CyberHoot Newsletter – May 2022

Emotet Has Reemerged as Top Malware in Circulation

The HP Wolf Security threat research team has identified a 2700% increase in Emotet infections in the first quarter of 2022, re-emerging in late 2021 after its command and control network was shut down by authorities in Jan. 2021. Once described by the Cybersecurity and Infrastructure Security Agency (CISA) as one of the most destructive and costly types of malware to remediate, Emotet has become the greatest malware threat in 2022 (representing 9% of all malware captured).

FIDO’s Passwordless Sign-Ins

In early May 2022, Google, Apple, and Microsoft announced plans to support a common passwordless sign-in standard created by the Fast Identity Online (FIDO) Alliance and the World Wide Web Consortium. Moving away from passwords is something CyberHoot has also embraced. We forgo a Password login instead relying on your authentication into your email client to then click on a special link sent to your work email.

Google Assisting in Personally Identifiable Information Removal

In late April 2022, Google announced they’ve enabled new options for removing Personally Identifiable Information (PII) from Google Searches. Google is expanding the types of data people can ask to have removed from search results to include personal contact information like your phone number, email address, or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request the removal of their images from Google search results.

Text Message Scams: A Growing Trend

Anyone who owns a cellphone has likely received an unexpected text message from a number they don’t recognize containing a link to be clicked on. Since April 1st of 2021, there has been a 6-fold increase in these nuisances and potentially dangerous texts. If you are to click on one of those links, you may be handing hackers valuable information they can use to swipe your bank account balance, fake your identity or even track your whereabouts. This type of social engineering attack is called ‘Smishing‘, which is simply Phishing through SMS text messages.

CyberHoot has Added 6 New Product Training Programs

CyberHoot has video programs that automate sending out new product training videos at automatic intervals (Daily, Weekly, and Monthly). CyberHoot has 6 brand new programs for FreshBooks, Google Workspace, Gusto, Mailchimp, Monday.com, and Xero.

Customer Spotlight

"CyberHoot delivers new content every month to our Operations, helping us get the most up-to-date training to our employees on the current threats. Used other tools for training and this is by far the best tools we used."

Humberto Cherritte

Planning & Analysis Director | J&L Cable TV Services, Inc.

CyberHoot Has Added 11 New Email Phishing Campaigns

Check out CyberHoot’s new email phish campaigns below. We have added campaigns for ADP, Experian, Gusto, and MyGlue. If you have ideas for phishing campaigns that we should add to our library, please send a request to support@cyberhoot.com.

Cybrary Term of the Month

Doxxing

Doxxing is the act of revealing identifying information about someone online, such as their real name, home address, workplace, phone, financial, and other personal information. That information is then circulated to the public without the victim’s permission.

While the practice of revealing personal information without one’s consent predates the internet, the term doxxing first emerged in the world of online hackers in the 1990s, where anonymity was considered sacred. Feuds between rival hackers would sometimes lead to someone deciding to “drop docs” on somebody else, who had previously only been known as a username or alias. “Docs” became “dox” and eventually became a verb by itself (without the prefix “drop”).