the  urgent  need  for  beefed-up  personal  security,  strong  password  practices,  and  the  savvy  use  of
            password managers at home and work.

            Trust forms the cornerstone of any social platform. It's what lures people into sharing (often confidential)
            information. Yet, this very trust can also be a gateway for cybercriminals to gather invaluable data that
            are then used in orchestrating attacks against organizations or to conduct wider attacks using credential-
            stuffing tactics. Each month, social media platforms bear witness to the hacking of an astounding 1.4
            billion accounts [Gitnux].

            Bad actors also exploit personal accounts that are admins' of business accounts. By assuming a brand's
            identity, they can target a company’s employees and customers to pilfer their credentials. Social media
            is  implicated  in  approximately  81%  of  all  hacking-related  data  breaches.  The  greater  a  business  or
            communities’ presence and engagement on social media, the higher the likelihood that cybercriminals
            will  set  their  sights  on  their  users.  Apart  from  directly  targeting  businesses  and  communities,
            cybercriminals  are  also  known  to  exploit  social  media  to  engage  with  potential  victims  for  phishing
            purposes – an obvious call for MFA and strong personal password protocols.



            Points for Pilfering

            Even loyalty points aren't safe. In a concerning trend for the industries that rely on these rewards, like
            gaming, aviation, and eCommerce, stolen loyalty points are available for purchase on the dark web. With
            prices determined by the number of points desired, the digital theft of these assets can also extend to
            cryptocurrency. Price seems to depend on the number of points desired – 50,000 gaming loyalty points
            could cost as little as 16 USD, while 200,000 frequent flyer miles might be as low as 70 USD.

            One Akamai report found that there were over 100 million “credential stuffing” attacks between July 2018
            and June 2020 in which bad actors gained access to one account and used that same password to
            infiltrate another. 63% targeted the travel, hospitality, and retail loyalty programs. With the global loyalty
            market expected to reach a value of $11.4 billion by 2025, it’s easy to see the incentive for thieves.



            Sneaky Spyware

            The past decade has seen countless scandals around hacked phones and privacy breaches. The dark
            web is a marketplace for these services, too, with prices starting at 240 USD to plant spyware on a
            person's phone, with costs varying based on the target and desired level of access.

            How big is the spyware issue? TechCrunch recently reported on an Iranian-developed app called Spyhide
            that is already believed to be on tens of thousands of Android phones around the world. According to the
            report, “Spyhide’s database contained detailed records of about 60,000 compromised Android devices,
            dating back  to 2016  up  to  the  date  of  exfiltration  in  mid-July. These  records  included  call  logs,  text
            messages and precise location history dating back years, as well as information about each file, such as
            when  a  photo  or  video was  taken  and uploaded,  and when  calls  were  recorded  and  for  how  long.”







            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          188
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.