastercard said, “Ninety percent of the consumers have tried at least one emerging payment type in the last year. And out of those, two thirds of them have actually done it for the first time. And 60% of the consumers would like to shy away from the merchants who do not offer electronic payments of any kind”.

Threats over cyber security have become a growing concern as more people turn to payments online. According to the survey, one out of four consumers have experienced some kind of a fraud last year. And just because everybody was staying home, there was a good 49% increase in cybercrime.

As a result, Mastercard has taken a number of measures to build consumer confidence when using its credit cards for online payments. They are creating safe and secure solutions, and offering that comfort to the customer. Whether it’s using biometrics or using different kinds of verification methods beyond pins and passwords. And that is the assurance the consumer is looking for.

At the end of the day, the consumers have to be aware what their information is being used for. It’s safe to say there is greater awareness now, with the data protection act, about what kind of information that they should give to platforms that are collecting those data.       

In the last few months, cyber attacks targeting essentials of daily American life such as healthcare, food, water and transportation have seen a rapid increase. The surge has been years in the making and although these are not new, the White House issued an open letter to companies asking them to treat the threat of attacks with greater urgency. In April, the US Department of Justice declared 2020 as the worst year for extortion-related cyber crimes and thus created a task force to help fight it. The crisis in this pandemic is a perfect storm. With millions of Americans and other people all over the globe shifting to remote work and using personal modems or routers, significant vulnerabilities have been revealed that only make it easier to carry out such attacks.

Many people think that cyber attacks just mean stealing personal information or money online. But what was previously seen as a nuisance is quickly becoming a national security problem as even physical infrastructures are being targeted.

There is difficulty in stopping these attacks. In dark corners of the web, it is now easier to find ways not to get caught. Criminals can even evade law enforcement and financial regulators with the growing popularity of cryptocurrencies. These offer anonymity and are regulated differently from country to country.

Though the US government is doing all they can, Deputy Attorney General Lisa Monaco says, “We cannot guarantee, and we may not be able to do this, in every instance.” Staying vigilant is the primary way to prevent these cyber crimes. But as there are too many attacks, it is impossible to stop all of them.

One of the most challenging issues for small businesses is cyber security. The Covid-19 pandemic has posed a bigger threat for cybercrime as it has forced many businesses to operate remotely. Studies reveal that in small business workforces, 63% are now working remotely. Coupled with the lack of basic cybersecurity knowledge, 53% of those in the US believe they are now more vulnerable to cyber attacks more than ever.

Being a small business doesn’t mean small costs when it comes to cyber attacks. Studies show 23% of small businesses had suffered at least one attack in the last year and the average cost is $25,612.

The most common point of entry for cyber criminals is the company servers, so a critical step in order to minimize vulnerabilities is to ensure that they are secured. That being said, employees should be vigilant against cybercrimes and they need to be educated and involved on how to prevent this. It is important to be able to identify what is and isn’t a reasonable online request, detect any intrusions and continue monitoring until issues are resolved. Alerts are to be in place in both automatic and manual logging. It is critical that businesses have robust procedures to mitigate any risks brought about by the new work practices. A simple checklist for internal staff could mean saving the business tens of thousands of dollars. Regular cybersecurity awareness training should be updated with this kind of basic knowledge.

The public is alerted of the many fake government-issued COVID vaccination cards sprouting online. There are listings of blank vaccination cards with the Centers for Disease Control and Prevention (CDC) logo found on e-commerce sites such as eBay, Etsy and Shopify.

FBI issued this alert reminding everyone that by purchasing fake COVID-19 vaccination cards, not only you are endangering yourself and those around you, but you are also breaking the law. Violators caught selling and buying these forged vaccination record will be subject to prosecution with a corresponding fine and/or imprisonment of up to 6 months. Meanwhile, unauthorized use of an official US government seal is considered a crime thus if the cards have the official CDC seal, the penalty for those responsible in printing it would face additional fine and a sentence of maximum five years in prison. 

If you are still using AOL, be wary of this “old school” email phishing scam. According to a post from BleepingComputer, the said scam is underway to steal users’ login name and password by warning recipients that their account is about to be closed. Its subject indicates – “Mail Box will close in 3 days log in to re-activate.” The email content states that users will need to login and verify their email within 72 hours with the following warning:

“We noticed you haven’t updated your account information recently, and since your security is our top priority, we plan to close this account as soon as possible. It’s going to take 3 days unless you act soon. Unless you verify this account, it will be closed in 72 hrs,” 

Clicking the link so you could “verify” your account will redirect to you a phishing landing page. This fake page will ask users to enter their login info (email + password) before sending them to the standard AOL login page. If, for some reason, you fell for this scam and have already entered your login details, the first thing to do is change your password ASAP. You may also contact AOL support if you need help in doing so. Always keep in mind to never click such emails. Make it a habit to apply these basic practices to keep your account safe.

• Check that the email comes from a legit source and whenever you enter your login credentials on a website, make sure that the link is secure and not a spoofed one.
• Don’t click on pop-ups (online quizzes, fake software updates, discount coupons and the likes). They will direct you to malicious websites.
• Use firewalls and install an antivirus software.
• Lastly, do not share your personal information on the web – birthday, bank details, maiden name, etc. Avoid filling up forms which requires you to enter such details.