Search This Blog

Showing posts with label Security. Show all posts

NordVPN Identifies the Most Risky Websites for Users' Privacy and Security

When you browse the web on a regular basis, it can be quite dangerous, but it becomes even more dangerous when you access certain types of sites. It should come as no surprise that porn, streaming, and video hosting websites top the list of services posing the greatest risk to users' privacy and security. 

Malware attacks, invasive ads, and heavy web tracking were among the threats. That is the exclusive data gathered by NordVPN, one of the best VPN services available. In December 2022 alone, the VPN provider was able to block over 344 million web trackers, 341 million intrusive ads, and 506,000 malware infections thanks to its Threat Protection tool.

"The online world is challenging people in every single move they make," said NordVPN cybersecurity advisor Adrianus Warmenhoven.

"Want to read an article? Dozens of ads and pop-ups are ready to immediately cover your screen. Another privacy threat – malware – is lurking for you on websites and in files you are about to download. Websites you browse are also full of third-party trackers that analyze your browsing history to find out what you do online. It depends on you to stop it."

NordVPN researchers wanted to know how these cyber threats were getting to users. They did this by analysing aggregated data collected by their Threat Protection system. While this did not include any personally identifiable information about users, it did assist them in depicting the scenario that everyone faces on a daily basis online.

Malware is perhaps the most concerning of these threats. This is due to the ease with which such malicious software can infiltrate a device and damage or compromise tonnes of users' sensitive data. Adult content sites contain the most malware, including viruses, ransomware, spyware, and other threats. During the coverage period, over 60,000 domains were blocked. Cloud storage and entertainment platforms are next in line, with approximately 70,000 infected platforms discovered between the two categories.

Intrusive ads are any pop-ups or other ad pages that appear without being requested. These not only annoy people's online experiences, but they are also excellent at gathering information about users without their knowledge. As expected, free streaming platforms are the most involved, with more than 55 minion domains affected. Adult content and shopping websites appear to be close behind.

These findings highlight the importance of using a reliable ad-blocker every time you browse the web, especially when visiting certain types of websites.

"Ad blockers are essential for both security - because they block ads that can infect people’s devices - and privacy because annoying ads rely on collecting data from web activity and violating people’s privacy," explains Warmenhoven. "Also, if a website is loading slower than usual, you can blame intrusive ads. Free apps filled with unwanted ads could also drain your device’s battery faster.” 

Web trackers are another major cyber threat because they compromise users' online anonymity. Video hosting services were the sites with the most web trackers. The NordVPN Threat protection tool blocked over two billion domains. Tracking was also high in cloud storage, web email, and information technology sites. As per Nord, Hong Kong and Singapore have the most web trackers in the world, with an average of 45 and 33 trackers per website. Other countries with high tracking rates include the United States, Australia, the United Kingdom, Spain, and France.

NordVPN Threat Protection is a system that safeguards users from the aforementioned online threats. It accomplishes this by scanning all files you download and blocking all sites containing malware and dangerous ads before you open them.

Threat Protection is available on all NordVPN apps. This means that there is no additional cost to enjoy a safer online experience. All you have to do is follow these simple steps:
  • Launch the latest NordVPN app on your preferred device.
  • Click the shield icon on the left side of your screen.
  • Activate the Threat Protection toggle.

The Cybercrime Ecosystem Knits a Profitable Underground Gig Economy


Over a 30-month period, cybercriminal groups and threat groups advertised for workers with expertise in software development, IT infrastructure maintenance, and designing fraudulent websites and email campaigns. In accordance with a new report from cybersecurity firm Kaspersky, demand for technically skilled individuals continues, but it spiked during the coronavirus pandemic, with double the average job advertisements coming during March 2020, the first month of the pandemic. 

The analysis gathered messages from 155 Dark Web forums between January 2020 and June 2022, focusing on those that mentioned employment — either by cybercriminal groups or individuals looking for work. The majority of job postings (83%) were from threat groups looking for highly skilled workers, such as developers (61%), attack specialists (16%), and fraudulent website designers (10%).

As per Polina Bochkareva, a security services analyst at Kaspersky, enhancing defenses has compelled attackers to optimize their tools and techniques, driving the need for more technical experts.

"Business related to illegal activities is growing on underground markets, and technologies are developing along with it," she says. "All this leads to the fact that attacks are also developing, which requires more skilled workers."

The data on underground jobs reveals a spike in activity in cybercriminal services as well as the professionalization of the cybercrime ecosystem. According to a December report, ransomware groups have become much more efficient as they have turned specific aspects of operations into services, such as offering ransomware-as-a-service (RaaS), running bug bounties, and forming sales teams.

Furthermore, initial access brokers have productized the opportunistic compromise of enterprise networks and systems, frequently selling that access to third parties. According to the Kaspersky report, such a segment of labor necessitates the use of technically skilled individuals to develop and support complex features.

"The ads we analyzed also suggest that a substantial number of people are willing to engage in illicit or semilegal activities despite the accompanying risks," the report stated. "In particular, many turn to the shadow market for extra income in a crisis."

Pandemic caused spike 

A similar crisis sparked a surge in activity on Dark Web forums in early 2020. The pandemic, with its sudden layoffs and work-from-home mandates, fueled significant activity in the cybercrime underground, with 2020 seeing the highest number of employment-related posts. Overall, 41% of advertisements and job-seeking inquiries were posted on the Dark Web during the year, which is about average. However, March 2020 was the first month of worldwide lockdowns and saw approximately 6% of all postings, roughly double the average rate.

"Some ... living in the region suffered from the reduction of income, took a mandatory furlough, or lost their jobs altogether, which subsequently resulted in rising unemployment levels," Kaspersky stated in the report. "Some job seekers lost all hope to find steady, legitimate employment and began to search on Dark Web forums, spawning a surge of resumes there. As a result, we observed the highest ad numbers, both from prospective employers and job seekers."

Personal crises emerged to drive some technically inclined workers to seek employment with cybercriminal organizations. A common refrain in job advertisements is that applicants should not be addicted to drugs or alcohol.

"Teamwork skills, stable connection, no alcohol or drug addictions," read one job posting's translated requirements in the Kaspersky report.

"Dirty Work"

In many cases, the terms of the Dark Web jobs were similar to those of legitimate jobs, such as full-time employment, paid time off, and regular pay increases, with salaries ranging from $1,300 to $4,000 per month. However, the majority did not have an employment contract, and only 10% included a promise to pay salaries on time. The underground employment opportunities were dubbed "dirty jobs" in the report.

"Many are drawn by expectations of easy money and large financial gain," the report stated. "Most times, this is only an illusion. Salaries offered on the Dark Web are seldom significantly higher than those you can earn legally."

