EXECUTIVE SUMMARY
February has brought some interesting developments in the world of cyber security. The first topic shows Google’s view on two-factor authentication. Also highlighted is a scam that targets people trying to find a job. Finally, an NFL team has been a victim of a ransomware attack.
TWO-FACTOR AUTHENTICATION FOR GOOGLE USERS
Google has made a push to enroll as many accounts as possible in two-factor authentication (2FA), with more than 150 million users now having 2FA enabled. As a result of this push, Google has already noticed a 50% decrease in accounts being compromised when 2FA is enabled. 2FA is becoming a standard for account security, and it is recommended to be enabled on any type of account that allows it. A joint study conducted by Google, New York University, and University of California San Diego found that when 2FA is enabled on an account, it can stop up to 100% percent of attacks from automated bots, 99% of bulk phishing attacks, and about 66% of targeted attacks. Microsoft’s Director of Identity Security, Alex Weinert, claims that a user’s account is 99.9% less likely to be compromised if 2FA is enabled.
RISE IN FAKE JOB POSTINGS
The Federal Bureau of Investigation (FBI) has warned the public of an increase in fake job postings used to steal money and personal information. Malicious actors are abusing the lack of strong verification standards on job recruitment websites to post fraudulent job offerings. These job offerings use legitimate information to imitate official businesses, which threatens the reputation of the actual businesses and leads to more victims being scammed. On average, losses of almost $3,000 per victim have been reported due to job scams like this, dating back to early 2019, which is when these scams started to appear. The FBI has recommended that job seekers should verify job postings by directly reaching out to the company through their official website or HR department. Also, sensitive personal and financial information should never be provided unless the employer’s identity can be verified.
RANSOMWARE ATTACK ON SAN FRANCISCO 49ERS
The NFL’s San Francisco 49ers team has been hit with a ransomware attack from the BlackByte ransomware group. This is the first time that an NFL team has been a victim of a ransomware attack. BlackByte has been operational since July of 2021, and targets corporate victims all over the world. This group has been known to exploit vulnerabilities to gain access to corporate networks. Once they have access, they spread malware that encrypts and steals data. The data can only be recovered with a decryption tool that is provided if the victim pays a ransom with cryptocurrency. BlackByte threatens to leak the stolen data to the public if the ransom is not paid. It is currently not known how much data was stolen from the 49ers, but in previous attacks, BlackByte has stolen gigabytes worth of sensitive data. Attacks like this one emphasize the need for proper cybersecurity. The Cybersecurity and Infrastructure Security Agency (CISA) has released a ransomware guide which details the best practices for ransomware prevention and response.