White House Announces Possible Rise in Cyberattacks—What You Can Do to Stay Safe

The White House recently reissued a warning to American businesses in response to the unprecedented economic sanctions the U.S. has imposed on Russia for the Ukraine invasion, stating, “There is now evolving intelligence that Russia may be exploring options for potential cyberattacks.”  

Along with this statement, the White House published a fact sheet outlining the new and ongoing steps the government is taking to protect its infrastructure and technologies, along with steps that private businesses can take to protect themselves from attacks as well.  

Of course, any successful attack on government operations and the operations of private businesses could potentially affect households as well—such as in the case of data breaches where data or information is stolen from a system, often the personal data and information of individuals. 

Word of potential attacks understandably leaves people feeling uncertain and may further leave them wondering if there’s anything they can do to protect themselves. With regards to data breaches and the cases of identity theft that typically follow, there are several steps people can take to keep safer online.  

Let’s break down what a data breach looks like, how it can affect you, and what you can do in advance of a breach to protect yourself. 

Examples of data breaches in the past 

We’ve certainly seen data breaches make the news over the years, which are often (but not always) associated with malicious hackers or hacker organizations. A quick list of some of the largest and most impactful breaches we’ve seen in recent years: 

• Facebook – 2019: Two datasets leaked the records of more than 530 million users, including phone numbers, account names, Facebook IDs, and more. 
• Marriott International (Starwood) – 2018. Leakage of 500,000 guest names, emails, actual mailing addresses, phone numbers, passport numbers, Starwood Preferred Guest account information, date of birth, and information about stays. 
• Equifax – 2017. Approximately 147 million records, including name, address, date of birth, driver’s license numbers, and Social Security Numbers were leaked, as well as credit card information for a further 200,000 victims. 

Healthcare facilities have seen their data breached, along with the operations of popular restaurants. Small businesses find themselves in the crosshairs as well, with one report stating that 43% of data leaks target small businesses. Those may come by way of an attack on where those businesses store their records, a disgruntled employee, or by way of a compromised point-of-sale terminal in their store, office, or location. 

What differs with the White House warning is who may end up being behind these potential attacks—a nation-state rather than what are financially motivated hackers or hacking groups. (Some research indicates that nearly 90% of breaches are about the money.) However, the result is the same. Your personal information winds up loose in the world and possibly in the hands of a bad actor.   

What can get exposed in a data breach?  

The fact is that plenty of our information is out there on the internet, simply because we go about so much of our day online, whether that involves shopping, banking, getting results from our doctors, or simply hopping online to play a game once in a while.  

Naturally, that means the data in any given breach will vary from service to service and platform to platform involved. Certainly, a gaming service will certainly have different information about you than your insurance company. Yet broadly speaking, there’s a broad range of information about you stored in various places, which could include:  

• Username and password 
• E-mail address 
• Phone numbers and home address 
• Contact information of friends and family 
• Date of birth 
• Driver’s license number 
• Credit card and debit card numbers, bank account details 
• Purchase history and account behavior history 
• Patient information (in the case of healthcare breaches) 
• Social Security Number or Tax ID Number 

As to what gets exposed and when you might find out about it, that can vary greatly as well. One industry research report found that 60% of breaches were discovered in just days from the initial attack while others could take months or even longer detect. Needless to say, the timeline can get rather stretched before word reaches you, which is a good reason to change your passwords regularly should any of them get swept up in a breach. (An outdated password does a hacker no good—more on that in a bit.) 

What do cybercriminals do with this kind of information? 

The answer is plenty. In all, personal information like that listed above has a dollar value to it. In a way, your data and information are a kind of currency because they’re tied to everything from your bank accounts, investments, insurance payments—even tax returns and personal identification like driver’s licenses.  

With this information in hand, a crook can commit several types of identity crimes—ranging from fraud to theft. In the case of fraud, that could include running up a bill on one of your credits cards or draining one of your bank accounts. In the case of theft, that could see crooks impersonate you so they can open new accounts or services in your name. Beyond that, they may attempt to claim your tax refund or potentially get an ID issued in your name as well. 

Another possibility is that a hacker will simply sell that information on the dark marketplace, perhaps in large clumps or as individual pieces of information that go for a few dollars each. However it gets sold, these dark-market practices allow other fraudsters and thieves to take advantage of your identity for financial or another gain.  

