Tag Archives: cyberattack

Sci-Tech

Amazon Outage Created Perfect Hacker Conditions

Leave a comment

AWS Outage Created “Perfect Storm” for Social Engineering Attacks 

Last week Amazon Web Services (AWS) went down worldwide, including here in Canada, causing a ripple effect, from governments and local municipalities, to enterprises, small businesses and the individuals who rely on these services daily. 

AWS is a cloud-based service thousands of major companies use to not only store their data, but run their apps and software for many critical business services.  

Whether basic communications using apps such as Snapchat, Signal and Reddit to airlines such as Delta and United reporting disruptions to their customer facing operations, when these services go down it highlights the reliance on just a few cloud services companies (AWS, Microsoft Azure, and Google Cloud) to ‘run the country’ so to speak. 

The AWS outage has further impacted shopping websites, banking apps, and even streaming and smart homes devices.

And while organizations scramble to ensure business operations continue to run, it’s also an opportunity for individuals to do a quick check-in on their own cyber hygiene. 

Cybercriminals and hackers can easily take advantage of these types of outages to deploy an array of social engineering attacks. 

Whether in the office or at home, nothing is more frustrating than losing the ability to access files and documents, and communicate with business associates or loved ones, especially in an emergency or crisis.  

Hackers who rely on mass urgency and panic will see this as an opportunity to take advantage of people’s heightened emotions with phishing emails offering to “fix” the issue and get you back online and into your accounts or apps.  

But in reality, these scammers are looking to steal your personal information, such as login credentials by tricking you into updating your software or resetting your password.   

During major outages, users should avoid clicking on any links in emails, texts and pop-ups claiming to be able to fix the outage. 

Additionally, double check that any alerts or update messages from organizations, such as your bank or payment apps, are verified from the official website or app.   

This is the time to make sure you are using a strong password and multifactor authentication to prevent any unauthorized access to your accounts. 

Delay Things

However, individuals should also delay making sensitive transactions, such as major financial transactions, resetting your password, or installing critical software updates, until the service in question has been announced as officially restored. 

Furthermore, when the service disruption has ended, users should also monitor any affected accounts for unusual activity, discrepancies, and duplicate or fraudulent transactions. 

Finally, this is an excellent reminder for individuals to make sure they have a back-up system in place to access important documents and for communications.  

This can be as easy as keeping a secondary email account or even a back-up mobile phone. For the Silo, Stefani Schappert.

ABOUT THE AUTHOR

Stefanie Schappert, MSCY, CC, Senior Journalist at Cybernews, is an accomplished writer with an M.S. in cybersecurity, immersed in the security world since 2019.  She has a decade-plus experience in America’s #1 news market working for Fox News, Gannett, Blaze Media, Verizon Fios1, and NY1 News.  With a strong focus on national security, data breaches, trending threats, hacker groups, global issues, and women in tech, she is also a commentator for live panels, podcasts, radio, and TV. Earned the ISC2 Certified in Cybersecurity (CC) certification as part of the initial CC pilot program, participated in numerous Capture-the-Flag (CTF) competitions, and took 3rd place in Temple University’s International Social Engineering Pen Testing Competition, sponsored by Google.  Member of Women’s Society of Cyberjutsu (WSC), Upsilon Pi Epsilon (UPE) International Honor Society for Computing and Information Disciplines. 

ABOUT CYBERNEWS

Friends of The Silo, Cybernews is a globally recognized independent media outlet where journalists and security experts debunk cyber by research, testing, and data. Founded in 2019 in response to rising concerns about online security, the site covers breaking news, conducts original investigations, and offers unique perspectives on the evolving digital security landscape. Through white-hat investigative techniques, Cybernews research team identifies and safely discloses cybersecurity threats and vulnerabilities, while the editorial team provides cybersecurity-related news, analysis, and opinions by industry insiders with complete independence. 

Cybernews has earned worldwide attention for its high-impact research and discoveries, which have uncovered some of the internet’s most significant security exposures and data leaks. Notable ones include:

  • Cybernews researchers discovered multiple open datasets comprising 16 billion login credentials from infostealer malware, social media, developer portals, and corporate networks – highlighting the unprecedented risks of account takeovers, phishing, and business email compromise.
  • Cybernews researchers analyzed 156,080 randomly selected iOS apps – around 8% of the apps present on the App Store – and uncovered a massive oversight: 71% of them expose sensitive data.
  • Recently, Bob Dyachenko, a cybersecurity researcher and owner of SecurityDiscovery.com, and the Cybernews security research team discovered an unprotected Elasticsearch index, which contained a wide range of sensitive personal details related to the entire population of Georgia. 

