Cybersecurity news from ReliaShield
This month, we've got the latest information
about avoiding scammers at work and home.
Here’s a multi-million-dollar example of why employees are key to keeping organizations safe from cybercrime.
MGM Resorts is slowly returning to normal ten days after its hotels and casinos were hit with a ransomware attack. The company is now warning customers that their personal data is at risk.
The social engineering attack began when one employee at MGM’s employee help desk responded to a request to reset an employee’s password. But the call wasn’t from an employee. It came from a cybercrime group called BlackCat.
Once inside MGM’s systems, it took the hackers only 10 minutes to effectively shut down one of the world's biggest casino operators with 31 casino hotels.
Katell Thielemann, distinguished VP analyst at Gartner, told Cybersecurity Dive, “The particularly shocking part is the range of systems that were impacted, from IT systems to casino cyber-physical systems such as elevators, room card readers, ATMs, and building management systems.”
Examples of social engineering:
1: You receive an urgent, unexpected message.
In a phishing attack, cybercriminals send emails, text messages, or create webpages that seem to come from a legitimate source — a bank, government agency, or a familiar online retailer. When clicked or opened, the communications contain links or attachments that install malware or lead users to a fake website that collects usernames, passwords, or credit card numbers.
2: Someone you know claims to need help.
Spear phishing is a targeted form of phishing where the attacker customizes the message to an individual so it’s more convincing. Attackers gather information from social media or other public sources and masquerade as relatives, bosses, or friends. You can be a target of spear phishing even if you think you’re not important or wealthy enough.
3: Supply missing personal information.
The scammer creates a fabricated scenario or pretext to obtain your information in these cyber-attacks. They pretend to need certain information to confirm your identity. For instance, an attacker might pose as a technical support agent and claim they need the victim’s password to resolve a non-existent issue. Pretexting relies heavily on building trust with the victim and can involve in-depth research and elaborate stories.
To protect yourself, your family, and your job,
slow down and look for these clues when you get
an email, text message, or voicemail:
Is it unsolicited?
Is it unexpected?
Will "something bad" happen if you don’t respond right away?
Just because you receive an urgent message doesn't mean it's genuine.
MGM Photo licensed by atosan - stock.adobe.com • Malfunctioning terminal photo licensed by Getty Images - Tribune News Service
Clorox, the company that makes Clorox wipes, Pine-Sol, Burt’s Bees, Glad sandwich bags, Fresh Step cat litter, and Clorox Bleach, suffered a cyber breach in August that will limit its ability to deliver products and damage its profitability for months. The Record from Recorded Future News says Clorox is not commenting about the source of the attack or whether ransomware was involved.
Players of the popular online game Fortnite who believe they were charged for unwanted purchases have until January 17 to file a claim against the company. Fortnite has agreed to refund $245 million to players who were charged for items they didn’t want from 2017 through September 2022. Learn more at ftc.gov/fortnite.
Millions of us use AI chatbots like ChatGPT to conduct research and get assistance with our writing. What we probably don’t realize, says Chartr, is how much water those searches require. For every 5 to 15 queries, depending on the complexity, ChatGPT requires almost 16 ounces — a full bottle of water — plus enough electricity to power a 100-watt lightbulb for about 15 seconds.
What's "phubbing," and how could it affect your marriage?
How major news organizations have decided to use AI.
Why did your smartphone suddenly stop working?
The latest type of fake video tailored just for you.
“A purchase I didn’t make appeared on my credit card statement last month. My bank took care of the problem with one phone call. But how did this happen in the first place?”
Cybersecurity reporter Brian Krebs says the most common reason for credit card fraud is malicious software installed on terminals at a store. According to Krebs, crooks can take the stolen customer data and produce counterfeit cards used in big box stores to buy gift cards or expensive goods that can be easily resold for cash. So check your statement every month.
“Do iMac desktop computers with up-to-date OS Apple security software require additional virus protection? It seems the consensus is that they do not.”
They do. While Apple builds anti-virus protection into its computers, MacWorld says installing an extra layer of anti-virus protection is a good idea. Many brands offer a discount price that covers the first year’s subscription. If your family uses Windows, Chromebooks, and Macs, look for a brand that can be shared across all platforms.
"This makes me nervous. Every so often, this message pops up on my computer screen at home. Should I approve it?"
This pop-up alert is created by a software program on your computer called “Ransomwhere” (note the spelling — it ends in “where”). It's designed to protect against dangerous ransomware. Within that gobbledygook, you’ll see the words “adobe.acrobat.” Acrobat wants permission to examine files on your computer and display results when you search for a PDF, so yes, you can approve it. Installing a reputable brand of anti-virus and anti-ransomware software on your personal computer is wise, even if it means you get unexpected alerts from time to time.
Cartoon © 2023 CartoonStock | Original content © 2023 Aware Force LLC