What does the Twitter hack have to do with you?
You may have heard about the Twitter hack that resulted in fake tweets from Jeff Bezos, Barack Obama, Elon Musk, and a handful of other wealthy or famous celebrities. It was thought the hack was an inside job, and in a sense, it was. The three young perpetrators were arrested last week, and we now know quite a bit more about the incident.
It turns out the vector, or how the attack was triggered, was through a sophisticated, yet common, phishing scheme. Once the unwitting employee(s) took the bait, the software was pushed onto the staff's computers that allowed the hackers to browse the Twitter corporate networks and ultimately make their way to these high profile accounts.
The irony is this same type of attack is being used everywhere, every day, and with great success. Foreign attempts to steal our vaccination research data - led by phishing attacks. Countless attacks targeting our healthcare sector - overwhelmingly through phishing attacks.
While most computer users know the basic types of attacks, criminals are getting increasingly creative. Rather than shot-gun, random email blasts, specific companies, and specific employees are being targeted. Research is conducted to identify personal vulnerabilities and then the targeted attack is launched. These attacks may also include phone calls, or calls spoofing someone you may know.
Staying ahead of these attacks still falls on you, the users. The best advice? Stop using email. Since that's not practical for just about any of us, the next step back is to never open an attachment or click on a link in an email, even if it's from someone you know. In other words, trust NOTHING you receive in your inbox. If you receive a link or an attachment from someone you know, call them to verify it - and don't call the number they may have included in their email signature. That's right, they're spoofing that too.
The Twitter hack is one of the countless attacks that have been hitting all industries, state, federal, and local governments. The uptick of attacks since COVID19 can't be overstated. Defeating the attacks is up to each of us.
The next time you are about to click on a link or open an attachment from a trusted source, pause for a moment and remember you can't trust it.
If you need cyber awareness training or need to test or fortify your defenses, we can help.
If you have any questions or if you are concerned about your organization's cybersecurity, give us a call at (800) 970-0402. We'll be happy to help.
For more HIPAA information, download our ebook - The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.