05 Dec Two-factor authentication and a catphish in a pear tree…
The end of the year comes with an opportunity to review and reflect, which are critical parts of the learning process. Cybersecurity awareness is no exception.
To help strengthen those brain pathways with repetition, we are counting down to the holidays with a look back at the 12 NINJIO topics of 2022 with crucial lessons for employees’ cyber awareness. These topics outline the array of attack vectors that cybercriminals have used in real-world incidents to breach security protocols and exploit businesses.
To learn how to prevent, spot, and thwart these vectors, revisit your NINJIO episodes—or get in touch with our security awareness analyst team to access our full training library.
It’s time to get NINJIO’d with our 12 days of security awareness Christmas countdown.
Dec. 14, 2022
- 2FA Bots: Security experts are seeing a massive increase in crimeware services available on the dark web. One example involves a “2FA Bot”, which intercepts two-factor authentication codes, allowing hackers to log into a victim’s sensitive websites such as banking and investment accounts, social media, and retirement platforms.
Dec. 15, 2022
- Malicious Apps: Over 300,000 Android users were hit with Banking Trojan Malware that allows hackers to steal login credentials for banking websites. The malware was installed on victim devices when they downloaded malicious apps from the Google Play app store.
Dec. 16, 2022
- Watering Hole Attacks: A major vulnerability called “Log4J” has left an alarming number of companies and software vendors exposed to extreme risk of compromise. The vulnerability allows bad actors to manipulate data, infect systems with malware, and potentially gain control of systems altogether. One example of how this attack may put an even wider group at risk is through watering hole attacks—when criminals target a specific group of users either infecting the websites they usually visit or luring them to a malicious site.
Dec. 17, 2022
- Catphishing: The Netflix documentary “Tinder Swindler” has cast a spotlight on catfishing — spelled with an “f” — where con artists use romance to break hearts and bank accounts by tricking victims into sending money. Another variety is Catphishing — with a “ph” — where con artists trick corporate victims into sending sensitive information such as login credentials or access to sensitive data.
Dec. 18, 2022
- Cybersecurity culture: When geopolitical conflict is high, cyberthreats increase – making heightened awareness more critical than ever. Organizations that are successful in building a cybersecurity awareness culture have a greater chance of mitigating the risk, as everyone plays a crucial role.
Dec. 19, 2022
- Insider Threats: The cybercrime group – LAPSUS$ – made headlines recently by hacking such big name corporations as NVIDIA, Samsung, Microsoft, and Okta. One vector LAPSUS$ used involves recruiting insiders through online advertisements offering to pay employees for access to their company’s network.
Dec. 20, 2022
- Ransomware: Tire manufacturer, Bridgestone, recently experienced a ransomware attack that shut down production at its factories, putting added pressure on an already struggling supply chain. Ransomware attacks are increasing in sophistication and affecting thousands of organizations worldwide.
Dec. 21, 2022
- Spear Phishing: Horizon (blockchain bridge) recently revealed that hackers stole $100 million in cryptocurrency. Researchers speculate the breach was the result of a “private key compromise,” where hackers obtained the password required to gain access to a crypto wallet. Spear phishing is a common technique bad actors use to compromise such credentials.
Dec. 22, 2022
- Call Center Scams: Flagstar Bank was compromised in a data breach that stole the personal information of more than 1.5 million customers. Call center scams are an increasingly prevalent threat that can lead to such incidents.
Dec. 23, 2022
- Credential Hygiene: Networking and security giant Cisco revealed a threat actor breached their network by tricking one of their employees using a multi-pronged attack. Protecting your login credentials with good credential hygiene is paramount to effective security.
Dec. 24, 2022
- Security Updates: Apple recently urged its users to update their iPhones, iPads and Mac computers after a security flaw allowed hackers to take over these devices. Updating your software in a timely manner is crucial to keeping your devices and information secure.
Dec. 25, 2022
- MFA Fatigue. Uber suffered a data breach after hacking collective Lapsus$ overwhelmed a contractor using MFA fatigue to gain access. Being suspicious of unrequested authentication requests is key to staying secure.
Congrats! You made it to the finish line. Your gift this year is a robust security awareness toolkit to take with you into 2023. Wishing you happy holidays and a secure New Year from the NINJIO team.