As technology continues to influence our day-to-day lives, the threat of cyber-attacks remains undeniable. Throughout the past month, several high-profile cyber incidents have continued to underscore the importance of strong cyber security practices. From a ransomware attack on a New Jersey police department to a vulnerability in Microsoft Word, these incidents serve as constant reminders of the importance of ongoing vigilance and preventative measures to protect against cyber-crime.
Camden County Ransomware Attack
In mid-March, the Camden County Police Department in New Jersey was hit by a ransomware attack that halted many criminal investigative files and day-to-day internal administration abilities. Ransomware is the technique cybercriminals use after breaching a targeted network, where they encrypt data and offer to decode it for a price. The hackers demanded hundreds of thousands of dollars to unlock the files, which mostly consisted of electronic police records, delaying some investigations. Fortunately, the attack did not impact 911 call systems or other public safety responses, and the department remains operational. Additionally, it has been reported that 80-85% of the files have since been reopened. Investigators have stated that they are currently looking into the possibility that the incident began after a police department employee opened a personal email that contained malware on a department device. If this were the case, the incident further reveals the importance of training employees on the basics of strong cyber etiquette.
New 72 Hour Cyber Incident Reporting Law
In an effort to strengthen the state’s cybersecurity defenses, Governor Phil Murphy of New Jersey signed a law requiring public schools, local and state governments, and government contractors to report cyber incidents within 72 hours. The law covers public K-12 schools, public higher education, state law enforcement, counties, municipalities, and others. The incident reporting goes directly to the New Jersey Office of Homeland Security and Preparedness (NJOHSP), which will be crafting and publishing guidelines to support “the timely and confidential submission of incident notifications.” This law hopes to help NJOHSP’s cybersecurity division be better informed about trends, allowing them to defend and respond to cyber threats faster. This change is probably due to the statistic that the cybersecurity division only received 275 confirmed cyber incident reports in 2022, while the number of actual incidents was probably much higher.
Vulnerability in Microsoft Word
Cybersecurity researcher Joshua Drake recently published a proof of concept for a vulnerability in Microsoft Word that allows hackers to deliver malware to victims without them needing to open a file. This vulnerability, tracked as CVE-2023-21716, is critical, as it allows for remote code execution. Additionally, the vulnerability is relatively easy to write, as it’s entire code could fit in the confines of a single tweet. There is some good news however, as Microsoft reportedly fixed this vulnerability in a February update. Although, some people might not be up to date on the latest patch which is putting their networks at risk. Ensure that you are up to date on all Microsoft updates to avoid being targeted by this vulnerability.
721 million Passwords Leaked in 2022
Leaking secure login credentials on the dark web is par for the course for hackers. In fact, Cybercrime Analytics (C2A) provider, SpyCloud, recently released research that discovered 721.5 million exposed login credentials online in 2022. This was a significant increase from 2021, with a 17% increase in exposed passwords, and a 28% increase in exposed email addresses. What is even more concerning is that 72% of users whose credentials were exposed were still using their already compromised passwords to this day. Password security is essential for mitigating risks to your network, and all employees must practice safe and secure methods to protect their password security. These include selecting strong passwords, periodically changing passwords, and using multi-factor authentication to secure their accounts. If you are concerned that your passwords have been leaked on the dark web, SWK can provide you with a dark web scan to find out if your credentials have been compromised.
Contact SWK Today
It is not a matter of if you will be a target of cybercrime, but when. Hackers are evolving every day, constantly adapting to and creating new strategies in an attempt to steal your data. To secure your network from bad actors looking to make a profit, contact SWK today.