Category: Ransomware

Alert: Dell’s 49 Million Records Breached For Sale (May, 2024)

Dell logo

Dell notifies customers about data breach

Dell is warning its customers about a data breach after an alleged shadowy cyber criminal offered a 49 million-record database of information about Dell customers on a cybercrime forum.

An alleged cyber criminal called Menelik posted the following message on the “Breach Forums” site:

“The data includes 49 million customer and other information of systems purchased from Dell between 2017-2024.

It is up to date information registered at Dell servers.

Feel free to contact me to discuss use cases and opportunities.

I am the only person who has the data.”

Data Breach forums post by Menelik
Screenshot taken from the Breach Forums

According to the poster Menelik the data includes:
  • The full name of the buyer or company name
  • Address including postal code and country
  • Unique seven digit service tag of the system
  • Shipping date of the system
  • Warranty plan
  • Serial number
  • Dell customer number
  • Dell order number

Most of the affected systems were sold in the US, China, India, Australia, and Canada.

Users on Reddit reported getting an email from Dell which was apparently sent to customers whose information was accessed during this incident:

“At this time, our investigation indicates limited types of customer information was accessed, including:

  • Name
  • Physical address
  • Dell hardware and order information, including service tag, item description, date of order and related warranty information.

The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information.”

Although Dell might be trying to play down the seriousness of the situation by claiming that there is not a significant risk to its customers given the type of information involved, it is reassuring that there were no email addresses included. Email addresses are a unique identifier that can allow data brokers to merge and enrich their databases.

So, this is another big data breach that leaves us with more questions than answers. We have to be careful that we don’t shrug these data breaches away with comments like “they already know everything there is to know.”

This kind of information is exactly what scammers need in order to impersonate Dell support.

Protecting yourself from a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your digital footprint

If you want to find out how much of your data has been exposed online, you can try the recommended Malware Bytes free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

FBCS: One More Data Breach Affecting Almost Two Million People!

Having a loan or bill go to collections is bad enough as it is, but now in the first half of 2024, the second largest debt collection agencies in the U.S. has revealed that it has fallen victim to another data breach in which nearly Two Million borrowers information was exposed online.

As first reported by BleepingComputer, Financial Business and Consumer Solutions (FBCS) has begun notifying impacted individuals after the sensitive personal information of approximately 1,955,385 people was recently accessed by hackers.

As a nationally licensed debt collection agency, FBCS collects unpaid debts from credit card companies, healthcare organizations, car dealerships, student loans and utilities. However, unlike with the other companies you do business with, if one of your loans or bills has ended up in FBCS’ hands, you’re stuck with them.

Here’s everything you need to know about this recent data breach along with some tips and tricks on how to stay safe after your personal or financial information ends up in the hands of hackers.

Unauthorized network access

A hacker typing quickly on a keyboard

In a data breach notice (PDF) submitted to the Attorney General’s office in Maine, FBCS explained that hackers first breached its network on February 14, 2024. The unauthorized actor remained there until February 26 and during that time, they were able to “view or acquire certain information on the FBCS network.”

During that 12-day window, they could have accessed the full names, Social Security numbers (SSNs), dates of birth, account information and driver’s license numbers or ID card numbers of almost 2 million Americans.

With this information in hand, the hackers behind this breach can easily launch targeted phishing attacks, commit fraud or use social engineering for identity theft. FBCS has enrolled thousands of them automatically for 12 months of credit monitoring through the company Cyex.

 

Geobox: A $700 Anonymous Wi-Fi Device

Geobox: A Hacking Device That Is Basically Untraceable

In summary, a Geobox transforms the mini-computer Raspberry Pi into a Swiss-army knife type of hacking device!

Sold for a lifetime fee of $700 or a monthly rate of $80, the software is able to:

1. Spoof location

2. Mimic Wi-Fi access points

3. Manipulate DNS and network parameters while providing anonymity.

4. Copying and emulating the same commonly used Wi-Fi landing page that most restaurants and concerts use to log on to avoid suspicion. The operators can even charge 0.99 cents or more depending on the location/Clients of where they are located at (such as a fitness gym, where the upcharge is usually $2.99 for unlimited data use or free for limited data).

Imagination is not required: this Geotool allows any person to set up a virtually untraceable Wi-Fi box that most people take for granted and can own all of the data or even the device or laptop once one connects to it!

After researching a few operators using it at a popular tourist site (March, 2024), it was observed that “three malicious individuals utilized several Geobox devices, each connected to the internet. These devices served as proxies, significantly enhancing their anonymity. This approach complicated the investigation and tracking process for any one attempting to investigate them using them, especially since, by default, Geobox devices do not store any logs nor any digital or paper trail for themselves or whomever logs on to the created Wi-Fi access point. They also have an amazing choice: to either create a Wi-Fi point similar to the official location name of where they are operating from, such as naming it “McDonald’s Free Wi-fi”

OR

They simply use it for their own fully anonymous purposes, such as emulating an internal Wi-Fi access point; which is quite common at Malls, shopping areas and concert venues where the general public or even workers/vendors would have no ability to distinguish between a Geobox created Wi-Fi point and the authentic one. To make it even more authentic, an operator would mimic the secure password of the host site – such as a popular shopping Mall’s password for internal Employees/Vendors.

It only takes these bad actors 2 – 5 minutes on average by simply using the popular $300 Flipper device to get the password or passcode of any device or Wi-Fi router today as well in combination with the Geobox!

Raspberry Pi is a widespread, low-cost, and small single-board computer used for various projects and praised by enthusiasts.