Reverse engineers had the highest potential median salary of $4,000 per month, with attack specialists and developers coming in second and third with promises of $2,500 and $2,000, respectively. However, the majority of offers (61%) were geared toward developers. According to Kaspersky's Bochkareva, these workers are the key to the cybercriminal underground.

"The most sought-after professionals were developers and attack specialists, particularly for coding malicious programs, phishing websites, and planning and implementing attacks," she says.

Where Do the Most Ransomware Attacks Take Place in the United States?


Ransomware can be as disruptive to your day as a flood, earthquake, fire, or another natural disaster. It has the potential to devastate businesses, close hospitals, and close schools. And if you're unlucky enough to be affected, it can completely devastate your finances. 

However, as with natural apocalyptic events, there are patterns in misfortune, and it is possible to draw patterns and identify high-risk areas. You can avoid disaster entirely with some forethought. 

What is Ransomware? 

Criminals are after your money, and draining your bank account is problematic. By encrypting vital files on compromised computers, criminals persuade victims to hand over their money voluntarily. Companies that are unable to perform business and are losing money every day, they are not functioning and will frequently pay criminals to decrypt their machines and enable them to continue trading. Criminals typically gain access to devices through either lax security processes or social engineering attacks.

Engaging in any criminal enterprise is a risky business, and cybercriminals prefer to target targets that will net them the most money while exposing them to the least amount of risk. It makes more sense to hit fewer large targets rather than many small ones. And it's understandable that they'd rather target businesses that are more likely to pay than call law enforcement.

Between 2018 and January 2023, there were 2,122 ransomware attacks in the United States, as per Comparitech research. That's a lot, and even more is likely to have gone unreported. Even if this figure is taken at face value, it equates to more than one ransomware attack per day. Each ransom was worth an astounding $2.3 million on average.

Naturally, because businesses have more money than private individuals, schools, or government agencies, they are regarded as the biggest jackpot for hackers. And because they're constantly making money, every pause costs them more. The largest ransom known to have been paid during this time period was a whopping $60 million paid in 2022 by Intrado, a communications company with interests in cloud collaboration, 911 operations, enterprise communications, and digital media, among other things.

In fact, nine of the top ten ransoms were paid by corporations, including Kia Motors, Garmin, and EDP Renewables. The education sector is prominent, with Broward County Public Schools paying the second-largest ransom of $40 million in 2021. The notorious Conti group, which has been linked to hundreds of other attacks, carried out the attack.

Hospitals and other medical care facilities are prime targets for ransomware attacks because when hospital computers go down, patients don't get the care they require, and people die. Ransoms from the healthcare sector tend to be lower, with an average payout of around $700,000, possibly because the criminals have some conscience about people dying as a direct result of their actions.

Government facilities are also frequently targeted, with state and regional facilities particularly vulnerable. Local government agencies have limited IT security resources and frequently use outdated software due to their stricter budgets, making them easier targets. However, this also means that they pay significantly less than businesses with a median revenue of half a million dollars.

Where do most attacks take place?

Ransomware attacks occur wherever criminals believe they can make a quick buck, and attacks are concentrated in areas with a high concentration of wealth and businesses with a high turnover.

In the United States, this includes the east coast, which includes Washington, DC, Maryland, Delaware, and New York; the north-west coast, which includes California and Seattle; and major regional hubs like Chicago, Illinois. The majority of these attacks target businesses, but that doesn't mean the rest of the country is safe. Attacks on healthcare and government are far more common in poorer states. Again, this is most likely due to reduced IT budgets.

Between 2018 and January 2023, no US state was immune to ransomware attacks, though some were either less appealing or more resilient to criminals. Wyoming had the fewest reported attacks, with one ransomware incident at Carbon Power and Light and two healthcare facility attacks.

Ransomware is frightening, but just like designing flood defences or forest fires, there are steps you can take to avoid becoming a victim. Here are some of the best recommendations:
  • Take regular backups and store them securely
  • Employ a good antivirus
  • Train your staff
  • Keep your systems updated
Ransomware is terrible, but at least you know that if you pay the ransom, your system will be restored to normal working order and you can resume business as usual... right? This isn't always true. What appears to be ransomware is sometimes fake ransomware: your files have been encrypted, but the criminals who have encrypted them will never decrypt them.

Aurora Infostealer Malware Uses Shapeshifting Techniques


One of the most recent discoveries was the Aurora Stealer malware, which imitated popular applications in order to infect as many users as possible.

Cyble researchers discovered that threat actors are actively changing and customizing their phishing websites in order to target a wide range of well-known applications. Aurora is interested in data from web browsers and cryptocurrency wallets, among other things.

Aurora, the Shapeshifting Thief

Aurora has been marketed as a stealer on Telegram and darknet forums since late August 2022. Malware-as-a-service costs $250 per month or $1500 for a lifetime license.

Cyble Research and Intelligence Labs (CRIL) discovered a phishing website (hxxps[:]/messenger-download[.]top) claiming to be a website for a chat app on January 16th, 2023. The next day, the same webpage impersonated the official TeamViewer website.
According to the researchers' report, the malware file gathers system information using Windows Management Instrumentation (WMI) commands, including the operating system's name, the graphics card's name, and the processor's name.

Furthermore, the malware persists in collecting system information such as the username, Hardware Identification (HWID), RAM size, screen resolution, and IP address. Furthermore, the malware searches the installed directories for specific browser-related files saved in SQLite, such as Cookies, History, Login Data, and Web Data by scanning the directories of installed browsers on the victim's computer.

The stealer then continues to extract crypto wallet data by querying and reading files from specific directories. It also grabs information from cryptocurrency wallet browser extensions. As per researchers, over 100 extensions have been specifically targeted and hard coded into the stealer binary.

Other stealers, such as RedLine, Vidar, and RecordBreaker, have been found padding malware samples with unnecessary data in order to avoid detection, according to CSN.

You can immensely decrease your chances of becoming a victim by using multi-factor authentication and strong passwords whenever possible. Additionally, enable automatic software updates and educate employees on how to protect themselves against threats such as phishing and unsafe URLs.

This New Python RAT Malware Targets Windows in Attacks


A new Python-based malware has been discovered in the wild, with remote access trojan (RAT) capabilities that permit its operators to regulate the compromised systems. The new RAT, dubbed PY#RATION by researchers at threat analytics firm Securonix, communicates with the command and control (C2) server and exfiltrates data from the victim host via the WebSocket protocol. 

The company's technical report examines how the malware operates. The researchers note that the RAT is actively being developed, as they have seen multiple versions of it since the PY#RATION campaign began in August. MalwareHunterTeam, who tweeted about a campaign in August 2022, also discovered this malware.
The PY#RATION malware is distributed through a phishing campaign that employs password-protected ZIP file attachments with two shortcuts. Front.jpg.lnk and back.jpg.lnk are LNK files disguised as images.

