‘Pig-butchering’ and ‘zombie computers’!? 🐷 First the Sahara flooded, now the ‘FBI has taken down an army of zombie computers’ and financial targets are being ‘fattened up’ by criminals in ‘pig butchering scams’. siphoning millions off victims. Welcome to 2024, where being cyber smart matters. 

Cyber attacks ‘surged’ 75% in the recent quarter July to September compared to the same quarter in 2023, and they’ve hiked 15% from the previous quarter, April to June. The most targeted sectors globally have been education and research (up 119%), government and military (up 75%), and healthcare (up 81%). 

While slightly down on the previous year, ransomware attacks (encryption attacks where criminals demand a payment to decrypt) continue. Data revealed that 57% of reported incidents occurred in North America, 24% in Europe, with the Asia Pacific region (APAC) having experienced 13% of all attacks.

‘The data serves as a stark reminder of the ever-evolving cyber threat landscape. As cybercriminals continue to refine their tactics, staying ahead of the curve is not just advisable—it’s imperative.’ — Check Point Research

The US election has officials on high alert. 🗳️ While early voting has started for some states in the US presidential election, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have warned that ransomware attacks ‘will not impact the security and resilience of vote casting or counting’. This is despite ‘malware, deepfakes and misinformation threatening supply chains, financial stability – and democracy’.

Get your cyber smarts on

Passwords are not one and done. 🙅‍♂️ While a set and forget investing strategy may help you streamline your investing, the same tactic is not recommended for your passwords. The haveibeenpwned website shows dates and data breaches where your email address may have been compromised. And if your email address has landed in criminal hands, even if you followed recommended guidelines to create your long and strong 18-character password, once stolen, it can be cracked instantly by criminal hackers, according to Hive Systems.

What 2024 cyber safety looks like

Cyber skills shortage. ⚙️ According to the Centre for Cybersecurity, ‘The world is facing a big cyber skills gap, with a global shortage of nearly 4 million cyber professionals’, adding that, ‘at the same time, almost 90% of organisations experienced a breach in the last year, which they can partially attribute to a lack of cybersecurity skills’. 

And Check Point data shows that even industries previously the most skilled in cyber smarts are still reporting increased breaches — like the finance industry, which reported cyber attacks up 40% in Q3 compared to one year ago. But what you do to beef up your personal security could make a difference.

How to get cyber smart

Passwords alone are not enough. 🛡️ The World Economic Forum last week shared how global leaders have increased cyber resilience, but your small steps could make a huge difference to your own cyber safety. Two common ways to break into your passwords include:

• Brute force cyber hacks — are where criminals use a program — and now AI — to test all possible combinations of passwords (letters, numbers, and symbols), or encryption keys — such as the 2022 LastPass data breach — until the correct one is found (meaning there are fewer incorrect attempts to unlock your passwords)
• Dictionary attacks — are where hackers use common words or number sequences in a systematic way to efficiently guess your passwords — like password123

And apps like PassGAN AI can crack your passwords in seconds, and can break 51% of common passwords in 1 minute (although Ars Technica security editor Dan Goodin called PassGAN ‘mostly hype’). This means passwords alone can be exposed to brute force attacks.

Are your passwords in the green? 🐸

You might be long gone but your passwords will rock on! 🎸 According to Hive Systems, 11 billion years is the minimum recommended length of time you should allow for a brute force attack to hack your password.

Are emojis in passwords safe?

Making hackers sweat. 🥵 We still need passwords before we layer on two-factor authentication. ChatGPT can generate a jazzy passwords that include lesser-used Unicode emojis, like: *}5,%d[Ot✈️{6&5⛓️R☔☠️ (which would take 43 billion trillion years to crack).

