1) Compromised Credentials (Identity)
Most cyber incidents and breaches are through stolen or compromised credentials. Your credentials in the hands of a hacker allows them unfettered access to your personals and private information.
This includes financial and healthcare information, social media, email accounts, and cloud storage. With
information gained from compromised credentials, hackers can gather information to steal your identity and ruin you financially.
Malware/ransomware can be delivered in several different methods. It can be included in an email, embedded in an image, and posted on a webpage that is automatically downloaded when the load the page. Attackers look for pathways to have the malware bypass the normal protections.
Email and requested/visited websites are traffic that are expected to be sent to a user’s computer. It is that fact that the email and webpage are expected that we sometimes drop out guard.
3) AI Phishing
AI phishing is when an attacker uses AI to develop the phishing attack. Some of the old way of identifying a phishing email is the use of bad grammar or misspelled words. With AI phishing those no longer apply.
When you receive any email, ask yourself these three questions:
- Did I expect to receive this email? Not all unexpected emails are nefarious.
- Is the address legitimate? Addresses can look close to a common address.
- Am I being asked to click a link or download something? Always be aware of links. The words on the hyperlink may not match the actual URL of the link.
4) Data Privacy
Confidential data is the core of business operations and critical to its success. Data disclosure can eliminate a company’s knowledge or technology that differentiates it from its competitors.
Data ‘leakage’ is when private data is disclosed to a party who does not have the authorization to see/have that data. The most recent path of data leakage is through ChatGPT.
Samsung engineers asked ChatGPT to write some code for them. In doing so they shared confidential code with the AI which incorporated the shared code into its data set making it open to the public.
5) Spoofing Websites
Website spoofing is when a fraudulent website is presented to a user instead of the actual website. This is most common for front pages of websites that request login credentials. The user assumes that the website is real and enters in their username and password, and the fraudulent website records the credentials and then redirects the user to the real web page.
The user is asked to enter their credentials on the real webpage and they are let into the website. The user is unaware that they have given their credentials to an attacker for them to gain access to their website account.
This attack has been very common for cloud storage and services websites like Office 365, Dropbox, and box.com. Always check the URL and if there is a valid certificate(padlock image next to the URL) for the website.