Sci-Tech

Amidst Waves of Data Breaches, U.S. Gov Advised Agencies: Implement Zero Trust Architecture

Leave a comment

It’s been nearly two years since arguments and questions kept rising following the FAA outage that happened on January 11th, 2023, which resulted in the complete closure of the U.S. Airspace and most of the airspace here in Canada.

Although the FAA later confirmed that the outage was, in fact, caused by a contractor who unintentionally damaged a data file related to the Notices to Air Missions (NOTAM) system, the authenticity of the fact is still debated. 

The FAA initially urged airlines to ground domestic departures following the system glitch Credit: Reuters

“The FAA said it was due to one corrupted file – who believes this? Are there no safeguards against one file being corrupted, bringing everything down? Billions of Dollars are being spent on cybersecurity, yet this is going on – are there any other files that could be corrupted?” questions Walt Szablowski, Founder and Executive Chairman of Eracent, a company that specializes in providing IT and cybersecurity solutions to large organizations such as the USPS, Visa, U.S. Airforce, British Ministry of Defense — and dozens of Fortune 500 companies.

There has been a string of cybersecurity breaches across some high-profile organizations.

Last year, on January 19th, T-Mobile disclosed that a cyberattacker stole personal data pertaining to 37 million customers, December 2022 saw a trove of data on over 200 million Twitter users circulated among hackers. In November 2022, a hacker posted a dataset to BreachForums containing up-to-date personal information of 487 million WhatsApp users from 84 countries.

The Ponemon Institute in its 2021 Cost of a Data Breach Report analyzed data from 537 organizations around the world that had suffered a data breach. Note all of the following figures are in US dollars. They found that healthcare ($9.23 million ), financial ($5.72 million), pharmaceutical ($5.04 million), technology ($4.88 million), and energy organizations ($4.65 million) suffered the costliest data breaches.

The average total cost of a data breach was estimated to be $3.86 million in 2020, while it increased to $4.24 million in 2021.

“In the software business, 90% of the money is thrown away on software that doesn’t work as intended or as promised,” argues Szablowski“Due to the uncontrollable waves of costly network and data breaches, the U.S. Federal Government is mandating the implementation of the Zero Trust Architecture.

Eracent’s ClearArmor Zero Trust Resource Planning (ZTRP) consolidates and transforms the concept of Zero Trust Architecture into a complete implementation within an organization.

This image has an empty alt attribute; its file name is image-4.png

“Relying on the latest technology will not work if organizations do not evolve their thinking. Tools and technology alone are not the answer. Organizations must design a cybersecurity system that fits and supports each organization’s unique requirements,” concludes Szablowski. For the Silo, Karla Jo Helms.

Military

EMP Pulse Attack Would Cripple North American Energy Grids

Leave a comment

EMP Attacks: Expert William Forstchen Describes Cataclysmic Impact

Washington, D.C., 2023 — An electromagnetic pulse (EMP) attack above the center of North America would cripple the already vulnerable energy grid, wiping out power and setting off a cascade of deadly events. But just how real is the threat?

“I believe the threat of America being hit by an EMP weapon is the single greatest danger to the survival of [North] America,” said William R. Forstchen, Ph.D.

Widely considered one of the foremost experts on EMP attacks, Forstchen has been consulted by agencies within the American federal and state governments and has spoken at conferences all over the United States.

Forstchen has also written extensively about the devastating impact of EMP strikes, beginning with his New York Times bestseller, One Second After, a realistic look at a weapon and its awesome power to destroy the entire United States and Canada, literally within one second.

One Second After immerses readers in the terrifying concept of an EMP attack, prompting discussions regarding:

  • The frightening specifics about EMP
  • The societal impact of an EMP attack
  • Hour-by-hour, day-by-day, month-by-month details on the effect an EMP attack would have on a community
  • What, if anything, can be done to protect people and the country against an EMP attack?
  • If EMP is such a threat, why aren’t we preparing?
  • The serious threats facing America regarding physical and cyberattacks on our nation’s infrastructure

The publication of One Second After spawned a series that includes One Year AfterThe Final Day and the upcoming book, Five Years Later. A feature film based on One Second After is currently being developed.

nuclear_emp_attack_scenarios_and_combined-arms_cyber_warfare_by_peter_pry_july_2017Download

“EMP is a byproduct of detonating a nuclear weapon,” Forstchen said in an interview. “If you detonate a weapon 200-250 miles above the center of the United States … the gamma ray burst when it hits the upper atmosphere starts a chain reaction. … By the time this hits the earth’s surface at the speed of light, it is a giant electrostatic discharge … it blows out the entire power grid of the United States and Canada. Game over.”

William R. Forstchen is a New York Times bestselling author and holds a doctoral degree from Purdue University with a specialization in military history and technology. He is a noted expert historian and public speaker and has been interviewed on FOX News, C-SPAN, and Coast to Coast on topics ranging from history to technology and cultural issues, to space technology development, to security threats.