October is National Cybersecurity Awareness Month!

National Cybersecurity Awareness Month 2020

October is National Cybersecurity Awareness Month!

This is CISA’s 17th year of National Cybersecurity Awareness Month (NCSAM). In efforts to raise awareness about the importance of cybersecurity across our Nation, Intellectual Point has many great resources to offer. We are here for you and want to help support you are safer and more secure online.

 

NCSAM

CISA and the National Cyber Security Alliance (NCSA) are proud to announce this year’s theme:

“Do Your Part. #BeCyberSmart.”

This theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.

NCSAM emphasizes “If You Connect It, Protect It.” Throughout October, CISA and NCSA will focus on the following areas in our promotions and outreach:

  • October 1 and 2: Official NCSAM Kick-off
  • Week of October 5 (Week 1): If You Connect It, Protect It
  • Week of October 12 (Week 2): Securing Devices at Home and Work
  • Week of October 19 (Week 3): Securing Internet-Connected Devices in Healthcare
  • Week of October 26 (Week 4): The Future of Connected Devices

Use NCSAM’s hashtag #BeCyberSmart before and during October to promote your involvement in raising cybersecurity awareness.

 

 

Here are the main topics to be aware of to #BeCyberSmart

1. Cybercrime – any crime which is committed electronically. This can include identity theft, child sexual abuse materials, financial theft, intellectual property violations, malware, and malicious social engineering.

The Marriott Data Breach impacted the data of more than 5.2 million hotel guests who used their company’s loyalty application. Hackers obtained login credentials of two accounts of Marriott employees who had access to customer information regarding the loyalty scheme of the hotel chain. They used the information to siphon off the data approximately a month before the breach was discovered. According to the Marriot, hackers might have obtained credentials of their employees either by credential stuffing or phishing.

 

2. Malware – any software intended to damage, disable, or give someone unauthorized access to your computer of other internet-connected device. Some examples are ransomware, adware, botnets, rootkits, spyware, viruses, and worms.

Fear in relation to the Coronavirus (COVID-19) has been widely exploited by cybercriminals. CovidLock ransomware is an example. This type of ransomware infects victims via malicious files promising to offer more information about the disease. The problem is that, once installed, CovidLock encrypts data from Android devices and denies data access to victims. To be granted access, you must pay a ransom of USD 100 per device.

 

3. Ransomware – is malware designed to make date or hardware inaccessible to the victim until a ransom is paid. Some examples are Cryptolocker, winlock, crytowall, reventon ransomware, bad rabbit, crysis, and wannacry.

One of Fortune 500 companies, Magellan Health was struck by a ransomware attack and data breach in April 2020. The healthcare giant confirmed by stating that about 365,000 patients were affected in the sophisticated cyberattack. According to the investigation, the attack was launched with a fully planned process where hackers first installed malware to steal employee login credentials. Then they leveraged a phishing scheme to gain access to systems of Magellan after sending out a phishing email and impersonating as their client before deploying ransomware attack.

 

4. Bots – are a type of program used for automating tasks on the internet. Not all bots are bad. When you use a search engine, these results are made possible by the help of bots “crawling” the internet and indexing content. Chatbots like Siri and Alexa are another common type of “good” bot. Malicious bots can gather passwords, log keystrokes, obtain financial information, hijack social media accounts, use your email to send spam, and open back doors on the infected device.

3ve was the “mother” to three distinct yet interconnected sub-operations, each of which perpetrated ad fraud and were able to skillfully evade detection. A months long investigation led by White Ops, Google and law enforcement that began in early 2017 resulted in an unprecedented take down in the Fall of 2018. 3ve’s demise was historic in that it was the first time several individuals were arrested and indicted for ad fraud, subsequently altering the risk-reward ratio for would be fraudsters.

 

5. Physical Cyber Attacks – use hardware, external storage devices, or other physical attack vectors to infect, damage, or otherwise compromise digital systems. This can include USB Storage devices, CD/DVD, and Internet of Things. Anything connected to the internet is potentially vulnerable, from e-scooters to laptops to cargo ships.

Verizon’s 2018 Data Breach Investigations Report found that more than one in 10 data breaches in the previous year had a physical component.

 

6. Social Engineering – cybercriminals can take advantage of you by using information commonly available through social media platforms, location sharing, and in-person conversations. Examples are phishing, pretexting, baiting, quid pro quo, tailgating, inside job, and swatting.

Twitter took the whole internet by storm when it was hit by one of the most brazen online attacks in history! The social media platform suffered a breach where the hackers verified Twitter accounts of high profile US personalities like Barack Obama, Elon Musk, Joseph R. Biden Jr., Bill Gates, and many more. Reportedly, the Twitter breach well-coordinated scam made attackers swindle $121,000 in Bitcoin through nearly 300 transactions.

 

7. Phishing – fake messages from a seemingly trusted or reputable source designed to convince you to reveal information, give unauthorized access to a system, clink on a link, or commit to a financial transaction. Examples are emails, text messages, phone calls, social media messages and posts, and suspicious hyperlinks.

Hackers targeted the World Health Organization (WHO) in another attempted data breach. In this phishing incident, attackers created a fake website to imitate a login screen used by WHO employees. The attack to steal employee passwords was unsuccessful the website was exposed as fraudulent right after it went live on March 13.

 

8. Swatting – an attack centered around location sharing in which bad actors call the police claiming the victim has committed a crime like a bomb threat, armed intruder, or other violent incident. Your location is embedded as metadata in every picture you take with your phone. Turn location services off when you aren’t using them to make it more difficult for bad actors to view this information.

