Blake Dowling
Over the past decade, Florida, our nation, and the world have been bombarded with cyberattacks.
This week, Allison Nixon from cybersecurity company Unit 221B said on 60 Minutes: “It’s almost like we’re winning every battle and losing the war” regarding hackers and the war we are waging against them.
That really summarized things profoundly: We are fighting smarter, deploying new tools, and sharing info, but breaches continue.
Nixon discussed several incidents, including the breach of the casino (MGM) last year. Casinos take security very seriously, investing deeply in cyber protection, processes, and insurance.
They still lost. How?
An American cybercriminal working in conjunction with Russian cyber-gangs talked their way into their network. They used social engineering tactics (investigating someone thoroughly on social media, using their own online to perpetuate fraud) to impersonate a staff member of the casino who claimed to have lost their password while on vacation and needed it reset.
The IT person at the casino complied with their request and the hacker was in.
They launched ransomware into the computer and the network was breached; massive losses soon followed. The hack had casinos stop working at multiple levels. Impacted systems included slots, hotel room keys, front desk services and others.
The casinos even did what you are supposed to do after being attacked by hackers using ransomware. When the hackers asked them to pay a ransom to get encryption keys to restore their systems, they refused. Instead, they restored the systems internally.
The story on 60 Minutes is old news, we reviewed this situation in 2023 in detail at Florida Politics, but the lessons remain important.
First, we must keep in mind that it is not just the Russians and other overseas hacking groups targeting us. It is now fellow citizens who are helping these foreign entities defraud us.
Second, cyber tools are not enough. All team members in your office must be trained to be human firewalls and spot hacking attempts via phone, text, fax, email, mail, and USB drive. Hackers use our own communication tools as a threat delivery system, so hypervigilance and digital situational awareness on steroids are the only gear to be in at all times.
Tallahassee Democrat writer Mark Hinson’s recent take on email phishing attempts, while humorous, is spot on. Be wary of everything.
If you do not use FedEx for shipping, there is no reason to click on that email from FedEx. Be especially suspicious of fake IRS emails this time of year.
Hackers will concoct various tax-themed fake emails: Your return is late, your refund is huge, and any other number of bogus clickbait subject lines to get you to click on their malware-infested emails. Call your CPA if you have questions, call FedEx if you want to track a package and not at the number in the fake email, as that is fake too.
The reason we are losing the war is tactics are constantly being changed by hackers.
We block email threats, they put them in Dropbox links, we scan for that, they put them in text, we stop that, they try something new. We run all the updates, they infect updates, they call with spoofed numbers, we catch that, they embed websites, they ask for gift cards and crypto, we catch on.
We figured out it’s Russians. They partner with U.S.-based hackers to bridge the language gap. Additionally, hackers are not just targeting health care providers, casinos, and financial institutions; they are also targeting you in some cases.
That means if you are a journalist, elected official or high-ranking executive, you might just have a specific target on your back.
Have you heard of mercenary spyware?
Apple sent a message on April 10 to high-profile clients in 92 countries advising them that they may be victims. If you received one of the messages, you may have been targeted because of “who you are and what you do.”
If that email came to you follow the instructions from Apple to make sure you are protected. There have not been many public scenarios regarding mercenary spyware, but the Pegasus situation was one of them.
Pegasus was made by an Israeli firm called NSO. Unlike most monitoring tools, malware, and ransomware, you don’t have to click or open anything to have it installed. Once installed, it monitors everything you do on your phone.
One can assume that there are now many other software options like it for those with deep pockets.
So, if you deal with sensitive information, consider using encrypted email only—not on your Apple device.
If you did not receive that message from Apple, you can take this off your worry list, but not the others.
The fight against hackers and malware is exhausting, but we must keep up the fight. We must also change tactics. If you’re not doing email attack simulations, do them now (see KnowB4 here in Florida—great tool).
You also need to change your passwords for vendor accounts that may have been breached. The recent Roku breach was caused by hackers using stolen passwords. That tactic is called credentials stuffing.
While they are reporting that only a few thousand accounts were severely breached, change your password if you have a Roku account to be safe. Plus, if you use that password somewhere else, change it too, as there is a good chance it might be for sale on the dark web in the very near future.
That is how credential stuffing works: buying passwords on the dark web and using them elsewhere. Now would also be a good time to deploy two-factor authentication at every level.
We must rise to the challenge, become more aggressive, and fight back. One day, this cyber war will end, but not today.
___
Blake Dowling is CEO of Aegis Business Technologies and can be reached at [email protected].
