If you are sending a zillion newsletter or marketing emails, sure, email marketing platforms make it easy to manage your email list; and many do provide some basic tracking information.
Today’s hackers are more innovative. Rather than just running up charges on your credit card, they are looking to extort money in exchange for return of your private information or to limit their use of it. For insurance executives, private information often includes emails related to customers and their policies. Data could include confidential information about assets, employees, vendor contracts and bank accounts.
The term “security by obscurity” has been around for a long time. Traditionally, this has referred to the idea that the best way to keep a system safe is to keep its design (and any potential vulnerabilities) a secret. To many, “security by obscurity” has also represented the idea that there is safety in numbers, such as on a social media network that has hundreds of millions of users. One might argue that the intersection of social media, online platforms that gather and sometimes sell (for legitimate purposes) personal data, and peoples’ addiction to electronic communication convenience, may call for a new way of thinking about one’s own (or a client’s) security by obscurity.
(WCry) was successful in infecting over 300,000 computers in 150 countries. It is likely the worst ransomware attack to date. WCry works by locking the files with encryption on each device. Victims are promised a decryption key to unlock their files once they pay a ransom of $300 in Bitcoin.
What do United Airlines and footballer David Beckham have in common? Disastrous leaked emails. In these recent cases, the leaked emails appear to be legitimate, though Beckham claims some of the leaked emails were “doctored.” But how do we know that leaked email messages discussed in news stories and tabloid columns are actually authentic?
Earlier this year, Mark Zuckerberg, CEO of Facebook, unintentionally revealed (in a photo he posted to his Facebook account) that he covers up the webcam and audio port on his laptop. He literally has a small piece of masking tape over the pea-sized camera lens and another one on the audio port where headphones plug in. The social media universe was quick to pick up on this, leading to all sorts of speculation and theory crafting about the possible implications.
Next week marks the last official week of summer vacation. It is likely also the beginning of your “back to work” business travel. Business travellers should note these specific precautions when conducting business transactions from the road, especially if you are likely to be more focused on the speed of getting things done rather than security.
A hacking group called Shadow Brokers has reportedly stolen powerful hacking tools from the Equation Group, a hacking group believed to be NSA-backed and responsible for many of the largest state-level hacks in history. On Saturday, Shadow Brokers released a subset of these tools to the public, which several former employees of the NSA’s hacking division, known as Tailored Access Operations (TAO), have said appear to be legitimate NSA files. Shadow Brokers is auctioning the “best files” or the remaining tools, for a price of one million bitcoin (about $568 million).
…and does it change the result?
Who is responsible for the recent Democratic National Committee (“DNC”) hack and resulting emails published on WikiLeaks? Russian hackers are suspected and the FBI is investigating, but Russia adamantly denies involvement. The hackers could be from the same group who stole DNC’s oppositional research about Republican Presidential nominee Donald Trump in mid-June. Perhaps, the perpetrator is simply a DNC employee or subcontractor disenchanted with circumstances that many are now describing as a DNC conspiracy to favor and support its predetermined nominee in the presidential primary – Hillary Clinton – while impeding other candidates such as Bernie Sanders. Whether an angry Bernie Sanders supporter or a foreign government preferring Trump is to blame, the lesson here is once again that if your emails (sent in plain text) contain something of value, they will eventually be exposed.
In the recent Tech Essentials article “Changing Trends in Cyber Security,” we highlighted how hackers are becoming more innovative in their ability to use generally available social media (i.e. LinkedIn recruiter tools) and other business applications to target email recipients with imposter email and lure them into wiring money to hackers.