I was scrolling through a social media site this week, and was struck by how many requests asked people to respond to questions regarding their biographical information. For example, what was the number one album when you were a senior in high school? What was your favorite beach or park when you were growing up? Where was your first job? What month is your birthday?

These types of questions are popular on social media because they are designed to generate interaction and engagement, potentially increasing followers. While some requests for such information may be done just to engage followers in interesting dialogue, these types of questions and responses also give data miners and others the opportunity to collect, analyze, and use our data for a variety of purposes, including advertising.

When you answer these types of questions on social media, you are disclosing key personal information, which, when compiled with other public information, creates a data profile that could be useful for scammers. Responding to requests for tidbits of personal information on social media may seem harmless, but keep in mind that every piece of your data that’s on the internet also increases the ability of hackers to steal your identity.

Oh, if I had just bought that Bitcoin when I first thought about it a decade ago…I might risk a flight to Fiji right now, which is on my bucket list, even in the midst of the pandemic. Alas, I didn’t, because I assessed the risk first and made my own decision. Yes, I lost out on tremendous profits, but hey, I love my job and Fiji will be there for me, and it was the right decision for me.

The urge to purchase cryptocurrency is strong right now as the value has skyrocketed. Nonetheless, before purchasing any type of cryptocurrency, there are a couple of things you may wish to consider.

My mantra these days is “Yes, you, me, and all of us collectively are being targeted by state sponsored hackers”–mostly from Russia, China and North Korea. Their methods are similar and sinister, and their goals the same—profit, power and domination.

North Korea is stealing cryptocurrency at an alarming rate, the goal of which is to fund its nuclear and ballistic missile programs in the face of tough international sanctions. It is estimated by the United Nations (U.N.) that North Korean state-sponsored hackers stole approximately $316.4M in virtual assets from digital currency exchanges between 2019 and November of 2020. U.N. monitors report that North Korea has generated approximately $2 billion to steal funds from banks and cryptocurrency exchanges using sophisticated cyberattacks.

One of the largest thefts that North Korea is believed to be behind was against cryptocurrency exchange KuCoin, which reported the theft of $281 million in bitcoin and other crypto tokens in September of 2020. (This has not been confirmed by KuCoin, but KuCoin has publicly stated that it is working with law enforcement to confirm who was behind the incident). It is reported that KuCoin was able to recover 80 percent of the stolen funds through cooperation with other exchanges that froze the funds that the hackers were attempting to launder.

Some things to consider before jumping into the cryptocurrency frenzy:

  • Cryptocurrency exchanges are not regulated like other financial institutions.
  • The United States Federal Reserve does not back any loss of funds in cryptocurrency exchanges.
  • If you pass away and have assets in cryptocurrency, or lose your password to your crypto wallet, those funds could be lost; treat the account like any other and protect it should you pass away, just as you would with any other account—planning is really important here.
  • Just because you have invested in digital assets, they are still considered assets by the IRS, so be aware of tax laws applicable to cryptocurrency.
  • Cryptocurrency exchanges have gone out of business with no recourse for investors, so researching them like any other investment, including their, is prudent.
  • Be aware that state-sponsored attackers, particularly North Korea, are fervently and successfully targeting cryptocurrency exchanges to fund their nuclear capabilities against adverse nations, including the United States, which affects our national security.

Following the recent report by U.N. monitors in relation to the current hype of Bitcoin, these are just a few considerations before investing in cryptocurrency.  Enter that market slowly and research risk while contemplating reward.

Binary Check Ad Blocker Security News

It is being reported that the Office of the Washington State Auditor (SAO) is investigating a security incident, allegedly caused by a third-party vendor, that may have compromised the personal information of up to 1.6 million residents of the state of Washington who filed unemployment claims in 2020.

The SAO is investigating fraudulent unemployment claims filed in Washington in 2020 that reportedly cost the state up to $600 million. In completing the audit, the state utilized a third-party vendor, Accellion, to transmit computer files for the investigation.

According to the SAO, “during the week of January 25, 2021, Accellion confirmed that an unauthorized person gained access to SAO files by exploiting a vulnerability in Accellion’s file transfer service.” The SAO posted on its website that the unauthorized person “was able to exploit a software vulnerability in Accellion’s file transfer service and gain access to files that were being transferred using Accellion’s service,” which occurred in December 2020.

Data that may have been affected includes 1.6 million individuals’ claims made between January 1, 2020 and December 10, 2020, including claims made by state employees. The compromised information includes individuals’ names, Social Security numbers and/or drivers’ license or state ID numbers, bank information and place of employment. In addition, the personal information of some individuals whose information was held by the Department of Children, Youth and Families was also compromised.