Protecting yourself from the effects of data breaches 

The succinct answer is to sign up for an identity protection service. It can monitor dozens of types of personal information and then alert you if any of them are possibly being misused, so you can address any issues right away before they become a potentially much bigger problem.  

Further, pairing identity protection with online protection software can protect you even more. With an all-up view of your overall online security—how well you’re protecting yourself and your identity online—it can guide you through steps that can shore up your protection and make you safer still. 

Identity protection such as ours gives you the added benefit of a professional recovery specialist who can assist with restoring your affairs in the wake of fraud or theft, plus up to $1 million in insurance coverage. 

What if I think I’m the victim of identity theft? 

When a business, service, or organization falls victim to a breach, it doesn’t always mean that you’re automatically a victim too. Your information may not have been caught up in it. However, it’s best to act as if it was. With that, we strongly suggest you take these immediate steps. 

Change your passwords and use two-factor authentication 

Given the possibility that your password may be in the hands of a bad actor, change it right away. Strong, unique passwords offer one of your best defenses against hackers. Update them regularly as well. As mentioned above, this can protect you in the event a breach occurs and you don’t find out about it until well after it’s happened. You can spare yourself the upkeep that involves a password manager that can keep on top of it all for you. If your account offers two-factor authentication as part of the login process, make use of it as it adds another layer of security that makes hacking tougher.  

Keep an eye on your accounts 

If you spot unusual or unfamiliar charges or transactions in your account, bank, or debit card statements, follow up immediately. That could indicate improper use. In general, banks, credit card companies, and many businesses have countermeasures to deal with fraud, along with customer support teams that can help you file a claim if needed. 

Sign up for an identity theft protection service 

As outlined above, identity protection like ours can monitor a broad set of your personal information and provide you guidance for making it more secure, in addition to getting help from a professional recovery specialist.  

For an even closer look at identity theft, we have two articles that can help guide the way if you think you’re a victim, each featuring a series of straightforward steps you can take to set matters right: 

• Top Signs of Identity Theft 
• How to Report Identity Theft to Social Security 

Proactively protecting yourself and your family 

No matter how uncertain news of possible cyberattacks may any of us feel, you can take steps to set some of that uncertainty aside. An identity protection service is a strong first move against possible identity theft, as is pairing it with online protection software that keeps you safer online overall. Likewise, knowing the signs of possible identity theft and what you can do to address it right away offer further assurance still—like having the services of a professional recovery specialist to help.  

In all, there’s no need to leave yourself wondering at the news from the White House. As an individual, you have it in your power to make yourself and your family safer than they are now. 

The post White House Announces Possible Rise in Cyberattacks—What You Can Do to Stay Safe appeared first on McAfee Blog.

It Was a Good Month for Fighting Cybercrime—Don’t Get Comfortable

Even as police and tech companies get better at shutting down illicit operations, cybercrime is worse than ever.

Hackers Are Getting Caught Exploiting New Bugs More Than Ever

A pair of reports from Mandiant and Google found a spike in zero-day vulnerabilities in 2021. The question is, why?

North Koreans Are Jailbreaking Phones to Access Forbidden Media

A new report suggests that a small but vibrant group of smartphones hackers may be challenging the world's most digitally restrictive regime.

Russia Is Being Hacked at an Unprecedented Scale

From “IT Army” DDoS attacks to custom malware, the country has become a target like never before.

You Need to Update iOS, Android, and Chrome Right Now

Plus: Microsoft patched some 100 flaws, while Oracle issued more than 500 security fixes.

One of the Most Powerful DDoS Attacks Ever Hits a Crypto Platform

The onslaught was delivered through HTTPS, which puts more strain on a target, and it suggests that attackers are getting more powerful.

Android 13 Tries to Make Privacy and Security a No-Brainer

With its latest mobile OS update, Google aims to simplify the adoption of Android’s protective features for users and developers alike.

The Case for War Crimes Charges Against Russia’s Sandworm Hackers

A group of human rights lawyers and investigators has called on the Hague to bring the first-ever “cyber war crimes” charges against Russia’s most dangerous hackers.

The Hidden Race to Protect the US Bioeconomy From Hacker Threats

A biotech threat intelligence group is gaining supporters as urgency mounts around an overlooked vulnerable sector.

