During my search for articles on KrebsonSecurity, I identified an incident that occurred approximately in the last two weeks. The title of the news article, “T-Mobile: Breach Exposed SSN/DOB of 40m+ People”, caught my attention, especially considering T-Mobile owns my provider. While the article did not mention the details of what caused the breach other than it being a “highly sophisticated attack against the network”, it is known that more than 40 million current, former, and prospective customer’s PII such as names, date of birth, Social Security number and driver’s license/ID information was disclosed. To my understanding, it did not become known to T-Mobile that a breach had occurred until a Twitter account started “tweeting the details” of the attack, and the hacker(s) sought to sell customer’s records in the cybercrime forum. The stolen information is actively being sold online through underground networks but typically it gets uploaded to the public web at some point. T-Mobile’s response to the attacks was to reset all the PINs associated with the accounts and advised affected customers to reset their passwords and freeze their credit. Unfortunately, the consequences of this breach may involve identity threats, so the company has offered to pay for two years of identity theft protection services for any affected customers and services to protect user’s mobile accounts. However, it doesn’t stop there. The article mentioned that those affected by the breach will have to proceed with caution from scammers who will target them with phishing messages, account takeovers, and harassment; there is a possibility that scammers may try to impersonate the company.
I found this fascinating article on how machine learning and artificial intelligence can be used by hackers for sending phishing emails better than humans!
The age of AI has many alluring use cases and benefits, but its advantages are also seen from the mind of the hacker. They are using AI to craft spear phishing campaigns at a massive scale.
The article talks more about how researchers and governments are stepping in to address the malicious use of AI. Researchers are now working on tools that can identify and police synthetic or AI-generated phishing emails
The article I read was titled “Amazon Announces Two New Cybersecurity Initiatives Aimed To Protect Organizations and Individuals’ from 6 days ago. This article basically describes two new security measures Amazon is implementing to protect individuals from cybersecurity threats. The first one is unveiling to the public its cybersecurity training materials that it previously developed to keep employees and sensitive info safe from cyber attacks. This training comes out in October, and will use videos and online assessments to educate individuals and organizations based on their needs. Amazon is also offering AWS (Amazon Web Service) customers a multi-factor authentication device for free in order to protect their most sensitive information from cyber attacks. This device simply plugs into the users USB port, and they use it by typing in their password and then touching the device. This device also comes out in October, and will offer an extra layer of protection to users.
The news I got from The Hackernews which is”Microsoft Warns of Wildespread Phishing Attacks Using Open Redirects”. Open redirector links in email communications may bypass security software and entice users to visit malicious websites to obtain users’ personal information. The Microsoft team reported that phishing emails will use CAPTCHA verification pages to increase legitimacy and avoid security software if the user opens the link. These links will use some legal service settings, including the use of top-level domains. club,. shop,. Online, etc. are passed as parameters to bypass the email security system to prevent phishing emails. According to Microsoft’s investigation, such large-scale attacks require a lot of investment, which means that the potential rewards of such attacks are huge.
I am interested in this article. Because I am using Outlook and Gmail mailbox software. However, these software have the function of organizing spam and phishing software. Every time I open Junk and Spam, I can see many such links. But I will not try to open it. However, this piece of news made me feel that there is still a very high possibility of information security risks, even if the mailbox software can automatically block some phishing emails. This means that for every email, users need to be very careful.
Elizabeth Gutierrez says
During my search for articles on KrebsonSecurity, I identified an incident that occurred approximately in the last two weeks. The title of the news article, “T-Mobile: Breach Exposed SSN/DOB of 40m+ People”, caught my attention, especially considering T-Mobile owns my provider. While the article did not mention the details of what caused the breach other than it being a “highly sophisticated attack against the network”, it is known that more than 40 million current, former, and prospective customer’s PII such as names, date of birth, Social Security number and driver’s license/ID information was disclosed. To my understanding, it did not become known to T-Mobile that a breach had occurred until a Twitter account started “tweeting the details” of the attack, and the hacker(s) sought to sell customer’s records in the cybercrime forum. The stolen information is actively being sold online through underground networks but typically it gets uploaded to the public web at some point. T-Mobile’s response to the attacks was to reset all the PINs associated with the accounts and advised affected customers to reset their passwords and freeze their credit. Unfortunately, the consequences of this breach may involve identity threats, so the company has offered to pay for two years of identity theft protection services for any affected customers and services to protect user’s mobile accounts. However, it doesn’t stop there. The article mentioned that those affected by the breach will have to proceed with caution from scammers who will target them with phishing messages, account takeovers, and harassment; there is a possibility that scammers may try to impersonate the company.
Link to the article: https://krebsonsecurity.com/2021/08/t-mobile-breach-exposed-ssn-dob-of-40m-people/#more-56638
Shubham Patil says
I found this fascinating article on how machine learning and artificial intelligence can be used by hackers for sending phishing emails better than humans!
The age of AI has many alluring use cases and benefits, but its advantages are also seen from the mind of the hacker. They are using AI to craft spear phishing campaigns at a massive scale.
The article talks more about how researchers and governments are stepping in to address the malicious use of AI. Researchers are now working on tools that can identify and police synthetic or AI-generated phishing emails
Link: https://www.wired.com/story/ai-phishing-emails/
Alexander William Knoll says
The article I read was titled “Amazon Announces Two New Cybersecurity Initiatives Aimed To Protect Organizations and Individuals’ from 6 days ago. This article basically describes two new security measures Amazon is implementing to protect individuals from cybersecurity threats. The first one is unveiling to the public its cybersecurity training materials that it previously developed to keep employees and sensitive info safe from cyber attacks. This training comes out in October, and will use videos and online assessments to educate individuals and organizations based on their needs. Amazon is also offering AWS (Amazon Web Service) customers a multi-factor authentication device for free in order to protect their most sensitive information from cyber attacks. This device simply plugs into the users USB port, and they use it by typing in their password and then touching the device. This device also comes out in October, and will offer an extra layer of protection to users.
https://www.businesswire.com/news/home/20210825005808/en/Amazon-Announces-Two-New-Cybersecurity-Initiatives-Aimed-To-Protect-Organizations-and-Individuals
Yangyuan Lin says
The news I got from The Hackernews which is”Microsoft Warns of Wildespread Phishing Attacks Using Open Redirects”. Open redirector links in email communications may bypass security software and entice users to visit malicious websites to obtain users’ personal information. The Microsoft team reported that phishing emails will use CAPTCHA verification pages to increase legitimacy and avoid security software if the user opens the link. These links will use some legal service settings, including the use of top-level domains. club,. shop,. Online, etc. are passed as parameters to bypass the email security system to prevent phishing emails. According to Microsoft’s investigation, such large-scale attacks require a lot of investment, which means that the potential rewards of such attacks are huge.
I am interested in this article. Because I am using Outlook and Gmail mailbox software. However, these software have the function of organizing spam and phishing software. Every time I open Junk and Spam, I can see many such links. But I will not try to open it. However, this piece of news made me feel that there is still a very high possibility of information security risks, even if the mailbox software can automatically block some phishing emails. This means that for every email, users need to be very careful.
Reference:
https://thehackernews.com/2021/08/microsoft-warns-of-widespread-phishing.html