What a terrible consequence for those who legitimately lost their job and filed for unemployment benefits. For those whose personal information was used to file a fraudulent unemployment claim, this news throws a massive amount of salt in the wound of being the victim of identity theft.

Binary Check Ad Blocker Security News

Indian news outlet Inc42 has reported that the ShinyHunters hacking group found some shiny objects when it was able to compromise the personal information of hundreds of thousands of individuals using the crypto exchange BuyUCoin.

The hackers were able to compromise and subsequently leak a BuyUCoin database that contained names, telephone numbers, email addresses, tax identification numbers and bank account information of users. Different reports say that the number of users who were affected by the compromise ranges from 161,000 to 325,000 users.

Although BuyUCoin initially denied the reports, it recently indicated that it is investigating and that no user funds had been affected.

Binary Check Ad Blocker Security News

Cybersecurity firm SonicWall Inc. is investigating an attack on its internal systems that it describes as “highly sophisticated.” According to SonicWall, the investigation is centered around its Secure Mobile Access 100 series, which assists with end-to-end secure remote access.

The company said that a few thousand devices have been impacted and that it is trying to determine whether the attackers exploited a zero-day vulnerability in the SMA 100 series product.

Although it sounds very similar to the recent SolarWinds cyber-attack, it is presently unknown whether this incident is related to that attack or if it was caused by the Russian-based attackers behind the SolarWinds incident.

It is clear that cybersecurity firms are being heavily targeted by cyber-attackers and are not immune from the onslaught of cyber-attacks we are seeing across the board in every industry. It also emphasizes the fact that there is no ability to completely transfer cyber risk. Data security is a team sport. Reasonable cyber-hygiene inside your organization, while using outside tools to augment your security posture, are both ways to minimize risk, but hackers are using more and more sophistication in their attacks, which present risk internally and externally. What is crystal clear from these attacks on cybersecurity firms is that cybersecurity and vendor management must continue to be a high priority for organizations in order to manage cyber risk.

Binary Check Ad Blocker Security News

Today (January 27, 2021) was a BIG win for law enforcement in their efforts to combat cyber crime. U.S. and European law enforcement agencies announced today that through join efforts and cooperation on “Operation Ladybird,” computer servers and the infrastructure that has been used by criminals behind Emotet to victimize individuals and organizations through phishing schemes and distributing vicious strains of ransomware such as Ryuk were seized and are now out of the control of the cyber criminals. Emotet has been described as a cybercrime-as-a-service program because it is a pay-per-install botnet.

According to reports, Emotet has been used by criminals to defraud victims of millions of dollars through extortion and data theft, and the U.S. Department of Homeland Security has estimated that it has cost U.S. state and local governments up to $1 million per incident following an Emotet infection. Investigators have estimated that more than one million Microsoft Windows systems are currently affected by Emotet infections, so the take down is particularly important for those already infected systems.

According to Europol, “The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale.”

This win doesn’t mean that the criminals behind Emotet can’t rebuild and continue to wreak havoc in the future, but slowing them down a bit is helpful in combatting cyber crime and the protection of individuals and companies’ data.

Binary Check Ad Blocker Security News

The New York Department of Financial Services (DFS), which regulates certain covered entities and licensed persons in the financial services sector doing business in New York, recently provided guidance to its regulated entities that the annually required Certificate of Compliance with the DFS Cybersecurity Regulations must be submitted no later than April 15, 2021.

To find out whether a company is covered by the DFS Cybersecurity Regulations, DFS has established a portal to search applicable regulated entities. The portal also is used to file the annual certification. According to DFS, “All Covered Entities and licensed persons who are not fully exempt from the Cybersecurity Regulation are required to submit a Certificate of Compliance no later than April 15, 2021, attesting to their compliance for the 2020 calendar year.”

The publication further states that “if a Covered Entity or licensed person has an exemption that is still valid, they do not need to file a new Notice of Exemption in 2021.”

For more information on the DFS Cybersecurity Regulation requirements, click here.

Binary Check Ad Blocker Security News

Malwarebytes, a cybersecurity firm, confirmed this week that the same hackers believed to originate from Russia who were behind the SolarWinds incident were able to access some of its internal emails without authorization.

According to the company, it did not use SolarWinds software, but had been targeted by the same hackers to access its O365 and Azure environments. It further stated that the access included a limited number of internal company emails, but did not include any access or compromise of its production environments, which is good news for its customers.

The CEO of Malwarebytes stated that the hacking campaign that started with FireEye and has affected both governmental agencies and Fortune 500 companies alike “is much broader than SolarWinds and I expect more companies will come forward soon.”

The fallout from these incidents continues, and no doubt there will be more to come.