SKY ECC October 2019 Newsletter

The last month in cyber security has been an odd one which reminded us why October is Cyber Security Month. In this month’s newsletter we hear from a hacker who lost while playing games against a hero, we learn that WeWork sees their customers’ data as playthings, Elevate Security gives us the Hacker’s Mind Game to learn from, Signal plays the telephone game…of forcing calls to be answered, and we look at how hackers played UK businesses to the tune of a 243% increase in attacks.

October Industry News and Trends

Cyber Security Awareness Month

The biggest news of any October in this industry is that it is Cyber Security Awareness Month. Everyone in the industry is following along and contributing to this annual effort to make people more aware of their online security needs, and there’s a theme each week:

  • Oct. 1-6: How cyber threats work
  • Oct. 7-13: How cyber threats affect you
  • Oct.14-20: How to protect yourself online
  • Oct. 21-27: How to protect your small business
  • Oct. 28-31: How we can work together

Watch the SKY ECC blog for content which brings together these topics with SKY ECC’s features to show how we protect our users.

Signal Messenger vulnerability

A new vulnerability was found in Signal Messenger which could allow an attacker to force your phone to accept a call. This sounds like a minor problem until you think of it like an attacker:

  • Through social engineering, an attacker can find out when you’re going to an important business meeting.
  • The attacker can force a call to your phone at that time.
  • They are then free to listen to and record your conversation as they wish.

A vulnerability like this gives attackers plenty of opportunities to exploit your device beyond the example above. This is why we designed SKY ECC to only allow approved contacts to message you. An attacker can’t randomly get your SKY ECC ID and send you malicious messages.

Hacker who attacked Brian Krebs interviewed

Internet hero Brian Krebs, one of the top cyber security minds in the industry, faced threats against his life, family, and freedom when a hacker collective, lead by a man now in prison, decided to make his life hell for speaking out against him.

It all started with an image of Brian’s severed head on Fly, the Hacker’s forum. They were hatching a plan to have Brian framed for heroin possession by shipping some to his house and then spoofing a call from a neighbor complaining he was selling drugs out of his house. Here’s an actual screengrab of Fly and an online drug dealer discussing the heroin deal:

Most criminals aren’t that smart…Brian even goes on to say how poor the operational security of Fly’s criminal business is.

The piece is an absolutely fascinating look at actual cyber-crime and cyber-criminals, and the 15 page interview is also an interesting read. If words directly from the mouth of a hacker don’t convince people that they need a tool like SKY ECC to protect their privacy then nothing will.

WeWork Wi-fi leaves business documents vulnerable

In yet another reminder of needing to secure your communications because literally no one but you cares, WeWork’s Wi-Fi network was found to be without any of the most basic security.

Many people have made the mistake of thinking that WeWork is a tech company. They are not a tech company, they are a real estate company. They were well aware of this security vulnerability as they offer security at an additional charge. Can you imagine? Here’s your new house–having locks on your doors is extra!

In an environment like this, where you don’t control the network, having your own encryption is essential as it allows you to protect yourself when other won’t. WeWork doesn’t care about protect you. They care about taking your money to give you space in real estate they own. Everything else is optional, including protecting your communications.

Content found on WeWork’s network by a white hat hacker included banking details, financial records, and this sweet image of Nicholas Cage Cat.

Hacker’s Mind Game makes cyber security fun to learn for teams

Getting teams to learn about cyber security can be challenging as we’ve all sat down for enough meetings with one person telling a group of people what to do in regards to, well, everything under the sun.

Elevate Security is looking to change that with a new game which teaches hacker tactics and how to stop them. Results from companies who used it included:

Results like that from any security awareness training can’t be argued with. You’re only as secure as those you share data and a network with. 

The last word…

Businesses in the UK have seen cyber attacks soar this year over the same time period last year by 243%. For those expanding SKY ECC into the UK market right now, this is a crucial piece of data that clients should be aware of now. The firm which analysed these attacks found 157,528 attacks occurred between July and September of this year. Last year during that time? 45,970. To put it in GIF form, hackers are the white knight and UK businesses are the black knight…

Links to stories mentioned: