Evolving Phishing Techniques Exposed, DOJ Moves to Protect Data Privacy, and Cultural Heritage at Risk from Cybercriminals

We have now reached MORE than 23,750 subscribers! Thanks for your support. Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network.

Be sure to read the "My thoughts" section to learn strategies for navigating and combating cyber attacks. I'm here to assist you in avoiding and battling these threats should they ever affect you.

Contact me if you have any questions regarding your enterprise's cybersecurity strategy --> Luigi Tiano.

P.S. We often do giveaways on our company page -->

?

Hackers Bypass Phishing Defenses by Sneaking in Safe-Looking Text and Links?

?

A recent report by Egress reveals that hackers are increasingly evading phishing detection systems by employing sophisticated obfuscation techniques. By manipulating natural language processing (NLP) tools used by email security services, attackers can insert benign text, links, or whitespace into malicious emails to create the illusion of safety. This manipulation tricks NLP tools into misclassifying the emails as legitimate, allowing them to reach victims’ inboxes. Egress found that 78% of discovered malicious emails utilize multiple obfuscation methods, and common tactics include using familiar links like those to Bank of America or Uber. Additionally, some email security tools may inadvertently release emails before fully scanning them, increasing the chances of phishing attacks succeeding. Verizon’s 2024 data breach report highlights that phishing tactics were involved in 31% of detected incidents, underscoring the ongoing threat posed by this method. ( cyberscoop.com ) ?

My Thoughts: As cyber threats become more sophisticated, the techniques used by attackers to manipulate email security systems demonstrate just how vulnerable organizations are to phishing attacks. This isn’t just a technical issue; it’s a critical threat to personal and organizational safety, especially as phishing is involved in such a significant percentage of data breaches.?

?

The fact that 78% of malicious emails employ multiple obfuscation techniques should raise alarm bells for everyone. Organizations must not only enhance their email security protocols but also ensure that employees are aware of the evolving tactics used by cybercriminals. As we move into 2025, it’s imperative that we recognize the seriousness of this issue and take proactive measures to educate users on identifying potential threats. The risks associated with phishing attacks are growing, and if we don’t stay ahead of these tactics, the consequences could be severe.?

?

Justice Department Rule Aims to Stop the Sale of Americans’ Personal Data to Other Countries?

The U.S. Department of Justice has proposed new regulations to restrict the sale and transfer of Americans’ sensitive personal data to certain adversarial countries, including China, Russia, Iran, North Korea, Cuba, and Venezuela. The regulations arise from an executive order by the Biden administration and target six categories of sensitive data, such as Social Security numbers, geolocation, biometric identifiers, health information, and financial details. Companies will need to establish compliance programs and report third-party involvement in data sales. While the proposal aims to protect national security and address data privacy concerns, experts caution that it may only provide a partial solution, as adversaries can still access personal data through other means, such as breaches or theft. The push for comprehensive privacy legislation in Congress has also stalled amid political disagreements. ( cyberscoop.com ) ?

?

My Thoughts: The proposed regulations by the DOJ to curb the sale of Americans’ personal data to adversarial nations are a necessary step in safeguarding our privacy and national security. With the increasing threats posed by countries like China and Russia, it’s crucial that we take measures to protect sensitive information from falling into the wrong hands. However, this is just the tip of the iceberg.?

?

Even with these new rules, we must recognize that adversaries will find ways to access our data—through breaches, theft, or other loopholes. The urgency for comprehensive privacy legislation cannot be overstated. As we move into 2025, the stakes are higher than ever; individuals and organizations alike need to be aware of the ongoing risks and advocate for stronger protections.??

?

Who is the new target??

?

The recent hack of the Internet Archive highlights a concerning trend: cultural institutions like libraries and museums are increasingly becoming targets for cybercriminals. The attack led to the theft and exposure of data from over 31 million user accounts, prompting the organization to take the site offline for over a week to prevent further breaches. Experts like Victoria Lemieux emphasize that these institutions often lack robust cybersecurity infrastructure, making them vulnerable to attacks. Hackers are motivated not only by the potential for extortion and identity theft but also by a desire to disrupt and manipulate cultural narratives. With more libraries falling victim to cyberattacks, experts call for increased cybersecurity education and collaboration within the GLAM sector (galleries, libraries, archives, and museums) to better protect sensitive data and cultural heritage.?

?

My Thoughts: As co-founder of Assurance IT, I’m not surprised by the surge in cyberattacks on cultural institutions like the Internet Archive—I predicted this trend. These attacks threaten not only sensitive personal data but also the integrity of our cultural heritage.?

?

Many libraries and museums lack robust cybersecurity, making them easy targets. We need to raise awareness and ensure these organizations have the necessary defenses in place. As we approach 2025, protecting our cultural institutions is vital for preserving history for future generations. It’s crucial to advocate for stronger cybersecurity measures now, or we risk further attacks that could have devastating consequences.?

?

We only partner with the best on the market. We have a variety of options, tailored to your needs and organization size.??

?

Have questions about your cybersecurity posture? Let’s chat.?

?

Calendar Link ?

?

CISA Proposes New Security Measures to Shield Americans’ Data from Adversarial States?

?

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is proposing new security requirements to protect Americans’ personal data and government-related information from adversarial states. These measures target organizations handling sensitive data that may be exposed to “countries of concern.” The proposal is part of Executive Order 14117, signed by President Biden, to address significant data security risks. Affected entities may include technology companies, telecommunications firms, healthcare organizations, financial institutions, and defense contractors. Proposed security measures include maintaining an asset inventory, addressing vulnerabilities promptly, enforcing multi-factor authentication, and reducing data collection to prevent unauthorized access. CISA is seeking public input to refine these proposals. ( bleepingcomputer.com ) ?

?

My Thoughts: As an IT professional for 25 years and the co-founder of Assurance IT, I see CISA’s proposed security requirements as a vital move towards protecting sensitive personal and government data from adversarial states. With cyber threats escalating, particularly from nations that pose significant security risks, it’s imperative that we strengthen our defenses. The fact that these measures will affect sectors like technology, healthcare, and finance underscores how vulnerable our systems truly are.?

?

Engaging with CISA’s call for public input is essential, as collaborative efforts can lead to stronger security frameworks that protect individuals and national interests alike. The time to act is now; if we don’t strengthen our cybersecurity posture, we risk facing even greater challenges in securing our data and infrastructure in the future.?

Assurance IT can help. We know how it’s done.??

?

?