At Essentials, we bring you the top articles and trends curated by the experts themselves. This month, we’re taking a look at three of our top picks from the April cybersecurity monthly report. Every month we bring together the most popular articles and trends, and provide you with the latest industry updates in one streamlined report. From online extortion, to how to better protect your passwords, to scammers stealing gig workers' salaries, this month’s report won’t disappoint.

Cybersecurity and the Future of Data Extortion

Let’s kick things off with an article discussing how the infamous ransomware gang REvil, recently stole confidential schematics from a third-party Apple supplier Quanta Computer, and are asking for a hefty $50 million ransom. As Apple is notorious for keeping their product releases under lock and key, these hackers knew exactly what they were doing.

The Future of Hacking is Data Extortion

Long gone are the days where hackers focused on petty crimes, like locking people out of their systems. Now their eyes are on money, and they want lots of it. Criminal gangs are putting greater focus on stealing data, with the intention of extorting the owners-- if you don't pay, they release or sell your data. Not only that, but between 2019 and 2020 ransomware demands doubled, with large companies becoming the preferred targets.

Jake Williams, founder of the cybersecurity company Rendition Infosec, discusses this growing trend: “A couple of years ago, we didn’t really see much ransomware plus extortion at all, and now there's an evolution all the way to extortion-only events.”

Preventing Cyber Attacks in the Future

When threatened by hackers, companies often find themselves between a rock and a hard place. They may be forced to pay the ransom, in order to avoid paying the even larger regulatory fines resulting from consumer privacy laws. There is talk about making ransom payments illegal, but to make a real difference, laws must change to not penalise companies who have a cybersecurity protocol in place, and simply were the victims of an attack.

While not much can be done once data is stolen-- you can either recover it or pay the ransom so that it isn’t leaked or sold, cases like this should serve as a reminder as to why cybersecurity is only becoming more important in our society. Only with proper cybersecurity practices in place can we properly defend ourselves against these ransomware gangs.

Read the original article here.

Hackers are Stealing Gig Workers’ Salaries

Just when you thought hackers were bad enough, they got even worse. Scammers have started targeting companies’ gig workers, and are stealing their money. Most recently, hackers have impersonated Target's delivery company Shipt to steal gig worker's credentials through advanced phishing schemes.

Phishing Campaigns are Alive and Well

How have these scammers managed to be so successful? Hackers were impersonating Shipt support through emails as well as phone calls where they asked gig workers to reset their password. From this they are able to add debit cards to their accounts and cash out their entire paychecks…

Shipt also released an "instant payout" option where gig workers can have access to their earnings within the hour rather than weekly, by paying 49 cents. While this is a great option for those who need early access to their funds, it also means scammers can quickly change these workers’ payment information and drain their account within minutes.

Gig Workers are Especially Vulnerable to Cyber Attacks

Gig workers are especially vulnerable to phishing campaigns or other forms of cyber attacks, as they have frequently received less training, have access to less support, and receive less protection or rights than standard employees. While employees may have been aware of cyber threats, gig workers are not always kept in the loop, which makes them more susceptible to these threats.

What Does the Future of Cybersecurity Look Like?

In order to better protect their staff against these cybersecurity risks, companies must heavily invest in educating their staff about the real dangers of phishing campaigns and to never share their banking details, even if prompted via email or phone. Next to this, companies must ensure they have solid cybersecurity protection, so hackers are not able to hack their systems and impersonate them by spoofing their phone numbers or email address.

We’ve seen that hackers are not only preying on large corporations, but vulnerable workers who are living paycheck to paycheck. If a hacker drains their paycheck, they may not be able to eat that week. Companies should take responsibility, and realise how many depend on them. They must protect their employees by safeguarding them not only against only data branches, but also from their company trust being broken.

Read the original article here.

Do You Belong in the Password Hall of Shame?

Even with cybersecurity threats making headlines on a daily basis, most of the world is still using pretty lackluster, and unsafe passwords. To put it in perspective, "123456" was the number one password in 2019 and 2020. The age-old classic "password" took 4th place. While the majority of the 10 most common passwords are some version of these two, there are some surprises-- for example, the 3rd most common password is “picture1”.

Better Company Cybersecurity Starts with the Employees

Having to face new cyber threats on a daily basis, businesses are now using multi-factor authentication (MFA), as well as single sign-on (SSO) services to increase their security. Unfortunately, with employees setting their own passwords, the company on a whole becomes weakened, as hackers can gain access from the employees themselves.

Our weak password game makes sense-- we all have password fatigue, which means we are losing creativity when it comes to creating new passwords. Large companies (1,001 to 10,000 employees) have about 25 passwords, while small businesses (25 or fewer employees), have about 85. Yikes! What’s worse? Those working in the media/advertising industry use the most passwords compared to any other sector with 97 on average.

Cybersecurity & Creating More Secure Passwords

So now that we know most of us aren’t using the best passwords, what can we do? Businesses should implement the use of a password manager, which makes such simple passwords forbidden-- i.e. you have to use both upper and lower case letters, numbers, symbols,etc. Next, companies should require MFA, which means codes are sent to a second device to gain access.

What else? Try not to use passwords containing words in the dictionary, make sure passwords are lengthy, and don't use any identifiable information in your password, i.e. name, birthplace, etc.. Next up, organizations should educate people on what makes a great password, because if you don’t know, how can you make better passwords?

Read the original article here.

Which article from the April monthly report was your favorite? Let us know in the comments below, we would love to hear from you!

Take a look at more top articles, trends and experts by signing up to our newsletter—By getting to choose which topics interest you the most, you get the latest news delivered with ease: https://essentials.news/cybersecurity/my-essentials