By Arthur Moses Opio
Dear staff and students,
As we close the year. 2021 has been wild in terms of cybersecurity and many researchers say it has been the worst year. Ransomware has been on the increase, compromising of critical infrastructure, major data breaches and major players like the Health sector, education and Financial sectors have been greatly affected.
Statistics
According to MENLO Security, "60% of people still believe they are secure from cyber threats if they are using a computing device". According to TESSIAN, "96% of phishing attacks arrive by email. Another 3% are carried out through malicious websites and just 1% via phone".
All attack vectors are being used but email still remains the
most preferred option.
Some think that attacks only happen on laptops, but we need to know
that smartphones are as susceptible to viruses as computers.
Latest Cyber Attacks
- Recently, the twitter account of the Indian Prime Minister was hacked and his account was used to post a Bitcoin Scam. We are aware that there has been a very high take up of social media use by Mak staff and ensuring your account is secure is key. Implement Two factor authentication and limit password sharing for those whose accounts are managed by other people. (see pic above)
- 1.6 million WordPress sites were hit by 13.7 million attacks (TechRadar)
- Over 500,000 Android Users Downloaded a New Joker Malware App from Play Store (HackerNews)
- Bank of fails to block 2,782 fraudulent transactions raised by cybercrime cell. (Ahmedabad Mirror) (see pic below). etc.
Watch Out for applications downloaded via Google play store. Some of us give our smartphones to children to download and play games, some of the games aren't safe as well.
Festive Season Warnings
The FBI issued a warning to all organizations about critical infrastructure being a target by cyber criminals during the holiday
season. According to a Dark Reading staff, they said, "Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways big and small to disrupt critical networks and systems belonging to organizations, businesses and critical infrastructure"
There was a WhatsApp message of an illegitimate link from Mukwano Group telling people about Mukwano Group User Feedback activities with a caption,
"Get 100% event gifts, limited to 5000 copies'' - instead of the link routing someone to mukwano.com, it has cloudmargin.top,
We tested this link and found out it was loaded with malicious software, if you don't have an antivirus, it is easily installed. Our warning to staff was that such links shouldn't be clicked and don't be deceived by the subject lines/headings. (see attachments for more details)
When you get such links, don't rush to spread them on other groups. Always inquire if they are legitimate, someone can send you a link of GOOGLE that looks like this goog1e.com instead of google.com.
We would like to thank most staff and students that have been vigilant and taken up cyber security seriously and reported anything suspicious to us. Getting to know such incidents has helped us secure our core network and build cyber security awareness tips.
Basic things like ensuring you don't share your password, logging out of your email accounts and other applications like social media apps. Ensuring your computing devices are up to date continue to be important security measures.
There is no better firewall to build other than the human firewall. Research continues to show that 90% of breaches are due to human
error.
What to do
- Do not share your credentials
- Setup two-factor authentication for your accounts
- Always ensure your computing device is up to date.
- Have your endpoint securing up and running.
- Always stop, think before you click a link
- Report anything suspicious to DICTS.
Merry Christmas and a happy new year.
Be safe Online #BeCyberSmart