When the shortcuts victim is launched, he or she sees the front and back of a driver's license. However, malicious code is also executed to contact the C2 (in later attacks, Pastebin) and download two.TXT files ('front.txt' and 'back.txt'), which are later renamed to BAT files to accommodate malware execution.

When the malware is launched, it creates the 'Cortana' and 'Cortana/Setup' directories in the user's temporary directory before downloading, unpacking, and running additional executable files from that location.

By placing a batch file ('CortanaAssist.bat') in the user's startup directory, persistence is established. Cortana, Microsoft's personal assistant solution for Windows, is used to disguise malware entries as system files.

The malware supplied to the target is a Python RAT packaged into an executable with the help of automated packers such as 'pyinstaller' and 'py2exe,' which can convert Python code into Windows executables that include all the libraries required for its implementation.

This method results in larger payload sizes, with version 1.0 (the first) being 14MB and version 1.6.0 (the most recent) being 32MB. The latest version is larger because it includes more code (+1000 lines) and a layer of fernet encryption.

As per Securonix's tests, version 1.6.0 of the payload deployed undiscovered by all but one antivirus engine on VirusTotal. While Securonix did not share the malware samples' hashes, BleepingComputer was able to find a file that appears to be from this campaign. To determine the malware's capabilities, Securonix analysts extracted the payload's contents and examined the code functions with the 'pyinstxtractor' tool.

Among the features seen in version 1.6.0 of the PY#RATION RAT are the following:
  • Perform network enumeration
  • Perform file transfers from the breached system to the C2, or vice versa
  • Perform keylogging to record the victim's keystrokes
  • Execute shell commands
  • Perform host enumeration
  • Extract passwords and cookies from web browsers
  • Steal data from the clipboard
  • Detect anti-virus tools running on the host
The malware, according to Securonix researchers, "leverages Python's built-in Socket.IO framework, which provides features to both client and server WebSocket communication." This channel is utilized for communication as well as data exfiltration.

The benefit of WebSockets is that the malware can concurrently receive and send data from and to the C2 over a single TCP connection using network ports such as 80 and 443. The threat actors utilized the same C2 address ("169[.]239.129.108") throughout their campaign, from malware version 1.0 to 1.6.0, per the analysts.

The IP address has not been blocked on the IPVoid checking system, indicating that PY#RATION has gone undetected for several months.. Details about specific campaigns employing this piece of malware, as well as their targets, distribution volume, and operators, are currently unknown.

Cyber Thieves Target Retirement Accounts

Data security has become a priority for tax returns, credit cards, and other conventional targets of cyber criminals. Online thieves have recently been targeting employer retirement plans and the accounts in the plans. 

Data security at retirement plans varies, and there are numerous ways to breach it. Cybercriminals seek to exploit each plan's weakest link. 

In one of the instances, a retiree at a large employer recently discovered that his monthly pension cheque was not deposited on time. He got in touch with the retirement administrator, who, after some investigations discovered that the specified bank account for the contribution had been altered. 

The retired person did not alter the account. Instead, the request was made by an unidentified party. An employee of planning processed the change request since it was relevant and accurate. 

Fortunately, neither the retiree nor the plan lost financially. The payments were abruptly terminated, and the retirement account was changed from a payment method to a depository. After a brief investigation, the plan administrator found that change requests had been made for several other retirees, all of which were being paid to the same bank account. 

By monitoring his accounts carefully and noting that his monthly payment was not deposited on the usual day of the month, this retiree was able to avoid becoming a victim of cybercrime. He further got in touch with the administrator right away to make sure the modification did not happen. 

Methods Used by Hackers 

There are several methods used by threat actors in order to steal from retirement plans and accounts. 

  • One of the tactics used is the conventional method of accessing an email system. Cybercriminals may as well use “phishing” emails in order to deceive an employee or retiree into exposing access information.

Phishing attacks generally include threat actors sending an email to the target key employee or retiree and posing as a legitimate corporate employee (often a high-level executive) or a third-party vendor. 

The fraudulent email asks for specific information and, in the case of several employees or retirees, may request a list of personal information. Sensitive information can be given to criminals via email if the recipient is not watchful. 

  • Another method used by cybercriminals is purchasing personal details about the retirement account owners via the dark web and utilizing the data in order to access the retirement account. 

Whatever the method be, if cyber thieves get access to the data, they can utilize it to log into the account of a retiree or employee and reroute payments or disbursements. 

How to Protect Yourself 

  • One way to secure your data is to make yourself aware of the security measures of retirement planning. In particular, how to verify the validity of each request for an account change. What does it do to verify the identity of the user? Is two-factor authentication used before an account can be accessed or changed online?
Of course, none of the data security precautions are effective if online criminals make modification requests on paper. Thus, after confirming the accuracy of the information on the paper request, the user may inquire as to whether the plan administrator takes any further actions. 
  • Setting up your own personal cyber security procedures is another strategy to safeguard oneself. According to security professionals, most of the user's personal data is available for sale on the dark web. This makes it important to keep the information as secure as possible. 

This could be made possible by following precautions such as not sharing their Social Security number and other important information unless it is necessary. 
  • Keep a check on your accounts on a regular basis. If the deposit is due on a certain day, make sure deposits have been made by checking your accounts around that time each month. The plan administrator should be contacted if the deposit is not made. 
  • Moreover, log in to your account in order to monitor any suspicious activity. You may as well look for any unauthorized changes and transactions. Lastly, make sure that your address, beneficiary, and other details have not been changed.  

Blockchain: Is it hackable?


Following high-profile blockchain hacks in the last year, many people have been left wondering: is the blockchain hackable? The short answer is that any system can be attacked. However, because blockchain is decentralized, hackers may find it more difficult to target.  

Blockchain technology and it's working:

Blockchain technology, also known as a distributed ledger, is primarily an intrinsic digital record of transactions kept across multiple computers in a network, typically the internet. Each block in the blockchain contains information such as timestamps and data, which are secured by an algorithm, making it nearly impossible to tamper with or hack the blockchain.

Furthermore, blockchain employs cryptography to prevent users from manipulating stored data without access to the blockchain's associated keys or passwords.

Is blockchain secure?

Blockchain is not immune to attack; in the past, hackers have successfully targeted blockchain systems. Some of the most successful blockchain hacks have involved exploiting flaws in blockchain implementations, such as smart contract vulnerabilities or human error in the verification process.
It is critical to be aware of blockchain technology's potential vulnerabilities, which can be exploited by hackers.

