Guess how gaming giant, Activision, got hacked?
Keep reading to get the answer.
In this week's Cyber Weekly:
Thanks to all 12,836 subscribers. It really takes a community to fight against cyberattacks. By sharing and commenting on these newsletters, we can reach more people and help others from becoming a statistic. Share your comments below or simply like the post. Also, follow me on LinkedIn for daily cyber security discussions >> Luigi Tiano.
There is a rise in sophisticated recruitment scams. Apparently, hackers are choosing companies who have real job openings. They create a lookalike website with the job postings.
The hackers send the job postings via LinkedIn InMail, inviting job seekers to apply. This is where they collect valuable information from the jobseeker. The hacker then gets them on a Skype call to conduct the interview.
They use the image of the real recruiter to conduct the interview. Inevitably, everyone passes the interview. The hacker has now collected more information. This is when the hacker asks the jobseeker to invest in their at-home equipment or third-party training with promises to be reimbursed upon hiring.
LinkedIn already has a feature to stop fake accounts from even being created. They are currently creating a cautionary prompt in InMail warning users when a message seems suspicious. (financialtimes)
My thoughts: Let’s review the signs to look out for. First, verify any website you’re about to enter your information in. Second, if someone is sending you an InMail message, they should have a full profile with pictures, content, description, work history and even a header. Recruiters are advanced on LinkedIn. Finally, the Skype call. If they don’t show their face, it’s a bad sign.
Activision, gaming giant behind Call of Duty, was hacked on Dec 4, 2022. It was a simple SMS phishing attack that managed to phish a “privileged user.” Apparently the IT team dealt with the matter quietly and didn’t inform other employees. They claimed that no sensitive data was stolen.
However, security researchers looked into the hack and found a different outcome. Using the access of the privileged use, the hackers attempted to get other employee credentials via Slack. They also accessed sensitive work place documents. A Call of Duty content schedule was also leaked. (gizmodo)
My thoughts: They probably hid the attack because a high-profile employee is the one that let the hackers in. It was probably this person’s decision to keep it a secret. There are 3 reasons it’s a bad idea to hid a cyber attack from your employees.
1) The employees aren’t aware they are under attack. Therefore, they can’t be cautious. 2) Especially for large organizations, chances are the media will find out and they’ll paint you as the bad guy for keeping it a secret. 3) You lose trust with your employees. I wouldn’t be surprised if some people quit after this incident.
Not too long ago, we announced that the Hive ransomware group got hacked by the FBI. Apparently, they worked with Toronto-are police force as well as police forces from France, Germany, Norway and Lithuania. Now, the Hive website has a decryption key for victims and the logos of all the parties involved.
In Cyber Weekly, we reported on at least a dozen attacks that were executed by this ransomware group. They extorted around $150 million since 2021. By hacking their website, they saved people approximately $130 million of ransom. (ctvnews)
My thoughts: Finally, a win for the good guys! There are no specificities about how they were able to accomplish this other than some form of ethical hacking. I hope we keep seeing these stories more often.
American TV giant and satellite broadcast provider, Dish Network, went offline last week. For at least 24 hours their app, websites, emails and customer call centers were unreachable. Their TV channels were inaccessible, their employees couldn’t sign in and customers couldn’t pay their bills. At the time of writing this article, Dish.com is still down.
My thoughts: This hack got me thinking about what would need to stop working for a large portion of people to care. Hospitals get hit. Infrastructure gets hit. Charities get hit. But no one really speaks out about them. What industry needs to get hacked for people to care? Hackers will steer clear of those industries. They don’t want that much attention.
I started Assurance IT with my childhood friend Ernesto Pellegrino in 2011. Our mission is to help 100,000 companies become cyber resilient through our services and free content. We focus on helping mid-sized organizations with data protection and data privacy. Our primary services include: endpoint management, cloud backup, DRaaS, and Microsoft 365 backup.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.