This Week In Cybersecurity
This week on Between the Hacks, week 4 of Cybersecurity Awareness Month, Trump on cybersecurity, a Chrome zero-day, 63 billion credential stuffing attacks, and a malware museum.
Happy Cybersecurity Awareness Month!
Between The Hacks provided more Cybersecurity Awareness Month tips both in this blog and on social media. If you missed any of it, here is a quick recap.
Trump on Cybersecurity
We don’t often hear from President Trump on the topic of cybersecurity. This week was the exception. At a rally in Arizona on Monday, Trump stated, “Nobody gets hacked. To get hacked, you need somebody with 197 IQ and he needs about 15 percent of your password.” This initiated a lot of heated responses in the infosec world.
Later in the week, a Dutch hacker claimed to have guessed Trump’s Twitter password. The White House and Twitter have stated that there is no evidence of this compromise.
You can read more in the following Between The Hacks article, Trump’s Twitter Account Hacked…Again?
Earlier this week Google released an update for their Chrome browser that patches five security vulnerabilities, including one that is already being exploited by attackers, according to Google’s Project Zero.
Chrome uses an automatic update process that can push patches to Chrome without any action from you, the user. However some updates cannot be applied until Chrome is restarted. Rather than automatically restarting your browser when you’re not expecting it, Google has a subtle alerting system to let you know when you need to restart Chrome.
To see if your Chrome browser has an update that needs to be loaded, look at the upper right corner of your browser. If you see a circle with an arrow pointing upward, then you have an update that is ready to load once you restart Chrome. If the circle is green, the update is 2 days old or less, if the circle is orange, the update was released about 4 days ago, if the circle is red, the update is at least a week old. You can follow full instructions on Google’s website.
63 billion credential stuffing attacks Shown In Akamai report
Akamai recently published their 2020 State of the Internet report that details cyber-attacks targeting the retail, travel, and hospitality industries. According to the report, “Between July 2018 and June 2020, Akamai observed more than 100 billion credential stuffing attacks, and more than 63 billion of them targeted retail, travel, and hospitality.”
In a credential stuffing attack, the attacker obtains the username and password of a victim and tries the same username and password on other websites. Between The Hacks and other cybersecurity sources, frequently warn of the dangers of reusing passwords; this report shows us how prevalent credential stuffing attacks occur. You can learn more about credential stuffing and how to protect yourself against this type of attack by reading Between The Hacks’ article on credential stuffing.
Tip of the Week
Internet Archive Malware Museum
This one is a little nerdy but I think most people will enjoy it.
“The Malware Museum is a collection of malware programs, usually viruses, that were distributed in the 1980s and 1990s on home computers. Once they infected a system, they would sometimes show animation or that you had been infected” according to the Malware Museum website.
The malware is run in an emulation environment and is viewable in your browser. Mikko and the Internet Archive have removed all the destructive properties of the malware so that you can safely experience what the malware looked like when run on a computer. This is a fun website, especially if you remember when some of these viruses were active in the wild!