A "51% attack" (also known as a "majority attack") is one of the main potential vulnerabilities of blockchain systems that hackers could exploit. In this type of attack, a group of miners controls more than 50% of the computing power on the blockchain network, allowing them to modify transactions and double-spend.

There's also the replay attack. A hacker can resend a blockchain transaction from one blockchain to another, enabling them to exploit systems that aren't ready for this type of attack.

The Denial-of-Service (DoS) attack is another type. Hackers can overload and disrupt the functionality of blockchain networks by flooding them with requests. Finally, there is the smart contract attack. Hackers can take advantage of flaws in blockchain smart contracts to gain access to sensitive data and steal funds.

Can these exploits be mitigated?

One method is to use private blockchain networks. Before anyone can join a private blockchain network, the blockchain network administrator must grant permission. You can limit the number of users who have access to the blockchain by establishing a private blockchain, preventing malicious actors from exploiting any vulnerabilities in blockchain technology.

You should also be conscious of the risks of using exchanges, as many exchange platforms have previously been hacked. It is critical to conduct research and only use trusted exchanges with a proven track record of security.

Furthermore, verify that blockchain applications are built securely, as this helps mitigate attacks such as those targeting smart contracts. To prevent their blockchain accounts from being hacked, blockchain users should always keep their passwords secure and regularly update them.

Final thoughts

At last, blockchain technology is a safe and efficient way to store data. However, it, like all systems, has potential vulnerabilities that hackers could exploit. The likelihood that a hacker will effectively breach a blockchain's security and steal information or funds stored on the network is determined by a number of factors, including the blockchain's security protocols and protections, user vigilance and education, blockchain application implementation, and general market conditions.

Bogus DHL Emails Enable Attackers to Hack Microsoft 365 Accounts


As per experts, a new phishing campaign has been discovered that impersonates logistics giant DHL in order to steal Microsoft 365 credentials from victims in the education industry. Cybersecurity researchers from Armorblox recently found a significant phishing campaign, with more than 10,000 emails sent to inboxes connected to a "private education institution". 

The email is designed to appear to be from DHL, with the company branding and tone of voice one would expect from the shipping giant. The recipient is informed in the email titled "DHL Shipping Document/Invoice Receipt" that a customer sent a parcel to the incorrect address and that the correct delivery address must be provided.

False login prompt
The email apparently includes an attachment, labeled "Shipping Document Invoice Receipt," which, when opened, appears to be a blurred-out preview of a Microsoft Excel file.

A Microsoft login page appears over the blurred-out document, attempting to deceive people into believing they must log into their Microsoft 365 accounts in order to view the file's contents. If the victims provide the login credentials, they will be sent directly to the attackers.

Armorblox explained, “The email attack used language as the main attack vector in order to bypass both Microsoft Office 365 and EOP email security controls. These native email security layers are able to block mass spam and phishing campaigns and known malware and bad URLs. However, this targeted email attack bypassed Microsoft email security because it did not include any bad URLs or links and included an HTML file that included a malicious phishing form.”

Businesses can safeguard themselves against phishing attacks by training their employees to recognize red flags in their inboxes, such as the sender's email address, typos and spelling errors, a feeling of urgency (legitimate emails almost never require the user to respond urgently), and unexpected links/attachments.

According to the researchers, the attackers used a valid domain to avoid Microsoft's email(opens in new tab) authentication checks.

What Are Rainbow Table Attacks and How to Safeguard Against Them?


We all use password protection, which is an effective access control method. It is likely to continue to be a crucial component of cybersecurity for years to come. On the contrary hand, cybercriminals use a variety of techniques to break passwords and gain access without authorization. This includes attacks using rainbow tables. How dangerous are rainbow table attacks, though, and what are they? What can you do, more importantly, to defend yourself from them?

Passwords are never stored in plain text on any platform or application that takes security seriously. In other words, if your password is "password123" (which it should not be for obvious reasons), it won't be stored as such and will instead be stored as a string of letters and numbers.

Password hashing is the process of transforming plain text into an apparently random string of characters. And algorithms, which are automated programs that make use of mathematical formulas to randomize and obfuscate plain text, are used to hash passwords. The most popular hashing formulas include MD5, SHA, Whirlpool, BCrypt, and PBKDF2.

The result of running the password "password123" through the MD5 algorithm is 482c811da5d5b4bc6d497ffa98491e38. The hashed version of "password123" is represented by this string of characters, which is how your password would be stored online.

Therefore, let's assume that you are logging into your email account. You enter the password after entering your username or email address. When you enter plain text into the email service, it automatically converts it to its hashed value and compares it to the hashed value it initially stored when you set up your password. You are authenticated and given access to your account if the values match.
Then, what would happen in a typical rainbow table attack? 

The threat actor would need to acquire password hashes first. They would either conduct a cyberattack or figure out a way to get around a company's security measures to accomplish this. Or they might spend money on a dark web dump of stolen hashes.

Rainbow Table Attacks and How They Work

The hashes would then be converted to plain text. Obviously, in a rainbow table attack, the attacker would use a rainbow table to accomplish this. Philippe Oechslin, an IT expert, invented rainbow tables based on the research of cryptologist and mathematician Martin Hellman. Rainbow tables, named after the colors that represent different functions within a table, reduce the time required to convert a hash to plain text, permitting the cybercriminal to carry out the attack more effectively.

In a typical brute force attack, the threat actor would have to decode each hashed password separately, calculate thousands of word combinations, and then compare them. This trial-and-error method still works and will probably always work, but it is time-consuming. An attacker would only need to run an obtained password hash through a database of hashes, then repeatedly split and reduce it until the plain text is revealed in a rainbow table attack.

This is how rainbow table attacks work in a nutshell. After cracking a password, a threat actor has a plethora of options for what to do next. They can target their victim in a variety of ways, gaining unauthorized access to a wide range of sensitive data, including information related to online baking and other similar activities.

How to Prevent Rainbow Table Attacks

Rainbow table attacks are less common than they once were, but they continue to pose a significant threat to organizations of all sizes, as well as individuals.  Here are five things you can do to prevent a rainbow table attack.

1. Set Up Complex Passwords
2. Use Multi-Factor Authentication
3. Diversify Your Passwords
4. Avoid Weak Hashing Algorithms

Password security is critical in preventing unauthorized access and various types of cyberattacks. However, it entails more than just coming up with a memorable phrase.

To improve your overall cybersecurity, you must first understand how password protection works before taking steps to safeguard your accounts. This may be overwhelming for some, but using dependable authentication methods and a password manager can make a significant difference.

What's 6G & its Way Forward?


