Page 188 - Cyber Defense eMagazine September 2023
P. 188
the urgent need for beefed-up personal security, strong password practices, and the savvy use of
password managers at home and work.
Trust forms the cornerstone of any social platform. It's what lures people into sharing (often confidential)
information. Yet, this very trust can also be a gateway for cybercriminals to gather invaluable data that
are then used in orchestrating attacks against organizations or to conduct wider attacks using credential-
stuffing tactics. Each month, social media platforms bear witness to the hacking of an astounding 1.4
billion accounts [Gitnux].
Bad actors also exploit personal accounts that are admins' of business accounts. By assuming a brand's
identity, they can target a company’s employees and customers to pilfer their credentials. Social media
is implicated in approximately 81% of all hacking-related data breaches. The greater a business or
communities’ presence and engagement on social media, the higher the likelihood that cybercriminals
will set their sights on their users. Apart from directly targeting businesses and communities,
cybercriminals are also known to exploit social media to engage with potential victims for phishing
purposes – an obvious call for MFA and strong personal password protocols.
Points for Pilfering
Even loyalty points aren't safe. In a concerning trend for the industries that rely on these rewards, like
gaming, aviation, and eCommerce, stolen loyalty points are available for purchase on the dark web. With
prices determined by the number of points desired, the digital theft of these assets can also extend to
cryptocurrency. Price seems to depend on the number of points desired – 50,000 gaming loyalty points
could cost as little as 16 USD, while 200,000 frequent flyer miles might be as low as 70 USD.
One Akamai report found that there were over 100 million “credential stuffing” attacks between July 2018
and June 2020 in which bad actors gained access to one account and used that same password to
infiltrate another. 63% targeted the travel, hospitality, and retail loyalty programs. With the global loyalty
market expected to reach a value of $11.4 billion by 2025, it’s easy to see the incentive for thieves.
Sneaky Spyware
The past decade has seen countless scandals around hacked phones and privacy breaches. The dark
web is a marketplace for these services, too, with prices starting at 240 USD to plant spyware on a
person's phone, with costs varying based on the target and desired level of access.
How big is the spyware issue? TechCrunch recently reported on an Iranian-developed app called Spyhide
that is already believed to be on tens of thousands of Android phones around the world. According to the
report, “Spyhide’s database contained detailed records of about 60,000 compromised Android devices,
dating back to 2016 up to the date of exfiltration in mid-July. These records included call logs, text
messages and precise location history dating back years, as well as information about each file, such as
when a photo or video was taken and uploaded, and when calls were recorded and for how long.”
Cyber Defense eMagazine – September 2023 Edition 188
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.