The damaging effects of ransomware hit $11.5 billion in 2019 and doubled in 2020 as new, more damaging and dangerous strains of ransomware (Maze, Sodinokibi, Ryuk, Dharma) hit companies. In December 2020, high-profile security vendors officially took action, teaming up with the Institute for Security and Technology (IST) to form a Ransomware Task Force (RTF). Some of the high-profile members included McAfee, Microsoft, and Rapid7 alongside cyber advocacy groups such as the Cyber Threat Alliance and Global Cyber Alliance.
AbnormalSecurity reported recent phony IRS-based phishing attacks on an estimated 15-50 thousand email inboxes. The attack’s purpose was to gain personal information that would allow hackers to perform ID theft or tax refund fraud. This attack had victims completing a fake W-8BEN IRS tax form as a PDF attachment. However, when compared to the real W-8BEN tax form on the IRS website, the form in the email asks for much more personal information. Enough personal information in fact to steal one’s identity.
The Internal Revenue Service (IRS) announced, at long last, that in January 2021 taxpayers can apply for an Identity Protection Personal Identification Number (IP PIN). This single-use code blocks identity thieves from fraudulently submitting a tax return in your name to collect your tax refund! This is a long-overdue security measure to the US tax system. Until now, IP PINs were only issued to victims of ID theft or tax refund fraud. CyberHoot recommends everyone get your IP PIN!
Google’s Project Zero cybersecurity researcher Ian Beer discovered how he could break into a nearby iPhone and steal personal data from it. He exploited a weakness in Apple’s Wireless Direct Link (AWDL), a wireless connectivity protocol for sharing data between Apple devices. His attack did not require victim interaction and resulted in complete control of an iPhone. Following responsible disclosure practices, he reported the issues to Apple and they quickly issued a patch. Beginning with iOS 13.1.1x and Mac OS 10.15.3x you are no longer at risk.
With the holiday season officially behind us, now may be a great time to find hi-tech deals, but CyberHoot requests you proceed with caution. As always, you know to be wary of “too good to be true” deals and to watch out for Black Friday Scams. But, you should also know that some of the hi-tech equipment you’re buying may introduce new risks, alongside the touted benefits, to your lives. This blog discusses security risks with a popular item from this past holiday season, ‘Smart’ Doorbells.
Cybrary Term of the Month
Clickbait is Internet content that uses overemphasized or misleading headlines to lure a person into clicking a link. Once the link is clicked, it brings the user to another website that contains multiple advertisements and sometimes malicious content. The most common objective of clickbait is to drive page views on websites, whether for their own purposes or to increase advertising revenue. Clickbait can also be used in phishing attacks, either driving users to a different page where they enter personal information or having users click links that installs malware.
CyberHoot provides password-less access. Zero time wasted searching for websites, resetting passwords, and delayed login. Click an email link for instant training access!
Everything you need to learn cybersecurity skills is handled through email including training assignments, reminders, management compliance reports, and "My CyberHoot".
CyberHoot automates non-compliance through manager email notifications. Compliance status of employees for managers is enabled so you always know where you stand.
Cyber"Hoots" are most often 5 minutes or less. This ensures your staff get trained quickly with the most effective solution.
The Power of Open
CyberHoot is an open cybersecurity training Platform. Any video or PDF can be used to train and govern your employees.
In a survey of 100 CyberHoot users, 60% would be "Disappointed" or "Very Disappointed" if CyberHoot Training was stopped.