Federal prosecutors have charged three men with carrying out a deadly hoax known as “swatting,” in which perpetrators call or message a target’s local 911 operators claiming a fake hostage situation or a bomb threat in progress at the target’s address — with the expectation that local police may respond to the scene with deadly force. While only one of the three men is accused of making the phony call to police that got an innocent man shot and killed, investigators say the other two men’s efforts to taunt and deceive one another ultimately helped point the gun.

 

9. Other Avenues of Attack – some of the other vulnerabilities are internet of everything, any device connected to your network, information collection, remote access, bluetooth, and open ports. Examples are smart devices, mobile phone, thermostat, vehicles, gaming consoles, printers, medical equipment, and industrial systems.

Ring devices took a very big hit on security flaws . In one case a hacker taunted a child in Mississippi, in another someone hurled racist insults at a Florida family. Motherboard found hackers have made dedicated software for more swiftly gaining access to Ring cameras by churning through previously compromised email addresses and passwords, and that some hackers were live-streaming the Ring abuse on their own so-called podcast dubbed “NulledCast.” Ring lacked basic security features, making it easy for hackers to turn the company’s camera against its customers.

 

Another BIG topic is PASSWORDS!

Password or credential stuffing is a cyberattack that tries “stuffing” already comprised username and passwords from one site into another site in hopes that the user uses the same login information across platforms.

  • Use different passwords on different systems and accounts
  • Use the longest password allowed
  • Use a mix of uppercase and lowercase letter, numbers, and symbols
  • Reset your password every few months
  • Use a password manager

 

One big example of this is when more than half a million Zoom account credentials, usernames and passwords were made available in dark web crime forums. Some were given away for free while others were sold for as low as a penny each.

 

IP Logo

See our calendar of classes to learn how to defend these attacks. Schedule 

 

 

What Cyber Security Career Path are you on?

 

How to Launch Your IT Career with Intellectual Point

 

How to Advance your IT Carrier with Intellectual Point

 

How to Prepare for your IT Exam with Intellectual Point

 

How to Find an IT Job with Intellectual Point

 

Leave a Reply

Latest News

Intellectual Point Announces GI Bill® Approval

Intellectual Point Announces GI Bill® Approval   Intellectual Point, a leading provider of IT training and certification programs, is proud to announce its Virginia State Approving Agency

0

Revamped Course Schedule for 2024: Innovations and Returns at Intellectual Point

Revamped Course Schedule for 2024: Innovations and Returns at Intellectual Point By contributor Laurentino Rodrigues   At Intellectual Point, we pride ourselves on being at the forefront

0

Red Ribbon Week – Be Kind to Your Mind, Live Drug FreeTM

Red Ribbon Week – Red Ribbons have been a part of a national campaign since 1985 in response to the murder of special agent Enrique Camarena of

0

October: Cybersecurity Awareness Month

October: Cybersecurity Awareness Month By contributor Lyan Ware   Pumpkin spice everything, cozy sweater weather, spooky movie reruns, and that crisp, lingering bonfire smell in the air

0

happy clients

Michael Seidu

“It changed my life because I got certifications that matter in IT and I got one job that was paying me more than the two jobs I ...
Read More

Prince Okpalaeze

“I didn’t see the importance of getting certifications. But when they emphasized certifications is one of the things that will give you a better foot in the ...
Read More

Bridget Robinson

“I highly recommend Intellectual Point. I am a proud student who matriculated through their PMP/CAPM course. The instructor and staff were very engaging, high energy, and created ...
Read More

Cynthia Sano

“They were really accommodating for financial support. I was able to pay on a monthly basis, they set up a payment plan that made it convenient so ...
Read More

Kajli Prince

“My instructor Prem had such sharp industry experience that he brought to the course. The classes, the lectures, the practical applications, you don’t get this other places.” ...
Read More

Rajiv Koul

“At Intellectual Point they are very student friendly and the labs are excellent. It was very good to have hands-on material and hands-on courses.” -Rajiv Koul Senior ...
Read More

Abraham Lewis, Jr.

“After revamping my resume and putting it out there I started getting calls from people everywhere and my salary leapt right away, it was amazing.” - Abraham ...
Read More

Kajli Prince

“What’s the next thing coming that people are going to be looking towards, Cloud, virtualization? At Intellectual Point you get this breadth of experience that was a ...
Read More

David McPhatter

“If a person is trying to get into the IT field and the IT security field then this place can do a lot.” -David McPhatter, CISSP, CISM, ...
Read More

Ramprasad Venkat

“These trainings are more interactive because Prem brings in a lot of real experience, it clearly goes to show how much he has worked in the cyber ...
Read More

Zuhdi Arnous

“The environment in the class was motivating, everyone was participating, we learned from each other. We got a lot of practice which helped us get not just ...
Read More

Zuhdi Arnous

“Prem showed me the options for how to get to my dream, to get to my goal. We made a plan together and I did the courses ...
Read More

Diana Roix

“I would recommend anyone that has a passion for IT or cyber or making a difference in the world, making it more safe—come to Intellectual Point.” -Diana ...
Read More

What Our Customers Say - Based on over 600+ Reviews!

Join Thousands of Happy Clients Join our Alumni Group Google Reviews
Our Top Customers
APEX COLOR LOGO
Booz Allen logo
DARS Logo
HP logo
hpe logo
INOVA Logo
Lockheed Martin Logo
mantech logo
northrop grumann logo
Optum Logo
Verizon Logo
WIOA Logo
Training and Testing Partners
CompTIA Logo
AWS logo
ISACA logo
ITPG logo
Phoenix logo
RedHat Logo
SunsetLearning Logo
UoNA logo
UOPX logo
certiport logo
clep logo
IQT-logo
Kryterion_logo
Pan Testing Center Logo
dsst logo
PearsonVue Logo
Sanctum Federal
Scantron Castle Logo