Your iPhone Is Vulnerable to a Malware Attack Even When It’s Off

Researchers found a way to exploit the tech that enables Apple’s Find My feature, which could allow attackers to track location when a device is powered down.

This Hacktivist Site Lets You Prank Call Russian Officials

To protest the war in Ukraine, WasteRussianTime.today auto-dials Russian government officials, connects them to each other, and lets you listen in to their confusion.

Spyware Vendors Target Android With Zero-Day Exploits

New research from Google's Threat Analysis Group outlines the risks Android users face from the surveillance-for-hire industry.

North Korean IT Workers Are Infiltrating Tech Companies

Plus: The Conti ransomware gang shuts down, Canada bans Huawei and ZTE, and more of the week’s top security news.

‘Tough to Forge’ Digital Driver’s Licenses Are—Yep—Easy to Forge

Researchers found a litany of security flaws that allow simple, quick, and cheap forgeries in Australia.

The Mystery of China’s Sudden Warnings About US Hackers

The Chinese government recently began saber-rattling about American cyberespionage. The catch? It’s all old news.

DuckDuckGo Isn’t as Private as You Think

Plus: A $150 million Twitter fine, a massive leak from a Chinese prison in Xinjiang, and an ISIS plot to assassinate George W. Bush.

An Actively Exploited Microsoft Zero-Day Flaw Still Has No Patch

The company continues to downplay the severity of the Follina vulnerability, which remains present in all supported versions of Windows.

Google May Owe You a Chunk of $100 Million

Plus: The US admits to cyber operations supporting Ukraine, SCOTUS investigates its own, and a Michael Flynn surveillance mystery is solved.

The Hacker Gold Rush That's Poised to Eclipse Ransomware

As governments crack down on ransomware, cybercriminals may soon shift to business email compromise—already the world's most profitable type of scam.

AlphaBay Is Taking Over the Dark Web—Again

Five years after it was torn offline, the resurrected dark web marketplace is clawing its way back to the top of the online underworld.

A Long-Awaited Defense Against Data Leaks May Have Just Arrived

MongoDB claims its new “Queryable Encryption” lets users search their databases while sensitive data stays encrypted. Oh, and its cryptography is open source.

Hackers Can Steal Your Tesla by Creating Their Own Personal Keys

A researcher found that a recent update lets anyone enroll their own key during the 130-second interval after the car is unlocked with an NFC card.

Conti's Attack Against Costa Rica Sparks a New Ransomware Era

A pair of ransomware attacks crippled parts of the country—and rewrote the rules of cybercrime.

Russia Is Taking Over Ukraine’s Internet

In occupied Ukraine, people’s internet is being routed to Russia—and subjected to its powerful censorship and surveillance machine.

Police Linked to Hacking Campaign to Frame Indian Activists

New details connect police in India to a plot to plant evidence on victims' computers that led to their arrest.

Here’s Why You’re Still Stuck in Robocall Hell

Despite major progress fighting spam and scams, the roots of the problem go far deeper than your phone company’s defenses.

An Alleged Russian Spy Was Busted Trying to Intern at The Hague

Plus: Firefox adds new privacy protections, a big Intel and AMD chip flaw, and more of the week’s top security news.

The Ghost of Internet Explorer Will Haunt the Web for Years

Microsoft's legacy browser may be dead—but its remnants are not going anywhere, and neither are its lingering security risks.

Google Warns of New Spyware Targeting iOS and Android Users

The spyware has been used to target people in Italy, Kazakhstan, and Syria, researchers at Google and Lookout have found.

The Post-Roe Privacy Nightmare Has Arrived

Plus: Microsoft details Russia’s Ukraine hacking campaign, Meta’s election integrity efforts dwindle, and more.

You Need to Update Windows and Chrome Right Now

Plus: Google issues fixes for Android bugs. And Cisco, Citrix, SAP, WordPress, and more issue major patches for enterprise systems.

A New, Remarkably Sophisticated Malware Is Attacking Routers

Researchers say the remote-access Trojan ZuoRAT is likely the work of a nation-state and has infected at least 80 different targets.

The Worst Hacks and Breaches of 2022 So Far

From cryptocurrency thefts to intrusions into telecom giants, state-backed attackers have had a field day in the year’s first half.

