Nobelium Strikes Again, This Time Through a Sophisticated Email Phishing Attack Targeting Governments and NGOs
We may earn a small commission when you click or purchase an item using a link on this website.
A hacking group operating in Russia, identified as ‘Nobelium,’ has been named as a prime suspect in the extreme SolarWinds attack that took place last year, and is now being accused of carrying out a major breach again. The victims of the current phishing attacks include governments and non-governmental facilities, as well as those who conduct research with intentions of proposing solutions to issues. Approximately 3,000 email accounts stemming out of 24 countries have been targeted by the phishing attack, with an emphasis placed on U.S. based emails.
Microsoft appears to be the primary informer highlighting details of this situation, and they claim that the affected organizations include those involved with international development, humanitarian issues, and human rights. Nobelium allegedly gained access to the email accounts by initially illicitly entering a marketing email belonging to the United States Agency for International Development (USAID). As of Friday, the Department of Homeland Security (DHS) and USAID publicly stated they know about the attack and have opened investigations. The Cybersecurity and Infrastructure Security Agency (CISA) is mutually engaging in investigative efforts alongside the FBI, though they have not yet determined whether there are any major debilitating effects against the federal government.
Despite Russia’s spy chief asserting their Foreign Intelligence Service is not responsible for either the SolarWinds attack nor the current phishing breach, the United States and Britain are collectively blaming them for the acts. Surfacing claims by experts imply this phishing attack is another attempt by Russia to disinform people purposely to disrupt U.S. electoral matters. It is noted that this vast attack came only weeks after the U.S. Colonial Pipeline attack dramatically severed the greatest fuel network within the country.
Microsoft has assured their customers there is a safeguard in place that blocks the malware these attackers have relied on to expand the success of their phishing mission. Microsoft also expressed they have been reaching out to potential targets to notify them of the incident and to relay that no exploitation or vulnerabilities are believed to have affected their products.
Disable Your Smart TV’s Ability to Watch You
Smart TVs allow you to watch your favorite shows, stream content, and download your favorite apps. What you may not realize though, is that a smart tv’s constant connection to the internet makes it just as vulnerable to hacks as a computer or phone. Hackers might see or hear you.
To avoid becoming the victim of an intrusive smart tv hack, refer to the protection tips listed below:
- Cover the Camera – Find out where the camera on your tv is located and block it thoroughly with tape or another thick object. If you are having trouble locating the camera, go to a video app to see yourself and cover different areas until you are no longer visible.
- Check Settings – Secure yourself and your family by turning off microphone and camera permissions in your settings. There are specific privacy settings on numerous smart TVs that allow you to manage things such as data usage and ad generation.
- Be Aware – Know what the security and privacy policies are for your smart tv. Be sure you understand the data that the smart tv manufacturer or app designers are allowed to collect. A task as simple as reading a manual can provide insight regarding what type of unexpected personal information might be shared.
- Accept Updates – If your smart tv gives you the option to receive software updates, you should sign up for them to keep security features up to date.
- Change Password – Change generic passwords to a strong, personalized one that cannot be easily guessed or determined.
If the risk of your smart tv being hacked is not alarming enough, keep in mind that other devices connected to the same router may be targeted too. Reduce the threat of encountering a cyberattack on your smart tv by taking action now.
Recovery Guidelines For a Hacked PSN Account
You just received notice that your credit card has been charged for purchases made on your PlayStation account, only you never ordered anything. You know that you need to act fast but are unsure what to do. Guidelines are described below to help you recover your PlayStation Network (PSN) account after it has been compromised.
- Change Your Password: The first thing you always want to do after your account has been accessed by someone else without authorization is change your password. If you used your PSN password to protect other accounts they should be updated also.
- Use Two Step Verification: Adding a secondary verification feature will mean that you are required to enter a code in addition to your password when logging in. Even if a hacker has your password, he/she will not be able to get into your account once this is activated.
- Contact Sony: Contact Sony support quickly to alert them your account has been broken into by someone who you did not give permission to.
- Disable Cards: Reach out to your financial institutions to have all of your linked credit and debit cards disabled. Blocking access to your accounts will prevent hackers from illegally taking your money.
- Kick Hackers Out: Take advantage of Sony’s security option to kick out a hacker during the recovery process. See the below steps to do this:
- Once logged in, click ‘account settings’
- On the left side of the screen, click ‘security’
- At the bottom, click ‘sign out of all devices’
- Click ‘ok’ to confirm this step
While it seems unlikely that a hack into your gaming system account would lead to much loss, hackers are able to steal your personal information such as address and bank account numbers. It is imperative you take action right away to minimize a hacker’s success.
Securing Your VPN Server
Virtual Private Networks (VPNs) offer a great sense of security for individuals who need to connect to a system remotely. By using a VPN, a person can access an encrypted internet gateway without using his/her own private connection.
VPNs are known to be a secure method for entering databases from any desired location in alternative to traveling to the actual location where a computer is, like an office setting. Despite the positives though, VPN users still face security threats such as a personal device being accessed by a cybercriminal somehow.
To combat the risks associated with VPN use, refer to the below tips:
- Enforce Policies. Most data systems operating in a defined location have policies in place so that users can protect information. Transferring these policies to remote VPN users will remind them to take caution when using their devices. Developing and enforcing penalties for users who fail to abide by the policies will lead to increased compliance.
- Implement Strong Authentication. Authentication methods will vary for VPNs depending on its purpose, but using the strongest one available is the safest.
- Add Encryption. Adding encryption to your VPN will strengthen its defense against cybercrimes.
- Set Access Limitations. Limiting access to only the individuals who have a legitimate need to see and use particular data will allow easier monitoring. This will also lower the chances of information being exploited through a personal device.
- Include Other Features. If features are available that allow tasks to be done without connecting to the VPN, they should be utilized to reduce unnecessary access.
- Require Additional Protection. Require that VPN users install extra layers of protection to their devices such as firewall and antivirus software.
VPN servers can easily become the target of a cyberattack. Follow the tips listed above to avoid the consequences of having a vulnerable server.