Microsoft Update Dilemma, Cyberattack Disrupts LKQ, Krispy Kreme Breach – Cybersecurity News [December 16, 2024]

Cybercriminals are intelligent and innovative, proactively searching for notorious ideas to launch their cyberattacks. This week’s news article discusses two innovative methods that threat actors consider, the crypto-romance scammers and the digital arrest scam. Nowadays cyber attackers are willing to target almost anything, we will learn about the two attacks that targeted on an online doughnut chain and an auto parts company. Hence, efforts are being made on grounds of user awareness and system updates that should help prevent such attacks. But downloading and installing updates can also be confusing so we have also discussed whether to download the latest Microsoft system update or not. Read on to learn more.  

Microsoft Updates Confusion – To Download Or Not To Download?

Microsoft released its December Patch last Tuesday, containing a list of 71 vulnerabilities, including a new zero-day version. So, can users safely download it? Yes, Windows 11 users can download these updates, but what about users working on earlier Windows versions? Microsoft states that all users can download these updates but warns them that they could lose access to future security fixes if they update their PCs. So, it has become a million-dollar question for nearly 400 million users. 

What is the confusion about? Migrating to Windows 11 from earlier versions requires users to ensure that their PCs meet the TPM 2.0 Hardware Hurdle. So, PCs without the minimum system requirement cannot upgrade to Windows 11. However, with Windows 10 approaching the end of its lifespan, Microsoft has changed its stance and issued instructions for installing Windows 11 on incompatible PCs, including the rider that they will lose Windows 11 support. Should users download the latest December patch or not is an unanswered question. 

The solution is to install the TPM 2.0 hardware and then upgrade to Windows 11.

Cyberattack On Auto Parts Firm LKQ Disrupts The Canadian Business Unit

LKQ Corporation, a major US auto parts supplier, informed the SEC of a cyberattack that caused massive disruptions to its Canadian business unit. LKQ has over 45,000 employees working at more than 1600 locations across two dozen nations. The company has revealed in its 8-K filing with the SEC that cybercriminals had unauthorizedly accessed one of its business units in Canada on November 13, 2024. This attack disrupted its business activities for a few weeks before the company contained the threat. No one has taken responsibility for the attack, but still, many consider it a ransomware attack. However, the company is working at near-full operation today.

That brings us to the dangers that ransomware attacks can cause to companies globally. Therefore, organizations must equip themselves to thwart any such attack. Store data on independent, stand-alone servers to enhance ransomware protection. Secondly, creating awareness among its employees is another way of countering ransomware because they learn how to handle suspicious files, emails, and document attachments.

Krispy Kreme Doughnuts Cybersecurity Breach

Ordering delicious doughnuts online is fun, but users must be aware of cyberattacks that can disrupt online systems. Recently, the doughnut chain Krispy Kreme was hit by a cyberattack that affected the online ordering of doughnuts. Krispy Kreme reported this cyberattack in its latest regulatory filing with the SEC. While online activity was disrupted, the cyberattack did not have a material impact on its brick-and-mortar stores.

No cybercriminal group has claimed responsibility for the attack. However, Krispy Kreme has told BBC that it has taken steps to investigate and contain the incident by bringing in cybersecurity experts. The team is working hard to restore online ordering. Meanwhile, the company has stated in its SEC filing that it has cybersecurity insurance, which allows it to offset the loss.

This attack proves that cybercriminals have no favorites when launching cyberattacks.    

Nigeria Arrests Nearly 800 Honey-Trap Crypto-Romance Scammers

Cybercriminals keep innovating novel ways to target victims. Luring prospective victims with offers of romance is nothing new, but the technique has evolved considerably, with malicious actors demanding victims to hand over cash for phony cryptocurrency transactions. The Nigerian anti-graft agency has tightened its screws on such scams by arresting nearly 800 suspected fraudsters in a raid on a premise believed to be a cybercrime hub. 

Educating people is the only way to counter these threats. Therefore, one should know how these attacks operate. These criminals contact their targets through social media and platforms like Instagram and WhatsApp. After gaining their confidence, they seduce them online and offer lucrative investment opportunities. This leads them to pressure victims to transfer money for cake cryptocurrency schemes. 

How do you identify a cryptocurrency scam? People should realize that any scheme that offers unrealistic returns in a short period and sounds too good to be true is a red flag. They should avoid responding to such messages and be on their guard.   

Digital Arrest Scam Is The Latest Cyberthreat In Town Today

Digital payments are the order of the day. India is leading the global arena in digital payments with innovative techniques like Unified Payments Interface(UPI), which have made digital transactions most convenient. Users can make secure digital payments using their mobile phones. However, these innovative techniques have their flipside, as well. 

The Digital Arrest Scam is one such type of online fraud where malicious actors impersonate income tax and other law-enforcement officials to target gullible victims. How does the scam work? Cybercriminals contact victims through phone or video calls and falsely implicate them in legal cases such as tax evasion and money laundering. They create a sense of fear and urgency in the victims to threaten them with immediate arrest unless they pay a ransom or share confidential information. Sometimes, they create false scenarios like a fake police station and engage in video calls with their victims to make their victims believe that they are dealing with genuine law enforcement agencies.

The best way to prevent becoming a victim of the Digital Arrest Scam is to ignore calls and messages from unknown numbers, especially those claiming to be from government agencies like the police. The police never call their suspects over the phone. They have the power to visit your homes and question you if necessary. If you suspect a scam or have become a victim, you can report it to law-enforcing agencies to take further action.