How to Avoid the Worst Instagram Scams

Fake sellers. Competitions. Crypto cons. There are plenty of grifts on the platform, but you don’t have to get sucked in.

Apple’s Lockdown Mode Aims to Counter Spyware Threats

Starting with iOS 16, people who are at risk of being targeted with spyware will have some much-needed help.

Will These Algorithms Save You From Quantum Threats?

Quantum-proof encryption is here—decades before it can be put to the test.

Chinese Police Exposed 1B People's Data in Unprecedented Leak

Plus: A duplicitous bug bounty scheme, the iPhone's new “lockdown mode,” and more of the week's top security news.

New ‘Retbleed’ Attack Can Swipe Key Data From Intel and AMD CPUs

The exploit can leak password information and other sensitive material, but the chipmakers are rolling out mitigations.

A New Attack Can Unmask Anonymous Users on Any Major Browser

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack.

Amazon Handed Ring Videos to Cops Without Warrants

Plus: A wild Indian cricket scam, an elite CIA hacker is found guilty of passing secrets to WikiLeaks, and more of the week's top security news.

Instagram Slow to Tackle Bots Targeting Iranian Women’s Groups

Despite alerting Meta months ago, feminist groups say tens of thousands of fake accounts continue to bombard them on the platform.

The 2022 US Midterm Elections' Top Security Issue: Death Threats

While cybersecurity and foreign meddling remain priorities, domestic threats against election workers have risen to the top of the list.

The January 6 Secret Service Text Scandal Turns Criminal

Plus: The FCC cracks down on car warranty robocalls, Thai activists get targeted by NSO's Pegasus, and the Russia-Ukraine cyberwar continues.

Three Common Mistakes That May Sabotage Your Security Training

Phishing incidents are on the rise. A report from IBM shows that phishing was the most popular attack vector in 2021, resulting in one in five employees falling victim to phishing hacking techniques. The Need for Security Awareness Training  Although technical solutions protect against phishing threats, no solution is 100% effective. Consequently, companies have no choice but to involve their

A New Attack Easily Knocked Out a Potential Encryption Algorithm

SIKE was a contender for post-quantum-computing encryption. It took researchers an hour and a single PC to break it.

The Microsoft Team Racing to Catch Bugs Before They Happen

What's it like to be responsible for a billion people's digital security? Just ask the company's Morse researchers.

An Attack on Albanian Government Suggests New Iranian Aggression

A Tehran-linked hack of a NATO member marks a significant escalation against the backdrop of US-Iran nuclear talks.

A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years

The exposure of cryptographically scrambled passwords isn’t a worst-case scenario—but it isn’t great, either.

The US Emergency Alert System Has Dangerous Flaws

Plus: A crypto-heist extravaganza, a peek at an NSO spyware dashboard, and more.

GitHub Moves to Guard Open Source Against Supply Chain Attacks

The popular Microsoft-owned code repository plans to roll out code signing, which will help beef up the security of open source projects.

One of 5G’s Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.

The Hacking of Starlink Terminals Has Begun

It cost a researcher only $25 worth of parts to create a tool that allows custom code to run on the satellite dishes.

Google's Android Red Team Had a Full Pixel 6 Pwn Before Launch

Before the flagship phone ever landed in users’ hands, the security team thoroughly hacked it by finding bugs and developing exploits.

Sloppy Software Patches Are a ‘Disturbing Trend’

The Zero Day Initiative has found a concerning uptick in security updates that fail to fix vulnerabilities.

The US Offers a $10M Bounty for Intel on Conti Ransomware Gang

The State Department organization has called for people to share details about five key members of the hacking group.

Zoom’s Auto-Update Feature Came With Hidden Risks on Mac

The popular video meeting app makes it easy to keep the software up to date—but it also introduced vulnerabilities.

A Single Flaw Broke Every Layer of Security in MacOS

An injection flaw allowed a researcher to access all files on a Mac. Apple issued a fix, but some machines may still be vulnerable.

Flaw in the VA Medical Records Platform May Put Patients at Risk

The Veterans Affairs’ VistA software has a vulnerability that could let an attacker “masquerade as a doctor,” a security researcher warns.

A New Tractor Jailbreak Rides the Right-to-Repair Wave

A hacker has formulated an exploit that provides root access to two popular models of the company’s farm equipment.