We’re all familiar with the typical tricks used by bad actors - think phishing emails, financial extortion and credential stuffing.
Education around cyber security is growing, meaning we are becoming more aware of the usual tricks hackers try to catch us with.
Unfortunately, this means hackers are constantly looking for new ways to outsmart us.
Below are five surprising techniques hackers are using to try steal our data:
Most are already aware of the importance of using antivirus, anti-malware and VPNs to secure our computers, phones and other devices against cyber threats.
Printers? Not so much.
In fact, the humble printer remains one of the weakest internet-enabled links in the security of both business and home networks. In fact in 2020, a team of researchers found over 800,000 vulnerable printers through a global search tool widely used by cyber criminals.
In order to safeguard against potential cyber-attacks, printer users need to change their product’s default password as soon as possible to a strong unique one.
Using a secure connection such as WPA2 to connect printers to a network will also help avoid cyber vulnerabilities, as will ensuring printer technology is up to date alongside the manufacturer’s firmware.
Bad actors have no issue directly approaching business employees, asking for their assistance in accessing company information. LinkedIn is used as a tool to scope out disgruntled employees and access contact information.
For instance, in 2020 a Tesla employee was offered USD $1 million in exchange for cooperation in an attack against his company.
Whilst the regularity in which hackers approach employees may be contested, it’s still a tactic business leaders should be weary of.
Tools used to monitor for any cyber threats such as logging, endpoint protection, multi-factor authentication, network segmentation, and monitoring should be used to prevent such potentially crippling attacks from the inside.
Most governments require companies to report cyber breaches if they are significant enough. In NZ, companies must notify the Office of the Privacy Commissioner of a breach within 72 hours if the breach either has caused or is likely to cause anyone serious harm.
Despite being changed to improve cybersecurity, regulatory change in the US are giving cyber criminals a new tactic to coerce payments.
For instance, the BlackCat/ALPHV ransomware gang has started abusing new US Securities and Exchange Commission (SEC) cyber incident reporting rules to put pressure on organisations that refuse to negotiate ransom payments.
Through double extortion BlackCat named and shamed US company MeridianLink and its data leak website, then they took it one step further and filed an SEC complaint against MeridianLink for failing to disclose a significant breach.
Such manipulation reveals an uncomfortable truth: compliance alone is not sufficient. Cybersecurity is thoroughly dynamic and requires robust, always-on defences and proactive strategies.
A commonly observed social media trend is the posting of classic passport and boarding pass photos online ahead of embarking on holiday.
Unbeknownst to many, hackers can use free online software to read boarding pass barcodes or QR codes. These codes contain personal identification and contact details, as well as reservation and frequent flier numbers.
They may even include passport and driver’s license numbers, which can be sold on the dark web and ultimately used to steal a victim’s identity, open credit accounts, or make unauthorised purchases.
Although it’s hard to resist amidst the excitement of a holiday, being careful what you share online is important here, i.e. not sharing barcodes or QR codes online as well as waiting until you’ve returned from holiday before sharing location-tagged photos, as to prevent opportunistic cyber-attacks.
The fish tank hack
The story of the fish tank hack is niche, but well heeded as it proves just about anything can be hacked provided it has internet connectivity.
A high-tech fish tank in a North American casino provided the conduit for cyber hackers to swipe 10 gigabytes of data from the casino’s computer network.
The case goes to show just because a device can connect to the internet, it doesn’t automatically make it cybersecure and external systems must be put in place to ensure they don’t fall foul of hacker control.
At Kordia, we provide expert advice and support for customers big and small covering the full spectrum of cybersecurity vulnerabilities, no matter how niche.
We’ve brought together an in-house team of expert security consultants and engineers, as supported by our independent security division – Aura Information Security. Get in touch with us today to discuss your cybersecurity needs.
