Hacker Tracker | October

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates.

This ‘thermal attack’ can read your password from the heat your fingertips leave behind | 10.10.22

• Researchers detail an attack technique combining thermal imaging and AI – and warn that increased access to innovative technologies will be abused by cyber criminals.
• ThermoSecure can crack two-thirds of passwords of up to 16 characters and, as passwords get shorter, the more success the system had – 12-character passwords were guessed up to 82% of the time and eight-character passwords were guessed up to 93% of the time.  
• View the Source

Car theft ring used software to steal hundreds of vehicles without the physical key fob, say police | 10.18.22

• Organized crime group used fraudulent software to duplicate keys and steal cars, says law enforcement agencies.
• Law enforcement groups across France, Latvia and Spain have arrested 31 suspects believed to be part of a group that used software to steal vehicles without using the physical key fob. 
• Authorities said to prevent relay attacks, luxury car owners should store their key fobs in metal tins or protective pouches. 
• View the Source

FBI warning: Beware of student loan forgiveness scammers | 10.20.22

• The scam the FBI is warning about involves cyber criminals and fraudsters purporting to provide entrance to the Federal Student Loan Forgiveness program. 
• It warns that fraudsters could contact potential victims via phone, email, text, websites, or online chat services. 
• Scammers send links to victims via various electronic channels that look legitimate and then request the victim shares details, including name, social security number, date of birth, current and previous addresses, phone numbers, email addresses, mother’s maiden name, or social media handles, to complete the process.
• View the Source

Lessons Learned

#1- Thought your devices were safe with touch ID? Think again. This attack is fascinating–cybercriminals have found a way to “hack” your thermal fingerprint. While we’re not thermal fingerprint experts, here’s the takeaway: whenever a new technology is introduced, tread carefully. As users adjust to new technologies, cybercriminals often use this learning curve time to target them.

#2- From the car theft ring attacks, we learn the possible risks of technology. With continually advancing car technology–for both gas and electric powered vehicles–comes another conundrum. What used to not exist as a threat, is now a hack avenue cybercriminals are specifically targeting. As with any technology, many cars now require that you take cybersecurity precautions for your car as you would with any technological device.

#3- There’s one more place you’re always guaranteed to find cybercriminals: anywhere that there is money. The financial sector, and banks specifically, have long since been primary targets of threat actors. With the money being released through student loan forgiveness, it’s no wonder cybercriminals smelled money and jumped on it. Just like with any possible phishing email, text or phone call–always verify the person contacting you before sharing any personal information, or clicking or forwarding any links.