‘With over 3,600 emojis to choose from, the inclusion of emojis drastically increases the number of possible combinations that a hacker has to work through if they want to crack your password through brute force.’ — Arne Arnold, PC World

But there are pros and cons to using emojis in passwords:

• Emojis are not universally supported in every system or platform across every device. So while Dropbox, Slack, and OpenAI accept emojis, Google and Gmail, and Microsoft and Outlook don’t 
• While you may be able to create an account using a password containing emojis, it’s possible that when you log into that new account, it may not actually accept your emoji password
• Because not all emojis are supported on every device, website or platform, your emoji password may not always work, which means you could get locked out

Create proactive password hygiene

Get long, strong and unique. 💪 According to password manager 1Password, ‘the average person has over 100 passwords’. So Cyber Smart Week might be your opportunity to polish up password practices:

• Make passwords long and strong - ideally 18 random characters containing upper and lowercase letters, numbers and multi-device symbols
• Don’t replace letters with digits and symbols, like ‘E’ for  ‘3’, or a ‘5” to ‘$’
• Create a new password for every separate account and device
• Don’t end a password with number ‘1’; any other character increases password strength a hundredfold according to PasswordMonster 
• Don’t save your password to your browser
• Set up two factor authentication (2FA) during a sign-up process. If you don’t have 2FA on your accounts, set it up. This is where you’re asked to enter a unique code generated by an authenticator app or sent to you via SMS
• Store your passwords on a password manager not on your phone’s notes or on a spreadsheet
• Consider replacing password for passphrases where possible

Cert NZ’s Own Your Online also recommends that this Cyber Smart Week 2024 to activate auto updates on all apps, which protect against vulnerabilities, set social media settings to private, and to always think before you click on a link or attachment in texts, emails or social media. And when you can, report scammers at cert.govt.nz/report.

Cyber stocks in 2024

The crowd strikes back. 🔒 CrowdStrike (CRWD) stock hasn’t yet recovered from their infamous mid-year global IT outage. The incident on 19 July 2024 affected Windows users, with an estimated 8.5 million systems served the blue screen of death (BSOD). It coincided with New Zealand’s Friday evening, which meant no KFC or ‘Friday night beersies’ for some, while others faced flight cancellations and ‘bloody chaos down at the supermarket’. 🛒

What appeared to be a global cyber threat was actually caused by a ‘content configuration update’. Despite an estimated financial hit of ‘tens of billions of dollars’ and alleged class action lawsuits by shareholders, CrowdStrike stocks have trended upwards in 2024. 

‘Because companies have IT outages frequently enough, what matters more is how the company actually remediates, and helps its customers recover from the incident itself. The sense is that CrowdStrike has done a decent job in some of those remediating steps with its customers.’ - Ahmed Khan, Morningstar

Since last year’s Cyber Smart Week, most cybersecurity stocks have lifted, and across 5 years, most of the sector is up:

• CACI International (CACI) helps ‘customers prepare, defend, and sustain their enterprise and mission against cyber threats’. They have a market cap of US$11.869 billion, with their stock up 63.09% year-to-date (YTD), and up 64.87% year-over-year (YOY) 
• CrowdStrike (CRWD) uses AI-native cloud-based cybersecurity to prevent cyber breaches. They have a market cap of US$75.879 billion with their stock climbing 25.38% YTD, and 72.79% YOY
• Fortinet (FTNT) provides ‘AI-driven security operations to deliver cybersecurity’. They hold a market cap of US$62.761 billion. They’ve seen YTD growth of 42.00%, and are up 46.13% YOY
• Palantir Technologies (PLTR) builds ‘software to assist in counterterrorism investigations and operations’. Their market cap is US$95.625 billion, and their stock has surged 157.54% YTD, and is up 163.15% YOY
• Palo Alto Networks (PANW) is a global cybersecurity provider (which has Sir John Key as a director). They have a market cap of US$123.21 billion, and have YTD growth of 30.97%, with their stock up 405.33% YOY
• Qualys (QLYS) offers cloud-based cybersecurity solutions. They hold a market cap of US$4.57 billion with their stock falling -35.30% YTD, but up 56.31% YOY
• SentinelOne (S) is an AI-powered cybersecurity provider, which has a market cap of US$8.451 billion. Their stock has lifted 2.98% YTD, but has tumbled -40.26% YOY.

Your cyber safety and all that it protects matters. A little time spent today to lock down your accounts could save you a world of pain tomorrow. 🔒

‍

Like this? 👍 Then you might like: Space Race: 10,000 satellites orbiting Earth just the start

Never miss a Hatch article. Follow the feed on Google News! 📰