And they aren’t just using emails to get it either
From voicemail deep fakes to malicious drones to point of sale systems becoming credit card repositories, the methods hackers use to try to steal not only personal information but sensitive company data are starting to feel like something out of a new Netflix sci-fi series. Just one day after the first Covid-19 vaccination, creators Pfizer and BioNTech reported data being stolen. Documents regarding the development of the vaccine had been “unlawfully accessed” in a cyberattack in December. Hackers are now gunning for bigger targets. It’s a reasonable assumption that these attacks will continue to increase in complexity, and it would be responsible for us all to increase precautions moving forward.
While Covid-19 vaccination data being stolen may not apply to most of us, the severity and innovation of these recent attacks certainly should be of concern. In mid-December, the Trump administration reported that Russian hackers had gained access to multiple government systems. Microsoft president Brad Smith reports this as “probably the largest and most sophisticated attack the world has ever seen,”. Including an estimated 1000+ coordinated hackers working on the offensive end. Hackers aren’t only targeting usernames and passwords these days, and are going to unseen lengths to get as much data as they can.
It comes as no surprise that since last March, there has been an increase in hacks. As the number of hacks increase, so does the creativity and effort behind them. With the lockdowns easing and the hope of going back to “normal” is within reach, there is no indication that cybercrime in 2021 will be any less relentless. The Experian® 2021 Data Breach Industry Forecast determines it is only going to get worse.
Scams designed to get user information have only gotten more devious. Sensitive data such as social security numbers, employment data, and of course your favorite usernames, and passwords, are at more risk than ever. These 3 recent attack vectors show a dangerous trend – that cybercriminals are becoming quite creative.
Voicemail Deepfakes
Security consulting firm NISOS released a report detailing a deepfake that uses voice instead of video. The method was to use machine learning to clone the voice of a company’s CEO and use that to trick people into moving money where they shouldn’t. Although this particular attempt failed, this has happened successfully in the past. In 2019, a chief executive at a UK-based energy firm was convinced to send $240,000 to a hacker using this method to pose as the CEO of the company’s parent firm in Germany.
Malicious Drones
Public WiFi is becoming an increasingly popular installation in modern cities. Unfortunately, the cyber threats associated with a public WiFi network are gaining similar popularity. The Android application “GO 4” is capable of forcing updates on other android phones. The app controls drones manufactured by Chinese company DJI and can update other phones without consulting the Google Play store. Hackers can potentially upload malicious files to your phone without your consent or knowledge if you are on public WiFi.
Point of Sale System Compromise
More people are utilizing mobile payment methods like Apple Pay and Google Pay to purchase goods in a contactless fashion. More stores are then compelled to modernize how they accept payment. This spells fortune for hackers such as those who, in 2019, stole credit card numbers from the Pennsylvania-based WaWa. By compromising their point of sale systems and leveraging its cloud-based infrastructure, they gained access to 30+ million bank accounts.
When most people (myself included) think about internet security, they think to not open any suspicious emails, change important passwords, and incessantly scan their computer for viruses. That has worked well enough in the past, but well enough in 2019 doesn’t keep up with hackers in 2021. An increase in attack vectors provokes an increase in caution among users, but, unfortunately, an increase in successful attacks.
Some best practices to ensure you don’t become the victim:
avoid public Wifi – hackers can upload malware to your phone. Avoid this by using data to surf the web in public places. Call back for clarification on voicemails, Especially if it involves moving money. Pay with cash at convenience stores whenever possible. Set up transaction notifications with your bank to see when money is moved without your knowledge. Most hackers are out to make a quick buck. Ensure that scamming you is anything but quick, and you’ll likely be just fine.
We have only scratched the surface with the ways cybercriminals are trying to take over your accounts. Make sure you subscribe to get updates from Allure on how to keep your data safe.
