Lose 50 Pounds in 61 Days? No … But You Might Lose Your Credit Card Info. CyberNews carries an article headlined “These Were the Most Popular Scams over the Last 100 Days,” based on a study from security company NortonLifeLock. Popular scams include online surveys that pretend to be from big companies—offering too-good-to-be-true rewards for filling out a form; others pretend to be offering unrequested tech support, while other scams include ads for things like a “skinny pill” promising weight loss of 50 pounds in 61 days. What they all have in common is a request for a credit card number or other personally identifiable information, or to click a link that downloads malicious software. The article quotes Marcel Feller, a principal security researcher at Norton Labs: “Scammers are masters in exploiting human emotions to put you in a state of panic. When you’re in that state, you’re more likely to comply with anything the scammer wants.”
“Biden: If U.S. Has ‘Real Shooting War’ it Could be Result of Cyber Attacks.” That’s the headline from a recent Reuters article that notes cybersecurity has risen to the top of the agenda for the Biden administration after a series of high-profile attacks on entities such as network management company SolarWinds, the Colonial Pipeline company, meat processing company JBS and software firm Kaseya hurt the U.S. far beyond just the companies hacked. Some of the attacks affected fuel and food supplies in parts of the United States. The article quotes from Biden’s half-hour speech while visiting the Office of the Director of National Intelligence: “I think it’s more than likely we’re going to end up, if we end up in a war—a real shooting war with a major power—it’s going to be as a consequence of a cyber breach of great consequence and it’s increasing exponentially, the capabilities.” Let’s hope that never comes to pass, but it underscores the gravity of ongoing cyberattacks from criminals and other bad actors.
“I Have One Word for You: Plastics!” Today that Word of Advice Would Be: Cybersecurity! If you never saw the young Dustin Hoffman in the 1967 movie “The Graduate,” you can experience that famous line of advice via YouTube. The advice to the young man just out of college, actually wasn’t that bad, as back then plastics represented quite a growth industry. But today there is even a greater need for participants young and old: Cybersecurity. The Wall Street Journal carries the headline “Cybersecurity Chiefs Are in High Demand as Companies Face Rising Hacking Threats.” There are plenty of rewards, including financial, with the article reporting: “CISOs in the U.S. earned a median salary of $509,000 this year, compared with $473,000 in 2020, according to a new survey of 354 CISOs, published Thursday by executive search firm Heidrick & Struggles International Inc. Total compensation, including equity grants and bonuses, rose to $936,000 from $784,000 in 2020. Last year’s survey included responses from 372 CISOs.” Meanwhile, BetaNews carries the headline: “Cybersecurity Skills Crisis Impacts More than Half of Organizations.” The article reads in part: “95 percent of respondents say the cybersecurity skills shortage and its associated impacts have not improved over the past few years and 44 percent say it has only become worse. The most-often cited areas of cybersecurity skills shortages include cloud computing security, security analysis and investigations, and application security.” So, there is enormous opportunity in a field where people, young or old, can make a meaningful difference in protecting organizations from the constant barrage of cyberattacks.
Warning: You Don’t Need to Download Software to Cancel a Subscription, No Matter What the “Call Center” Says. Microsoft researchers have released a notification titled “BazaCall: Phony Call Centers Lead to Exfiltration and Ransomware,” about a new scam strategy that sends users to a “call center” where they are instructed to download malicious software. “Criminals lure in targets with an email suggesting that a subscription for a service, such as a gym membership, is expiring. Recent campaigns have posed as confirmation receipts for software licenses,” the Microsoft researchers report. They note that a traditional malware campaign would likely instruct users to click open a link within the email or download an attachment. That’s where BazaCall differs. Each email contains a unique ID number and instructs the user to call a number that will connect them with an actual human. “The call agent instructs them to visit a legitimate-looking website and tells them to download a file from their account page to cancel their subscription. Once the user enables macros on the downloaded document, the malware is delivered from a Cobalt Strike beacon. Using the tool, which was designed for legitimate purposes, can help mask malicious activity.”
Educating Employees on Cybersecurity is Serious … So, Send in the Clowns. Dark Reading carries an interesting headline: “The Power of Comedy for Cybersecurity Awareness Training.” The article reads, in part: “This is serious stuff. But the way we talk about it doesn’t have to be. Remember, we’re trying to engage with regular people. If we can deliver content that is funny and entertaining, they may actually pay attention. And if we can get them to pay attention, their behavior will change. The way they think about security will change. They’ll start to look forward to their training and understand how they can help their companies defend against cyberattacks.”
Clinton A. Pownall is the President & CEO of Computer Business Consultants, an IT consulting and IT managed services provider. Pownall has been an innovator in the IT field since 1990. First gaining exposure during his six-year service as a decorated Weapons Systems Technician in the U.S. Navy, he went on to obtain a Bachelor of Science in Computer Engineering. After founding Computer Business in 1996, he was one of the first to pioneer Voice-over-IP technology using satellite communications. As a member of the joint Florida Police Chiefs and Florida Sheriff’s Association, he advises law enforcement, government agencies, and businesses on cybersecurity. He is also actively involved with the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Clinton served in regional efforts of the Bill & Melinda Gates NextGen Foundation, Vice President of the Board of Directors for Orlando Shakes Theater, and actively supports the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.