Search This Blog

Showing posts with label Yahoo. Show all posts

BEC Attacks have Stolen $1.8 Billion from Businesses

 

Business email compromise (BEC) attacks increased drastically in 2020, with more than $1.8 billion stolen from businesses in just one year. BEC attacks are carried out by hackers who impersonate someone inside a company or pose as a partner or vendor in order to defraud the company. 

The tactics of some of the most dangerous BEC attacks observed in the wild in 2020 were examined in a new report from Cisco's Talos Intelligence, which reminded the security community that smart users armed with a healthy skepticism of outside communications and the right questions to ask are the best line of defense, in addition to technology. 

According to the FBI, BEC assaults are getting more dangerous. They discovered a 136 % increase in the number of successful BEC attacks (reported) around the world between December 2016 and May 2018. Between October 2013 and May 2018, it is estimated that Business Email Compromise cost businesses over $12 billion. Analysts predict that these attacks will grow more regular and that the financial costs connected with them will continue to rise. 

The report stated, “The reality is, these types of emails and requests happen legitimately all over the world every day, which is what makes this such a challenge to stop.” It's tempting to get hooked up on huge global corporations' high-profile data breaches. The genuine revenue, however, is made via smaller BEC attacks, according to the report. 

“Although a lot of attention gets paid to more destructive and aggressive threats like big-game hunting, it’s BEC that generates astronomical revenue without much of the law-enforcement attention these other groups have to contend with,” the report explained. “If anything, the likelihood of this has only increased in the pandemic, with people relying more and more on digital communication." 

According to Cisco Talos, gift card lures are by far the most popular in BEC assaults. Most of the time, these emails will appear to be from someone prominent within the organization and will come from a free provider like Gmail, Yahoo, or Outlook. The solicitations will frequently include a sad narrative of hardship and will attempt to persuade the victim to purchase an Amazon, Google Play, iTunes, PlayStation, or other common types of gift card. 

“The amount of and types of businesses that get targeted with these attacks is truly staggering, ranging from huge multinational corporations down to small mom-and-pop restaurants in U.S. cities,” Talos said. “We found examples of small restaurants that are being targeted by impersonating the owners since the information was available on their website.”

Big Bug Bounty Hunts by Cyber Giants Fetch Ethical Hackers Millions!





As a part of being more aware and secure in terms of cyber-crime and to stay clear off any possible hazards that may or may not come their way, organizations have started paying up millions to those people who find bugs in their systems.


Recently, a concerned cyber-space user received a message that allegedly said, “Hey, we’ve got some money for you. Do you want it?”

This message had come from Yahoo in response to a bug that the person had sent to the organization. As of now this bug-sending business has paid up a profit of $1.5m.

Yahoo like many companies pays up to people who find bugs and loopholes for them that could be potentially exploited by hackers or cyber-cons.

These ethical hackers sign-up with organizations like Bug Crowd, Synack, Hacker One etc. who conduct bug bounty programs on behalf of other organizations.

 To participate in this, a person need not even have a profound knowledge of coding and other technical skills cited the aforementioned user.

However, he had always been a part of the security industry where he learned deeply about the protocols regarding the swapping of data.

Nevertheless, there is a substantially enormous difference between the way professionals work on cyber issues and the way beginners do.




It’s been long since people actually felt inclined towards working in the cyber security industry even if they weren’t getting paid much.

Earlier and even now to some remote extent there exists an underlying need for more professionally oriented skillful hands in the cyber-security industry.

Many countries have government funded educational schemes for school kids to help them have a sense of the cyber-security.

With 25,000 school children as their intake UK’s scheme, Cyber Discovery had a fabulous first year. It’s an initiative to let kids know that the daily work of pros is fun.

Participants get points when they complete each section and the top performers get to attend residential courses that help them get better.

The big bug bounty hunts could be a great way to attract the attention of young minds and help them get a taste of what defeating bad guys feels like.

Anyone who wished to enter in the big bug bounties should contemplate the fact that it requires a lot more than sheer luck to work as an actual cyber-security guy.

“Also, companies should have their own set of defenses set against the cyber cons rather than letting the bounty hunters know what the inner situation is.”, said a source.

Nonetheless, it should always be more about being a concerned citizen, trying to solve problems, and make a better and safe cyber-world.

Yahoo to the rescue of forgetful users with "on-demand password"

Passwords are not meant to be remembered. It is meant to be generated fresh, every time you forget it.

This is what Yahoo seems to think as the company just introduced an on-demand password system.

The system works like this: After signing into the Yahoo account one has to select Account security from the account information page and opt-in for “On-demand passwords”. Then one has to enter the phone number where Yahoo sends the verification code and after entering this code one never has to worry about memorizing passwords ever again.

It can be argued that the move away from default passwords is welcome as password theft is very common now a days but some feel that the privacy is being sacrificed because anybody with access to the phone for even a few seconds has the potential to read through all your communication.

But the fact remains that peril of default passwords had been dealt well with the two step authentication process; whereby if one logs in from a new device, in addition to the password one is asked for a code that has been sent to the associated mobile number. A move to completely eliminated the first step seems to be inclining towards laxer cyber-security norms.

At a time when Google tries to put one in panic mode by notifying what happens if you forget your password and repeated reports of security breaches makes one paranoid, the move from Yahoo to eliminate passwords has invited mixed reactions.

Presently, it is available only to US users.

While the effort is in the right direction to deal with password security issues by closely connecting the virtual and real identities, the approach adapted seems to be fallacious.