Mobile connectivity has come a long way since 1979 when NTT initiated the first generation of cellular networks in Tokyo. 2G and 3G quickly followed 1G. These were voice and text communication networks. The more recent 4G and 5G networks enabled advanced content and massive data consumption. 

By 2023, after more than four decades, mobile operators, telcos, and providers will be back at the design table, shaping the next generation of mobile networks: 6G. The term 6G refers to the sixth generation of mobile networks. Why do networks change? Technology advancements and the amount of data that must be transferred from data centers to devices have increased exponentially. Furthermore, networks improve in more ways than one. They reduce latency or delay as well as energy consumption during data transmissions while improving reliability, security, and performance.

5G networks will be widely available worldwide by 2023. The virtualization of network hardware, which is now operating in the cloud with Open RAN standards, is making deployment easier. However, 5G is expected to become obsolete soon as the digital and physical worlds integrate with virtual and augmented reality. Furthermore, the Internet of Things and Industrial IoT are gaining traction to support the fourth industrial revolution.

These new technologies, as well as the volume of data that must be instantly communicated between devices, necessitate a faster, more reliable, and more robust generation of mobile networks — enter 6G.

6G is still in its early stages of development and, like all mobile networks, will rely on radio transmissions. 6G is also anticipated to improve connectivity in rural and remote areas, thereby affecting populations affected by the digital divide. Because of its high capacity and low cost, the technology has the potential to connect the space and satellite sectors.

To outperform 5G in terms of capacity, latency, and connectivity, 6G will need to use new high-frequency bands, such as sub-terahertz bands above 100 GHz. These radio waves are more sensitive to obstacles, posing technological challenges that must still be addressed.

Antennas, nodes, edge centers, gateways, and Open RAN virtual machines running in the cloud are used to connect devices in engineering network areas. Because radio waves require a direct line of sight for transmission, several factors must be considered, including urban blockage, refraction, diffraction, scattering, absorption, and reflection of radio waves.

To overcome these challenges, the industry intends to build multipath environments in which sensible high-frequency waves can travel without losing strength, consuming too much power, or experiencing latency. AI computing applications will be critical in calculating the shortest and most optimal paths for 6G radio waves.

The Advantages of 6G

1. 6G provides improved connectivity: The most obvious and direct benefit of 6G is that it will boost connectivity by providing instantaneous communications for any device, including smartphones, computers, wearables, robotics, and IoT. 6G will connect industrial IoT devices and drive the fourth industrial revolution with a core structure of automation and intelligence in the industrial sector, which is undergoing digital acceleration by deploying smart factories, production, and distribution systems.

Improved connectivity will benefit every industry. Healthcare, remote and robotic surgery, and telehealth, for example, are expected to be transformed by 6G. Similarly, sectors such as finance, retail, manufacturing, and others that are undergoing significant digitalization and modernization will utilize 6G to continue disruptive transformations.

2. 6G will propel technological advancement: 6G mobile networks are a game changer in terms of innovation. Supercomputers, quantum computing, machine learning, AI, global cloud data centers, the metaverse, and new devices will be able to operate only with 6G connectivity.

3. 6G is low energy and efficient: Low energy consumption and energy efficiency are critical advantages of 6G. Organizations and businesses are aiming for net-zero emission targets and reducing energy consumption for economic and environmental reasons. The 6G energy economy has become appealing to all industries. Low-energy connections are also required to extend the battery life of IoT and mobile devices.

4. 6G has low latency: With its extremely low latency, 6G will benefit society. Latency is the amount of time it takes for a digital system to transfer data. The greater the amount of data, the greater the effort required by the network; thus, the threat of latency uptick. However, thanks to 6G innovation, connectivity should be immediate.
Disadvantages of 6G 

1. 6G is still in the early stages of development: 6G technology is currently in the development phase, which is its most significant disadvantage. While Nokia, NTT, and other companies have plans to test small 6G networks, these are only pilot projects. 6G is expected to be available globally by 2030. 

2. The initial investment costs for 6G are high: Another obstacle is demonstrating the value of 6G as a low-cost connectivity technology. In the long run, 6G may lower end-user costs compared to 5G, but the initial investment required globally to get there is massive. Other technical challenges include optimizing terahertz-sensitive frequency paths, stabilizing visible light communication technology, and optimizing the AI, ML, and advanced computing resources required to run these futuristic networks.

3. 6G necessitates a rethinking of traditional cybersecurity: The security of 6G networks is a top priority. With network redesign, cybersecurity and privacy features must be reimagined, strengthened, and adapted. Traditional cybersecurity methods will become obsolete, and developers will need to innovate in areas such as authentication, encryption, access control, communication, and malicious activity.

6G is on the rising trend

The 6G race is well underway, with leading global operators already entering testing phases. Without a doubt, 6G is a foregone conclusion. 6G, on the other hand, is not a one-man show. A diverse range of companies, organizations and developers must collaborate to create the next generation of connectivity.

Major Experian Security Vulnerability Exploited, Attackers Access Customer Credit Reports


As per experts, the website of consumer credit reporting giant Experian comprised a major privacy vulnerability that allowed hackers to obtain customer credit reports with just a little identity data and a small change to the address displayed in the URL bar. 

Jenya Kushnir, a cybersecurity researcher, discovered the vulnerability on Telegram after monitoring hackers selling stolen reports and collaborated with KrebsOnSecurity to investigate it further. The concept was straightforward: if you had the victim's name, address, birthday, and Social Security number (all of which could be obtained from a previous incident), you could go to one of the websites offering free credit reports and submit the information to request one.

The website would then redirect you to the Experian website, where you would be asked to provide more personally identifiable information, such as questions about previous addresses of living and such.
And this is where the flaw can be exploited. 

There is no need to answer any of those questions; simply change the address displayed in the URL bar from "/acr/oow/" to "/acr/report," and you will be presented with the report. While testing the concept, Krebs discovered that changing the address first redirects to "/acr/OcwError," but changing it again worked: "Experian's website then displayed my entire credit file," according to the report.

The good news (if it can be called that) is that Experian's reports are riddled with errors. In the case of Krebs, it contained a number of phone numbers, only one of which was previously owned by the author.

Experian has remained silent on the matter, but the issue appears to have been resolved in the meantime. It's unknownfor how long the flaw was active on the site or how many fraudulent reports were generated during that time.

The PoweRAT Malware Attacks PyPI Users


The software supply chain security company Phylum has discovered a malicious assault using the PoweRAT backdoor and an information thief that targets users of the Python Package Index (PyPI). The campaign was initially discovered on December 22, 2022, when PyroLogin, a malicious Python programme made to retrieve code from a remote server and silently execute it, was discovered.

The EasyTimeStamp, Discorder, Discord-dev,, and PythonStyles packages all had code that was comparable to PyroLogin, and they were all released to PyPI between December 28 and December 31.

