NLB Blog

The email systems of several government agencies including the U.S. Departments of Treasury and Commerce were breached and monitored by foreign actors most likely connected to the Russian government, the Trump administration acknowledged December 13, 2020. “Highly sophisticated” threat actors were apparently able to compromise authentication protocols used by Microsoft’s Office suite of applications, including Word, Outlook, and Excel, according to the Washington Post

The holiday season is one of the busiest times of the year for scammers and hackers. Shoppers and philanthropists are both easier targets during the busy holiday season. The Covid-19 pandemic has meant increased virtual visits with loved ones, and of course remote work. The number of people willing to use their personal devices for holiday shopping has also increased as a result of the pandemic.

The threat landscape of cybersecurity changes daily, with hackers and cybersecurity professionals in a perpetual cat-and-mouse chase; hackers discover new ways to infiltrate and exploit their targets, and the cybersecurity industry looks for vulnerabilities, tries to anticipate new threats and responds when cyber security issues arise.

Pre-Covid online shopping was already expected to continue its increase in 2020, but with more customers avoiding the typical Black Friday crowds, this holiday season is set to break online sales records. A recent survey, commissioned by Cyberscout and conducted online by The Harris Poll among over 2,000 U.S. adults, found that 84 percent of consumers plan to shop online for the holidays this year, with 23 percent of them reporting that they are likely to shop through a social media platform.

The 2020 holiday season is coinciding with a major spike in Covid-19 cases and fatalities and many families are opting to avoid travel and potentially exposing elderly and / or vulnerable relatives. Hosting gatherings on video conferencing platforms such as Zoom or Google Meet may help to keep families physically safer, but it can introduce a number of cybersecurity and privacy-related threats.

As Covid-19 rise across the country, public health officials are starting to ramp up contact tracing efforts.  Among other issues, tracking the spread of the disease has been stymied by widespread confusion and misinformation about what kind of data is being collected, and by whom. 

While there are myriad online threats to businesses, organizations and governments, ransomware is by many metrics the worst right now. Other kinds of attack can have personal fallout, but for destructive impact on its targets ransomware is dominant, and for that reason one of the most lucrative for the attackers that deploy it. 

While there are myriad online threats to businesses, organizations and governments, ransomware is by many metrics the worst right now. Other kinds of attack can have personal fallout, but for destructive impact on its targets ransomware is dominant, and for that reason one of the most lucrative for the attackers that deploy it.

Business email compromise (BEC), also known as “CEO fraud,” “W2 fraud,” or email account compromise (EAC) is a more targeted and damaging form of phishing, where the primary attack vector is to either hijack or “spoof” the email account of an executive or other position of power within a company or organization. The end goal is typically to convince an employee of the company to wire money.

Social engineering is a comparatively low-tech method of cyber attack where a hacker or scammer will use deception to coerce or otherwise manipulate their target into providing information that can be used in a data-related crime. While there is some overlap between phishing and social engineering, one of the main elements specific to social engineering is that it targets human behavior through personal interaction, rather than more technologically-oriented methods like spoofed phishing pages.