Jack’s Hacks: Volume 4
This month Jack focuses on Tesla’s data breach and cyberterrorism at London City Airport. He emphasizes the need for prevention, cyber insurance, and defense against state-sponsored hackers. Individuals are advised on smartphone location tracking and privacy measures.
The Last 30 Days in Cybersecurity: Notable Breaches, Outages & Ransom Demands
Massive Tesla Leak Reveals Data Breaches
The Guardian recently reported that Tesla failed to protect customer, employee and business partner data to the tune of over 100 gigabytes. The so-called “Tesla Files” contained more then 100,000 names of former and current employees, including the social security number of Tesla CEO, Elon Musk. The files also contained private email addresses, phone numbers, employee salaries and customer banking details. Tesla’s lawyers claim the breach was caused by a disgruntled employee.
Data breaches happen every day to companies of all sizes—including SMEs. Regardless of the size of the business, all breaches come with significant costs. The “Tesla Files” breach could cost the company 3.26 BILLION Euros. That’s a lot of money to pay out for something that could have been avoided. Cyber insurance is essential, but so is prevention.
Here are a few simple and inexpensive ways to the average business can avoid a cyberattack or data breach:
- Use multi-factor authentication (MFA) for all devices
- Get rid of your anti-virus and move to managed Endpoint Detection and Response (EDR) or Extended Detection and Response (XDR)
- Stay up to date with your patching, consider having someone manage it for you
- Secure and backup your Cloud properly. Google and Microsoft are not doing this for you
- Train and phishing test your employees monthly
- Get some help to understand your risks
Cyberterrorists Attack London City Airport
In late May, a cyberattack disabled London City Airport’s website for several hours. The pro-Russian NoName Hackers Group claimed credit for the attack. While the fall out of the attack was short lived, the group’s reputation for cyberterrorism sparked fears. And rightly so. While the motive of the attack is still unknown, one thing is clear: if cybercriminals can break into airlines’ and airports’ systems, they can get into yours.
Just because we tend to hear about the bigger marquee sector attacks, doesn’t mean the SME space isn’t impacted. We’re all at risk, regardless of size. The motivation for cyberattacks on small to mid-sized businesses is financial gain. Criminals know you need your information systems and data to operate your business. They also know how much an SME stands to lose in an attack—often relatively more compared to a big corporation with deep pockets. They count on SMEs to pay whatever it takes to get their business back and operational. And with SMEs driving western economies, the potential for disruption on a larger scale is real.
Microsoft Warns Chinese State-Sponsored Hackers Compromised US Cyber Infrastructure
Microsoft recently uncovered “stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States”. This is something to take note of. This isn’t about extorting money; this is about creating chaos and uncertainty where SMEs are used as steppingstones to access larger networks. Whether you’re a small business or a country, these kinds of attacks generally cast a very wide net. Attackers can easily be camped out in even advanced networks for weeks and months. It’s important to have the tools in place to stop active attacks in their tracks.
The Latest Cybercrime Trends
Audio DeepFakes Trick Employees into Phishing Scam
A recent post on IT Brew explains how scammers use audio to trick employees into phishing scams. Popular AI tools can machine-learn vocal patterns and offer realistic-sounding audio that can be sent straight to voicemail. Imagine getting an urgent voice mail from your boss directing you to share company data or to open an email. You’d likely go right ahead, and do as you’re asked, never suspecting that the voice might not belong to your CEO.
We’re seeing more and more of this with AI-assisted kidnapping or ransom scams making the news. AI tools are being used to copy people’s voice, image and video to conduct scams. Even businesses that rely solely on email are at risk. Scammers with access to company email can easily write in the voice and style of leadership to send fake emails to employees.
We must be careful and take extra precautions to verify who’s on the other end of the line.
Beware of Travel-themed Phishing
It’s vacation time! Better get that PTO request in before your colleagues claim all the good weeks. And your HR department just sent an email with a link to book time off. Or did they? Plot twist: they might not have. The Phishing Defense Center (PDC) released a report warning about a new sophisticated phishing scam that leverages employee trust. Scammers impersonate HR departments to send deceptive emails that trick employees into clicking a malicious link that then steals their credentials. This is yet another travel season scam to look out for. Be aware and stay cybersafe.
Cyber Risk Influences Company Credit Ratings
Now that credit-rating agencies are placing greater emphasis on how companies handle cyberattacks, decision makers must take cyber security seriously. As Security Intelligence reports, a company’s cyber risk can directly impact its credit rating. This can seriously impact the growth of a business. Cyber security solutions for business don’t have to be expensive if money is spent in the right places. The technology that kept you safe a couple of years ago isn’t going to keep you safe today and tomorrow.
Jack’s Top Monthly Hacks
For Businesses:
Prepare for the Inevitable: How to Survive a Cyber Attack
“There are only two types of companies: those that have been hacked, and those that will be.” Robert Mueller, Former FBI Director, 2012 RSA Conference.
A decade on and Mueller’s words have proven to be 100% true. What’s important to understand, is that you can survive a cyberattack and it doesn’t have to destroy your business.
You will get hit eventually. Someone will click on something they shouldn’t. Accept that a cyberattack is inevitable but refuse to accept that it must be devastating.
- Understand what you have and what must be protected
- Take the necessary measures to protect yourself and understand the type of cyberattack that poses the greatest vulnerability to your business
- Make sure you have quality cyber insurance
- Have a team ready to help when you are hacked—never try to go it alone
- REPEAT annually
For Individuals:
How to Stop Your Smart Phone from Secretly Storing Your Location
It’s no surprise that your smart phone tracks where you are. How do you think you’re getting those weather and traffic updates? However, you may not realize this data is for sale. And not just to advertisers. Law enforcement and government agencies have been buying data to track citizens for years. While you may think your life isn’t interesting enough to worry about all this, you should know that this data is incredibly revealing. According to Consumer Reports, it can be used to “infer demographics, habits, religious practice, and to reveal when people seek medical care from a place like Planned Parenthood.”
You can’t prevent your phone from tracking you entirely. If your device is turned on, your movements can be tracked through WiFi and Bluetooth. However, you can reduce the data location collected and make it harder for snoops to access your precise location:
- Read Google Support and Apple location setting instructions and make the necessary changes
- Check your location settings after updates or resets
- Never click blindly on permission pop-ups
Related posts
Sign up for the BOXX Insurance Newsletter
Get the latest updates about Cyber Insurance and Protection with our newsletter.