The infection chain starts with a file, which means that the malware is automatically deployed if the malicious packages are installed using Pip. The infection chain involves the execution of numerous scripts and the exploitation of legitimate operating system features.

The execution process was examined by Phylum, who found attempts to avoid static analysis and the usage of obfuscation. While the malicious code is being performed in the background, a message indicating that "dependencies" are being installed is displayed in order to avoid raising the suspicion of the victims.

The infection chain also involves the setup of numerous potentially harmful programs, the placement of malicious code into the Windows starting folder for persistence, and libraries that let the attackers manipulate, monitor, and record mouse and keyboard input.

Once the virus is installed on the victim's computer, it gives the attackers access to sensitive data such as browser cookies and passwords, digital currency wallets, Discord tokens, and Telegram data. A ZIP archive containing the collected data is exfiltrated.

Additionally, the malware tries to download and install Cloudflare. This Cloudflare command-line tunnel client enables attackers to access a Flask app on the victim's machine without changing the firewall, on the victim's computer.

Using the Flask app as a command-and-control (C&C) client, the attackers can run shell commands, download and execute remote files, and even execute arbitrary Python code in addition to extracting information like usernames, IP addresses, and machine specifics.

The malware, which combines the capabilities of an information thief and a remote access trojan (RAT), also has a feature that sends an ongoing stream of screenshots of the victim's screen to the attackers, enabling them to cause mouse clicks and button presses. Phylum named the malware PoweRAT instead of Xrat "because of its early reliance on PowerShell in the attack chain."

Phylum concludes, "This thing is like a RAT on steroids. It has all the basic RAT capabilities built into a nice web GUI with a rudimentary remote desktop capability and a stealer to boot! Even if the attacker fails to establish persistence or fails to get the remote desktop utility working, the stealer portion will still ship off whatever it found.” 

Why 2023 Could be the Worst Year Ever for Businesses due to Malware?


2022 was a challenging year for cyberspace businesses. Companies faced ransomware, the continued effects of the SolarWinds and Log4j exploits, and rising cyber insurance premiums. Unfortunately, the consequences of malware have gotten worse year after year. 

The costs of cyberattacks have risen dramatically, and many analysts predict that they will continue to rise. Despite the efforts of businesses and governments to combat malware, it does not appear that the online world has reached a tipping point in the battle. Let's look at six reasons why 2023 could be the worst year for malware yet.

1. The cost of ransomware continues to increase

Ransomware attacks are a constant threat to businesses worldwide. In recent years, the number and scale of ransomware attacks have increased dramatically. According to IBM, the average ransomware attack will cost businesses $4.54 million in 2022—and that figure does not include the cost of the ransom itself.

While many businesses have strengthened their cybersecurity teams to better prevent ransomware attacks, there are still many vulnerable targets for hackers to target. Schools, local governments, and hospitals have all proven to be easy targets for ransomware groups. Worse, cybercriminals have discovered that by threatening to release organizations' data if they do not pay, they can command higher ransoms. According to Cybersecurity Ventures, cybercrime alone could cost the world $10.5 trillion by 2025.  There's little reason to believe that the frequency of ransomware attacks will level off or decline by 2023.

2. Malware attacks could be motivated by geopolitical hostility

While individual hackers and cybercriminal gangs are responsible for the majority of malware attacks, nation-state attacks also pose significant threats to businesses. Russia, China, and North Korea all use sophisticated hacking teams to further their geopolitical objectives. As tensions between China, Russia, and the West rise, many analysts predict that state-sponsored attacks on critical infrastructure will become more common.

Russia, for example, could use cyberattacks against Western businesses to discourage them from doing business with Ukraine or to punish countries that support Ukraine's war efforts.

3. Artificial intelligence may make phishing more effective than ever before

Some of the most significant data breaches in 2021 were caused by phishing attacks. Uber was hacked after an employee failed to respond to repeated two-factor authentication requests. After a SIM-swap attack, Microsoft saw the source code for its Bing search engine and Cortana virtual assistant published.

AI advancements may make phishing attacks even more difficult to detect. Hackers, for example, may be able to write malicious emails using text-generation tools such as OpenAI's ChatGPT. They can also use AI to impersonate people's friends, family, and coworkers to get them to reveal their passwords or other sensitive information.

4. The number of devices available for use is increasing

Year after year, the world becomes more digitally connected, opening up new opportunities for hackers. Every new internet-connected device poses a risk.

Malicious actors will have more attack surfaces as IoT devices proliferate. Frequently, relatively simple devices such as baby monitors, WiFi-enabled kitchen appliances, and internet-connected smart home devices are not subjected to stringent cybersecurity standards. These devices can unintentionally provide backdoors into a company's network. Furthermore, businesses are increasingly connecting employees through virtual reality and metaverse-like digital spaces. 

5. The recession may force cybersecurity cost-cutting measures

While governments around the world work hard to avoid a global economic recession in 2023, many businesses are bracing for the worst. That means reducing spending on all fronts, including cybersecurity.

Already, companies such as Microsoft are reporting lower sales of cybersecurity software. It's also possible that, as a result of the broader slowdown in tech hiring, companies will postpone adding more cybersecurity professionals to their IT teams. Reduced cybersecurity spending may make businesses more vulnerable to malware and put them behind in the race against new hacking techniques.


In 2023, the cybersecurity environment appears to be more difficult than ever. Ransomware costs are continuing to rise, geopolitical tensions are increasing the likelihood of major attacks, and technological advances are exposing businesses to more threats than ever before.

To protect themselves against malware in 2023, businesses will need a strong cybersecurity software suite, as well as education, monitoring, and redundancy.

The 5 Most Common Types of Trojans You Should Know About


Cybercriminals create more complicated and diverse methods of obtaining sensitive data as we become more dependent on technology and entrust it with more of our personal information. There are many different types of harmful malware, including Trojan Horses. But there are various varieties of this malware. Trojan Horses come in a variety of forms and are created for various purposes. 

What are the most typical Trojan types that you should be on the lookout for? Let's quickly review what Trojan Horses are before we look at the various types of them.

The Odyssey, a work of Homer's from classical Greece, is where the phrase "Trojan Horse" first emerged. The city of Troy receives a large wooden horse as a gift, but the recipients have no idea that soldiers are concealed inside the animal. The soldiers can invade when the horse enters the city.

Similar to the original, a Trojan Horse program conceals itself in otherwise defenseless software. For instance, you might believe that an app is safe to download and install, but the developer may have added a Trojan to the program. Once the program has infected your device, it can be used for a variety of illegal activities, including remote control, data theft, and activity monitoring.

