The summer is finally starting to wrap up, now that you’re back from vacation there’s no better time to catch up on all the cybersecurity developments you might have missed. From new government recognition of safe devices to the unfortunate battle the education system is facing against hackers, August has shown us that cybercriminals never take a break when trying to breach your network. Here’s a quick rundown of important cybersecurity events that happened this month.
New Labels for Gadgets
The next time you’re shopping for smart devices, you may see certain products have different labeling than others. Just last month, the Biden Administration announced they would be implementing a cybersecurity labeling program aimed to help consumers pick trustworthy devices which are especially protected against hackers. The general idea behind this move is to develop the country’s defense against cyber criminals at a household level. In order for devices to obtain this new label, they have to meet the high standards defined by the National Institute of Standards and Technologies (NIST). While this may seem like a small step, for too long manufacturers have been prioritizing low costs of production over cybersecurity when developing smart products – leading to increased vulnerabilities for the consumer. Companies like Amazon, Cisco, Google, Samsung, etc., have already pledged to assist in this program, so you may see the results sooner than you may think.
Hackers Target Schools
A recent study suggests that 80% of schools suffered ransomware attacks last year alone, becoming the single leading target for hackers. The education system was targeted more than other industries including healthcare, technology, financial services, and manufacturing. Schools may not seem like the ideal target to make millions, but there are solid reasons why they have been uniquely targeted , as schools tend to not have as effective cybersecurity defenses compared to businesses like banks and technology companies. Additionally, in nearly half of the attacks on schools last year the ransom was paid to the hacker. Research shows that when an industry establishes a willingness to pay, the more likely they are to be retargeted.
New Toolkit to Target Executives
Recently, hackers have been using a new phishing as a service (PhaaS) toolkit named EvilProxy to pull off account takeovers aimed at high-level executives at prominent companies. EvilProxy has been used to target thousands of Microsoft 365 accounts, sending approximately 120,000 phishing emails to hundreds of different organizations. Of the users compromised in this attack, 39% of users were CEOs or CFOs. Experts see this attack as a direct response to the increased adoption of multifactor identification (MFA) in businesses, forcing hackers and cybercriminals to evolve their tactics. EvilProxy is sold on a subscription basis of $400 a month, which lowers the barrier of entry for cybercrime. Hackers no longer have to be technically skilled to breach a network, they just need to subscribe to the toolkit and customize their attack. The best way to defend against phishing scams is to know what to look out for, and fortunately SWK can provide you with that training.
Contact SWK Today
Avoiding hackers is hard enough on its own, and staying ahead of them is another story. Fortunately, SWK and our team of experts is equipped to do both. For any questions on how you can protect your business from hackers, or help implementing the leading techniques to secure your data, contact SWK today.