Cybersecurity is a dynamic domain, and our ignorance fuels the attacks and malicious schemes of adversaries. Learning about cybersecurity has become crucial in today’s times, and these headlines will give you some idea about what goes on out there and how you can keep your information assets safe from threat actors.
Zoom’s New Anti-Raid Feature
The year 2020 has been all about surviving the pandemic and Zoom raids on the popular video conferencing app Zoom. The application makes it to the headlines almost every other for some security flaw or vulnerability. However, this time around, Zoom is finally doing things right by introducing a new feature called At-Risk Meeting Notifier, which promises to eliminate the threat from Zoom raids or Zoombombing.
Through Zoom raids, malicious actors trespass a Zoom room and disrupt the meeting via vulgar comments, content, or threatening statements. With Zoom’s new feature, all public posts with Zoom links will be scanned on the app’s back-end servers, searching for illegal third parties trying to enter a meeting room. If such issues are found, Zoom will automatically notify the meeting host about the same.
Zoom raids have caused much chaos in the cyber world since March, and though late, we’re glad that Zoom is finally doing something about it! The question now is: how efficient will the At-Risk Meeting Notifier feature be as a cybersecurity tool?
Origin Dollar Loses $7 M in Two Months of Launch
In just two months of the launch of its stablecoin project, Origin Dollar (OUSD) lost $7 million to a hack. The attack was detected on 17th November, and deposits to the vault have been disabled since then. Among the stolen funds was $1 million worth of deposits by Origin’s employees and founders. Origin co-founder Josh Fraser notified that the stolen funds were believed to be in an Ethereum wallet with 2.249 million DAI and 7,137 ETH. Although Fraser has assured that their team is working on ensuring ransomware protection and recovering the stolen funds, no significant progress has been made so far.
Origin also plans on compensating the loss of affected shareholders and urges them not to invest in OUSD. They are keen on identifying the attacker but have promised to avoid legal actions if the adversaries return the stolen funds.
FIN7 Leader Pleads Guilty
The Ukrainian ringleader of the hacking group FIN7, Andrii Kolpakov, pleaded guilty to stealing payment card records and over $1 billion from global enterprises. The hacker group escaped the scrutiny of email security services by pretending to be a cybersecurity vendor and conned several firms, including Red Robin, Whole Foods, Sonic Drive-In, Saks Fifth Avenue, Chipotle, Trump Hotels, etc.
Kolpakov was arrested by the Spanish police in June 2018 and then handed over to the U.S in 2019. He was found with a laptop, hard drives, and phone storing payment card information of thousands of people. Such a massive amount of data theft is bound to get a strict penalty, and Kolpakov, for one, has been sentenced to 25 years in prison.
Healthcare Sector To Experience More Cyberattacks In 2021
A Black Book Market Research report states that data breaches in the healthcare industry might triple by 2021, and here’s why they reached that conclusion:
- A 300% increase in data breaches is predicted, with 1500 healthcare facilities vulnerable to data breaches.
- Around 75% of healthcare facilities were ill-equipped to handle cybersecurity issues.
- Email security as a service lacks in the healthcare sector because of which the number of successful cyberattacks only keeps rising.
- The demand for cybersecurity experts in the healthcare industry is always undermined.
- The lack of zeal among the healthcare facilities to face a cyberattack, and the readiness to pay ransom encourages the adversaries to launch more attacks.
- 75% of surveyed CISOs confessed that CISOs do not prefer to work in the healthcare sector because of the minimal decision-making power given to them and the responsibility they are made to own up in case of a cyberattack.
Unrivaled Threat From Ransomware
Covid 19 has affected the world both at a physical and a virtual level. Amidst all the cyberattacks that have gained momentum in the pandemic, ransomware remains unrivaled as the most commonly occurring form of a cyber attack. This is mostly true for Managed IT Service Providers (MSPs), 60% of whose SMB or Server Message Block clients have undergone a ransomware attack in Q3 2020.
Poor implementation of anti-phishing and ransomware protection measures, combined with the lack of cybersecurity awareness, leads to increased ransomware attacks. Enterprises must rely on multi-factor authentication, Single Sign-on (SSO), and other cybersecurity tools and strategies rather than fixating on a linear cybersecurity approach or measure.
Obvious Passwords Still Actively Used
Despite all the instructions and healthy password habits propagated online, people continue using obvious and easy-to-guess passwords like “123456” or “password.” A recent analysis by Nordpass reveals that only 44% of passwords leaked in 2020 were unique or not easy-to-guess.
Passwords should be impersonal and filled with upper and lower case letters, numbers, and symbols placed interchangeably. Still, people seem to dislike putting in the effort to create such strong passwords and settle for the easy-to-remember ones like “123456789,” “picture1,” “12345678,” and “password,” among others. These may be easy to recall, but they are easier to decrypt and hence need to be avoided. Such weak passwords render phishing prevention measures powerless and result in the compromise of sensitive information.
And that’s the week that was.