Highly publicized ransomware breaches at Colonial Pipeline and JBS meats has congress seeking new federal legislation aimed at forcing government agencies, subcontractors, and suppliers to report breaches within 24 hours to DHS’s Cybersecurity and Infrastructure Security Agency (CISA). The claim is they need this data but CyberHoot believes the legislation needs prescriptions for prevention. Learn what you should be doing to protect yourself in this article.
Colonial Pipeline halted operations in May due to a ransomware attack. They carry 45% of the fuel used on the U.S. East Coast and the shutdown lead to long lines at gas pumps. The hacking group named ‘Darkside’ carried out the attack. They exported 100GB of data and threatened to release it online to the public if a bitcoin ransom wasn’t paid. Colonial obliged and the rest was history until the FBI recovered ‘unrecoverable Bitcoin’ funds. Learn what may have happened to allow the FBI to recover 95% of the ransom.
The FBI released a statement in April 2021, warning of cybercriminals using fake job listings to target applicants’ Personally Identifiable Information (PII). In the COVID-19 era, over 16,000 people were reported to the FBI as scammed through fake job listings with losses totaling more than $59 million. Over 2,000 interview scams have been reported to the FBI in 2021 already! Read all about how to protect yourself from this scam on CyberHoot.
A phrase that is making waves in the financial world is Decentralized Finance or DeFi for short. DeFi uses cryptocurrency and blockchain technology to manage financial transactions outside the control of traditional financial institutions such as banks, brokerage firms, and government-run exchanges. DeFi aims to parallel traditional, centralized institutions (mediators), with direct peer-to-peer financial relationships for loans, mortgages, and asset trading. DeFi is upsetting traditional financial markets. Buckle your seatbelt as there will be turbulence ahead!
Following the Ransomware Attack on the Colonial Pipeline, Texas Governor Greg Abbott took action and announced that he was signing a new cybersecurity law that penalizes those who don’t comply with previously enacted cybersecurity training requirements (HB3834). The pipeline attack left 100GB of data ‘locked’ and caused the shutdown of the U.S.’ largest pipeline leading to gas station shortages not seen since the 70s.
If you follow cybersecurity news headlines, you might worry only about ransomware attacks. However, there is always a new approach that catches the hacker community’s eye and is exploited to the detriment of Small and Medium businesses. In 2020, that threat was Business Email Compromise (BEC) that often led to Wire Transfer fraud and the loss of 10’s of thousands of dollars per incident (sometimes 100’s of thousands). But is it bigger than Ransomware? The answer depends on who you ask, but is likely no; read on to find out.
Cybrary Term of the Month
Business Email Compromise (BEC) is when an email account, often in a company’s finance department, is broken into and controlled by a hacker. This is often accomplished through a phishing attack that leads to credential theft as outlined in CyberHoot’s article titled the ‘Domino Attack’. Credentials are stolen when a victim clicks on a fraudulent phishing email link or opens a fake invoice. Doing this brings the victim to a malicious but believable website identical to the real vendor’s website, that prompts the user to enter their email and password. BEC attacks often come from someone your CFO already knows, meaning the sending email address is actually correct and expected.
CyberHoot provides password-less access. Zero time wasted searching for websites, resetting passwords, and delayed login. Click an email link for instant training access!
Everything you need to learn cybersecurity skills is handled through email including training assignments, reminders, management compliance reports, and "My CyberHoot".
CyberHoot automates non-compliance through manager email notifications. Compliance status of employees for managers is enabled so you always know where you stand.
Cyber"Hoots" are most often 5 minutes or less. This ensures your staff get trained quickly with the most effective solution.
The Power of Open
CyberHoot is an open cybersecurity training Platform. Any video or PDF can be used to train and govern your employees.
In a survey of 100 CyberHoot users, 60% would be "Disappointed" or "Very Disappointed" if CyberHoot Training was stopped.