Different Trojan Types:

It's crucial to be aware of the various Trojan Horse types so you can better protect yourself.

1. Downloader trojans

The operation of downloader Trojans requires an internet connection. When a device is infected by the Trojan, it does not do anything until an internet connection is made, at which point it can download more malicious software to aid the hacker in their attack. On the infected device, this type of Trojan can also start up malicious software. They serve as a kind of opening salvo in the assault, giving the hacker a firm grip on the target.

2. Rootkit Trojan

Software tools called rootkits are utilized for remote administrative access. Frequently, unauthorized remote access serves as a launchpad for a cyberattack. The attacker can exploit the infected device by performing a variety of different tasks with administrative access provided by a rootkit Trojan. A cybercriminal might, for instance, run another malicious programme, steal confidential login information, or listen in on personal communications.

3. Fake Antivirus Trojans

False antivirus Trojans, as their name implies, pose as antivirus software. In this way, the victim will believe the programme is keeping them safe when the reality is completely the opposite. Even though the programme may try to trick you by imitating antivirus functions, its true objective is exploitation. By intimidating the user into purchasing additional security measures, such software defrauds them of their money.

4. Banking Trojans

Banking data is the main focus of banking Trojans. In the world of cybercrime, bank credentials are a highly sought-after type of data because they can give attackers direct access to a victim's money. This type of information is frequently traded on the dark web, where criminal enterprises will pay hackers to gain access to their stolen information. Banking Trojans frequently target the websites of financial institutions.

5. Game-Thief Trojans

An attacker can obtain the victim's banking credentials when a banking Trojan is downloaded onto the victim's device. Banking Trojans can assist the attacker get past two-factor authentication barriers in addition to login credentials, which is a security measure that many people use to protect their online bank accounts.

Game-thief Trojans, also known as "gaming Trojans," are used to hack into gaming accounts and steal personal data. There are currently millions of online gaming accounts, giving cybercriminals a market for data theft. When the Trojan gains access to important data, it will then send that information to the attacker. For instance, a user's Steam account might be targeted in order to gain access to payment data or steal virtual goods.

Trojan horses are so adaptable that they put internet users at risk in various ways, making it challenging to avoid them. But you can more effectively avoid Trojan Horses and protect yourself and your data by being aware of the risks and using extra caution when using your devices.

This New Encryption Can Make Gmail Safer


There's a new way to keep your Gmail safe from prying eyes, and experts say it's well worth using. Google announced the addition of end-to-end encryption (E2EE) to Gmail on the web, which will allow enrolled Google Workspace users to send and receive encrypted emails within and outside their domain. 

In an email interview with Lifeire, end-to-end encryption is critical for any communications service because it restricts message content to the sender and receiver(s), according to Jeff Wilbur, senior director of online trust at the nonprofit Internet Society.

"This means that the message content can be seen by bad actors or rogue employees and is subject to access by law enforcement under warrant," Wilbur added. "With end-to-end encrypted email, only the sender and recipient(s) have the key to unscramble the data, so it is safe from prying eyes of any kind."

Users of Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar already have access to client-side encryption, or what Google refers to as E2EE. The email header won't be encrypted if you enable the new encryption. Still, Google claims that data delivered as part of the email's body and attachments cannot be decrypted by Google servers.

"With Google Workspace Client-side encryption (CSE), content encryption is handled in the client's browser before any data is transmitted or stored in Drive's cloud-based storage," Google wrote on its support website. "That way, Google servers can't access your encryption keys and decrypt your data. After you set up CSE, you can choose which users can create client-side encrypted content and share it internally or externally."

The sender's and the receiver's devices—also referred to as device-to-device encryption—are these two ends in a true end-to-end encrypted messaging service, according to Anurag Lal, CEO of the cybersecurity firm NetSfere, in an email interview with Lifewire. He stated that this type of encryption is perfectly safe because it ensures that only the intended recipient can access the messages. Once messages are encrypted on the sender's device, they cannot be decrypted until they reach the receiver's device.

"While traversing the internet, a message may take several hops from server to server before reaching its final destination," he added. "True E2EE ensures that the message cannot be decrypted on any of these hops, thereby providing complete protection. It should be noted that in E2EE, the ends can refer to any two endpoints. Therefore it's essential to know what these endpoints are to understand if your messages are truly protected."

Private Data

Other email services that don't use Gmail provide end-to-end encryption. People can utilize PGP encryption to encrypt their own emails, but there are also email providers that focus on email encryption, like ProtonMail, according to Robert Andersen, CEO of data security firm Grape ID, in an email to Lifewire.

"Sadly, implementing PGP encryption typically requires significantly more effort than most people are willing to put forth (watch online training videos)," he added. "ProtonMail is a good solution for those who don't mind changing email providers and paying a subscription."

According to Kory Fong, vice president of engineering at Private AI, end-to-end encryption is "essential" for emails to maintain confidentiality. The only way to guarantee that only the sender and the recipient can view all the information in that email is to use this method.

"So even the email provider that controls the servers can't see what's in the messages," he added. "Generally, email services like Gmail will encrypt your email in transit, but Google itself can still access the content and even give access to third parties, but won't without explicit consent."

Fong said that ProtonMail is the most well-known provider that offers end-to-end email encryption, even in its free tier. "The company uses asymmetric, zero-access encryption, meaning even ProtonMail itself can't read what's in your emails," he added.

Another option for users who value their privacy above all else is to distribute a public key to others while automatically encrypting their mail with a private key. This is simple to use thanks to programs like GPG Suite and other GPG plugins, according to Fong. Whichever option you select, E2EE for email is crucial because, according to Andersen, email serves as the entry point to your entire online identity and data.

"Email provides centralized access to all of your online accounts, and your 26,000+ tracked digital profile attributes could easily get in the wrong hands leading to hundreds of types of fraud and scams," he added.

Here is Another Powerful Case Against Using Pirated Software

Downloading unlicensed software can save you a few dollars, but you risk losing much more because researchers have found a cryptocurrency-targeting info stealer hiding within the cracks. "RisePro" is a brand-new piece of information-stealing malware that was discovered by two different cybersecurity companies, Flashpoint and Sekoia.

RisePro is disseminated via websites that also house cracked software, loaders, and other illegal content, and it infects endpoints using the pay-per-install (PPI) malware distribution tool PrivateLoader. 

Researchers found that RisePro and PrivateLoader are very similar, leading them to believe that the malware distribution platform now has its own info stealer. Furthermore, they determined that it makes use of the similar system of embedded DLL dependencies, suggesting that Vidar served as its likely foundation.

