Hacker Tracker | January in Review

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

Red Cross worried about misuse of stolen data by nation states and cybercriminals after hack | 1.24.22

  • The International Committee of the Red Cross (ICRC) has released an update about a cyberattack that led to a data breach affecting more than 500,000 vulnerable people receiving services from the organization. 
  • The Red Cross said that the attack was an extreme violation of privacy, safety, and the right to receive humanitarian protection and assistance.
  • Restoring Family Links works to reconnect missing people and children with their families after wars, violence, or other issues. The ICRC said hackers accessed servers on January 18 that had the personal information of more than 515,000 people from across the world. 
  • View the Source

Canadian government investigating hacking incident | 1.25.22

  • The Canadian government said it is investigating a cyberattack on Global Affairs Canada (GAC) — its department for foreign and consular relations — that occurred on January 19. 
  • Some access to the internet and internet-based services were not available as part of the mitigation measures as experts worked to restore all services.
  • The government noted that they do have systems and tools in place to monitor, detect, and investigate potential threats, and to take active measures to address and neutralize them when they occur.
  • View the Source

Hackers hijacking Instagram accounts of companies and influencers, demanding ransom | 1.25.22

  • Access to stolen Instagram accounts are being sold for up to $40,000.
  • Hackers are hijacking the Instagram accounts of companies and influencers with huge followings in a new phishing campaign called Secureworks. 
  • The people behind the attack start by sending a message pretending to be Instagram, notifying Instagram users of a purported instance of copyright infringement. 
  • There is a link in the message that takes victims to a website controlled by the hackers. From there, the user is asked to enter their Instagram login information, giving the attackers full access to their accounts. 
  • View the Source

Lessons Learned:

1. From the Red Cross attack, we learn a sad but hard truth: cybercriminals have no boundaries and stop at nothing if there is money to be made. This includes attacking an organization that is deemed “off bounds” in many circles. It’s important to remember: if cybercriminals will attack the Red Cross, they will have no problem attacking your organization, no matter the size, scope or industry.

2. The main lesson here- it’s not just the United States that has a ransomware problem- it’s the entire world, unfortunately. The attack on the Canadian government is a prime example of this. We also learn that despite having preventive systems and tools in place, attacks can still happen. The point is that the effects are far less detrimental when preventive measures have been taken, than when they aren’t. 

3. An old, but nonetheless important reminder: never click unknown links. In a far-reaching ransomware scheme, cybercriminals are hacking prominent Instagram accounts through phishing links. Remember, always call the sender to confirm when an unexpected link is sent, even if it is from a prominent company. This is one of the most common phishing and ransomware strategies because people continue to fall for it time and time again. We learn that to still be true in the case of the Instagram attacks.

Questions? Contact PK Tech here.