Hacker Tracker | April in Review

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

#1 Facebook Data for Over 535 Million Users Leaked on Hacker Website | 4.5.21

• The personal details of more than 553 million Facebook users have been published on a website for hackers, according to multiple reports over the weekend.
• While the information appears to be old, the details in the shared database include phone numbers, Facebook IDs, names, locations, birthdates and email addresses, all of which could be used in social engineering attacks or hacking attempts.
• Concerned users are encouraged to check if their email address has been leaked in data breaches using the Have I Been Pwned website.
• View the Source

#2 This password-stealing Android malware is spreading quickly: Here’s what to watch out for | 4.26.21

• A malware campaign (FluBot) with the aim of stealing passwords, bank details and other sensitive information is spreading quickly through Android devices.
• FluBot is installed via text messages claiming to be from a delivery company that asks users to click a link to track a package delivery.
• The phishing link asks users to install an application to follow the fake delivery – but the app is actually malware for stealing information from infected Android smartphones.
• View the Source

#3 D.C. Police Department Data Is Leaked in a Cyberattack | 4.27.21

• Cybercriminals claim to have downloaded 250 gigabytes of data from Washington’s Metropolitan Police Department.
• A group that emerged this year called Babuk claimed responsibility for the leak. Babuk is known for ransomware attacks, which hold victims’ data hostage until they pay a ransom, often in Bitcoin. 
• The information already released appeared to include the chief’s reports, lists of arrests and lists of persons of interest.
• View the Source

Lessons Learned From This Month’s Hacks

1. As we’ve said in the past, your information has likely been stolen several times over, and you should be using a service to monitor for identity theft and credit monitoring. We recommend Costco’s CompleteID offering. What we’ll say about this headline is that all of our “dark web” profiles are getting better information on us. Think about your email, cell number, job title, location, and interests that Facebook knows about. Phishing over email/text will get a lot more specific over the upcoming months thanks to this leak.
2. Do not trust unsolicited text messages. If you suspect it’s legit, verify it a different way. E.g., go to the company’s website and chat, email, or call to confirm. This tip alone would stop 99.9% of all phishing attacks.
3. This is a nightmare that every cybersecurity expert saw coming. Ransomware has evolved into extortion, and the consequences are real. Think about the value of this data — confidential informant lists, police’s home addresses, and worse. The good news is this new administration is taking cybersecurity more seriously. The bad news is relief is likely years out, and there’s a massive skills shortage in cybersecurity experts.
   Any business reading this: at the very least, work with a competent IT company that has at least $1MM in cybersecurity insurance. If they are insurable, their carrier vetted that they configure and manage their clients in a secure manner (generalizing). 

Reach out if you have questions here.