Google Chrome, Firefox (and 30 other browsers), Authenticator, MetaMask, and Coinbase are just a few of the many browsers, browser extensions, and cryptocurrency wallets that RisePro searches through for data (and 26 other browser extensions). Furthermore, it can scan filesystem directories for valuable data, such as those containing credit card information, and steal information from Discord,, and Authy Desktop.

Flashpoint claims that in Russian dark web markets, criminals have already begun to sell RisePro logs containing sensitive, personally identifiable information. By communicating with their Telegram bot, threat actors who are interested in purchasing the logs or the tool itself can do so over the messaging app.

PrivateLoader is a pay-per-install malware distribution business, according to the researchers, that frequently masquerades as a software crack or keygen. RedLine Stealer or Raccoon, two extremely well-liked infostealers in the cybercrime community, were the only ones that PrivateLoader provided up to this point.

The best defense against such risks is to avoid downloading unauthorized stuff in the first place and to only obtain software from reliable, trustworthy sources. A powerful antivirus program is also suggested.

As Cyber Risk Increases, Insurers Must Provide a Better Market to Businesses in Need of Protection


This year has once again shown the domino effect that follows a crisis and the impact it has on businesses, from increasing rates to Russia's invasion of Ukraine. As we enter a new year, there are numerous lessons to be learned. If we consider the conflict in Ukraine, the geopolitical situation led to sanctions against Russian-based companies, sharp increases in operational and energy costs, interruptions in supply chains, significant financial losses for companies around the world, and greater vulnerability to cyberattacks. 

Businesses currently operate in a period of increased vulnerability to cyberattacks, with rising anxiety around cyberwarfare and information security systems. This is particularly true in industries that support crucial UK infrastructures such as aviation, transport, IT and telecoms and finance.

According to a City A.M survey of businesses, 79% of respondents across all industries had been the victim of a cyberattack this year, with 50% of those attacks resulting in a loss of data or money. These attacks have the potential to completely destroy businesses, resulting in data breaches, serious disruptions to regular business operations, lost revenue, and enormous financial expenses to investigate and restore systems. 

The biggest shift in 2022 has been that absolutely no one is protected because hackers are increasingly targeting industries that were once considered classic "targets," such as finance. The pandemic's impact on the retention of work-from-home habits is one factor contributing to this rise. 

In addition to making security more difficult to manage across more devices, locations, and communications platforms, remote working increased vulnerability and exposure to cyberattacks at the same time when hacker activity was sharply on the rise.

Since businesses are aware of this, cyber insurance is a crucial line of defense, despite its shortcomings. According to the poll, 77% of businesses believe their insurance protects them, at least in part, against the risk of cyberattacks. This is a significant improvement over the results of our previous survey from 2018, which indicated that only 30% of large enterprises have cyber-specific insurance.

However, there are concerns over the value and cost of this insurance. The price of cyber insurance has skyrocketed while the level of security offered has frequently been significantly diminished at a time when corporations are more vulnerable to cyberattacks and can least afford downtime.

Many policies now have more extensive exclusions, more limited definitions of coverage, and less incident response help available. Some forms of insurance, such as those covering ransomware or the expenses of their own IT interruption, may be outright inaccessible to the most susceptible firms. This poses severe concerns about the business insurance model since it makes protection considerably more difficult to obtain just when it is most required.

The environment is challenging for organizations attempting to defend themselves against cyber assaults. Researchers are observing rates rising and coverage declining, signs of a "hard market" in the insurance sector that has now lasted the longest on record and been prolonged by the current state of economic uncertainty. Following a high increase of 102% year over year in the first quarter, UK cyber insurance pricing climbed by 66% in the third quarter of 2022, according to Marsh's insurance pricing index. With an average premium cost that is already four times what it was in 2018, it is increasing much more quickly in the UK than in any other market.

Businesses are then forced to choose between investing in IT security and purchasing insurance coverage in case that security fails, which forces them to make difficult financial decisions. Insurance has a critical role to play in protecting organizations from unforeseen or unprotectable disasters and in promoting best practices in proactive security and incident response. This shouldn't be an either/or choice.

The insurance industry's response has been characterized by price increases ahead of projected losses, rather than taking action to assist businesses around the UK confronting an ever-increasing cyber threat. Instead, insurance companies should have a deeper comprehension of their clients' risk and offer assistance as a last choice.

With 2023 just around the corner and the possibility of cyberattacks becoming more and more common, businesses may find themselves in a difficult situation as they rush to find the best defense. Since cyber risk is not going away anytime soon, insurers need to prevent a situation where prohibitively expensive and inadequate coverage helps push enterprises even closer to the precipice.

Attacks on the US Powe Grid Reach a Record High


In 2022, there were increased assaults on the American power grid, and regional electric utility firms are preparing their security systems for any potential dangers. Politico reported that until August 2022, there had been 101 physical and digital attacks on the infrastructure that distributes power countrywide, the most since 2012. 97 incidents were reported in 2021, which was the full year. 

A recent gunshot on two substations in North Carolina, which left 45,000 people without electricity, and a violent attack on four substations in Washington, which left 14,000 people without power on Christmas Day, are not included in this year's data. According to Ben Dunsmoor, director of communications for Northern Electric, electric utility providers are paying attention to these attacks.

“It’s not just weather anymore. There’s also that threat of those cyber attacks and physical attacks, and we do know that there are those attacks happening across the country and across the world. We are monitoring those and we do have different things in place to try and prevent some of those here in South Dakota,” said Dunsmoor.

According to Dunsmoor, Northern Electric has backup procedures and monitoring systems in place in case of physical assaults.

”A lot of our systems are monitored on a regular basis to ensure that if there’s anything done, we can catch whoever would do that, but also to catch that immediately so that there are limited power interruptions. We also have a lot of redundancy on the grid so that if there is an interruption or some damage is caused, that we can reroute power and get power back up as quickly as possible,” said Dunsmoor.

In addition to keeping an eye on systems for physical assaults, Northern Electric provides its staff with in-depth training to fend off cyberattacks.

Dunsmoor added, ”We do a lot of training, a lot of regular training throughout the year with our employees to make sure that they’re our human firewall to prevent some of these attacks here at home.”

NorthWestern Energy also invests in extensive security. The following statement was given to Dakota News Now by NorthWestern Energy Public Relations Specialist Jo Dee Black:

“The safety of our customers and our employees is our priority, which includes our investments in physical and cyber security. We work with our peer energy providers to continuously monitor and prepare for threats to the grid and other infrastructure.”

Dunsmoor stated the attacks on power have significant consequences.

“The consequences of a cyber attack are huge. Not only could it impact something as far as the power grid or power supply, but also, we’ve got a lot of member data with our billing and those type of things. We take it very seriously and try to protect the cooperative and our members the best way we can,” said Dunsmoor.