Hacker Tracker | July

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

Nintendo admits number of hacked accounts is almost double what it originally said | 6.10.20

• After originally saying only 160,000 accounts were affected, Nintendo has revealed that an additional 140,000 user accounts were accessed by unauthorized means back in April.
• The security breach saw unauthorized users hijack vulnerable accounts using illegally obtained NNID information (which was required to make purchases on the Wii U and Nintendo 3DS). 
• Some hackers also took advantage of users’ saved PayPal details to purchase various in-game currencies, such as Fortnite’s VBucks.
• Nintendo has since reset all NNID and Nintendo Account passwords that were hacked, and disabled Nintendo Account sign-in via NNID.
• View the Source

Wells Fargo customers targeted with Phishing attacks using calendar invites | 6.22.20

• Employees of large corporations are being targeted with phishing emails that impersonate the Wells Fargo security team and use innocent-looking calendar invitations as clickbait.
• The hackers try to get message recipients to click on the invitations, which takes them to a malicious website that resembles the Wells Fargo site.
• As of Friday, the campaign had targeted about 15,000 to 20,000 people: asking for sensitive information such as username, login, card PIN, or number for personal Wells Fargo accounts. 
• View the Source

Hacker Group Stole $200 Million From Cryptocurrency Exchanges | 6.25.20

• The CryptoCore gang has used spear-phishing emails and social engineering techniques to target employees and executives at cryptocurrency exchanges, mainly in the U.S. and Japan, 
• The attackers steal a variety of credentials and data from the devices that their malware infects. That includes username, host name, time zone, operating system version, processor name, network adapter information and a list of running processes. In some cases, the group also uses credential-stealing malware called Mimikatz.
• When carrying out a hacking mission, the gang identifies an employee working at an exchange and attempts to gather personal and corporate email IDs to launch spear-phishing emails.
• View the Source

Lessons Learned From This Month’s Hacks

If you have an account with a vendor (such as Nintendo, Wells Fargo, Cryptocurrency banks) and would be upset if your account was compromised, ENABLE TWO/MULTI-FACTOR AUTHENTICATION! Nintendo guide is here, Wells Fargo guide is here.

You must take the stance of everything being insecure until multi-factor authentication (MFA) is enabled. Once enabled, you’ve done the minimum necessary to ensure most breaches will minimally affect you. Can your data still be breached if the vendor is hacked? Yes, but that is the price of doing business in 2020. Pay for a great credit monitoring service with text alerts and use credit cards over debit cards when shopping to mitigate your risks even further. 

Reach out if you’d like to talk about your company’s IT security posture. Contact PK Tech here.