However, with Geobox, it is transformed “into a potent weapon for digital deception.” Malicious software is specifically designed for the Raspberry Pi 4 Model B with at least 4GB of RAM.

The price is $700 for lifetime, which is very cheap and affordable considering the amount of data, private and personal information it can easily obtain within a few minutes of being set up once just one person unwittingly connects to it in this day and age of people expecting free or low-cost internet everywhere!

These device operators also have the ability to create a bogus free or one-time .99 cent-for-24 hour unlimited internet access via a simple landing page to mask and emulate, as an example, your favorite restaurants like McDonald’s or Starbucks!

With Geobox, malicious actors target a broad audience as the setup process is streamlined, clear, and concise, with easy-to-follow instructions also provided. The manual links to the official Raspberry website for OS installation.

Multiple tools are included with Geobox: multiple VPN connections, GPS and Wi-Fi emulation, DNS configuration, data substitution tools, network configurators, and others.

The Geobox Can Be Easily Used For Anonymous Geolocation or Multiple Internet Purposes

“The device’s functionality is diverse, allowing for various forms of digital manipulation and disguise. Key features include the ability to use WebRTC IP for discreet online communication and GPS spoofing to simulate different geographical locations, which is particularly valuable for activities that require geolocation manipulation. Furthermore, the Geobox can completely mask (hide) Wi-Fi MAC addresses, making the user’s network activity more difficult to trace.”

*Most High Schools and Colleges Use Wi-Fi MAC Addresses As Standard Internet and Wi-Fi Usage Tracking Controls*

The emergence of Geobox raises significant concerns and introduces new complexities for cybersecurity – as well as the general public! One simple dot or variation of a “Starbucks or McDonalds Wi-Fi” authentic connecting point at any location is all it takes for operators of a Geobox to own and obtain all of the data on your laptop/phone or any other connected device!

Armed with such an affordable and easy to obtain cyber device, operators can easily carry and coordinate various attacks; such as being a data dump for anyone logging on to the newly created “free Wi-Fi” identity theft and credit card fraud under the veil of anonymity, circumventing network restrictions and surveillance, malware distribution, credential stuffing, spreading misinformation, content piracy, etc.

It was observed one operator used Geobox in combination with two LTE-based wireless modems, “proxyfying connections via multiple chains of SOCKS and PROXY servers globally and automatic pseudo-randomly via AI”. In essence, these easy proxy steps further ensure they are anonymous and cannot be tracked unless known to be doing this activity in advance!

Leveraging several devices deployed in various locations using this model is easy if the operator has a few friends working as a small tight-knit team. Note that this device can be easily carried in a purse, bag or backpack; easily disguisable as simply being a popular Notebook or laptop.

“Once the malicious action has been conducted – they can simply wipe the device or physically destroy it if they have a hunch that they are being monitored or tracked – but this device is so cheap, simple and easy that the chances of them getting caught are slim to none and thus they simply move it to other locations depending on their intent and motives – such as an up coming concert venue or local restaurant that people go to fully expecting and using free Wi-Fi”.

How to Hide Your IP Address and Change Location on Coinbase

Are you concerned about your online privacy and looking for ways to mask your IP address on Coinbase?

If like many people, you have come to the right place. In this guide, we’ll walk you through the steps to change your location on Coinbase (or any other Crypto Exchange) and hide personal information like your IP address, country, and region.

 

Quick Guide: Hide Your IP Address and Change Your Location

  • Mask Your IP Address
  • Flush DNS and Renew Your IP Address
  • Change Your Coinbase Location Settings
  • Other Methods to Hide Your IP Address and Location on Coinbase

Why Hide Your IP Address?

There are several reasons why you might want to hide your IP address. One of the main reasons is to protect your privacy and prevent Coinbase from tracking your physical location. By masking your IP address, you can also avoid leaving a digital footprint and bypass content filters or bans.

How to Hide Your IP Address and Location from Coinbase

  1. Mask Your IP Address
    • Use a VPN (Virtual Private Network) or proxy server to mask your IP address and spoof your location.
    • We recommend using NordVPN for its ease of use and reliability.
    • Follow these steps to install and configure NordVPN:
      1. Visit NordVPN’s website and create an account.
      2. Download and install NordVPN on your devices.
      3. Connect to a VPN server from your preferred location.
  2. Flush DNS and Renew Your IP Address
    • Clear your DNS cache to ensure your computer obtains the latest IP address from Coinbase’s DNS server.
    • Renew your IP address through your device’s settings or command prompt.
    • Follow these steps for PC (Any Windows OS Computer) (please contact me directly at https://www.t.me/DigitalFoundation for one on one Consultation):

Step-by-Step Guide: Flush DNS and Renew Your IP Address

Step 1: Open Command Prompt

      • On Windows: Press the Windows key, type “cmd” in the search bar, then press Enter.
      • On Mac: Open Spotlight (Command + Space), type “Terminal,” then press Enter.

Step 2: Run Command Prompt as Administrator

      • Right-click on Command Prompt in the search results.
      • Select “Run as administrator” from the context menu.

Step 3: Enter Commands

      • In the Command Prompt window, type the following commands one by one, pressing Enter after each:
        • ipconfig /flushdns (This command clears the DNS resolver cache.)
        • ipconfig /release (This command releases your current IP address.)
        • ipconfig /renew (This command requests a new IP address from your DHCP server.)

Step 4: Confirm Success

      • Look for confirmation messages after each command.
      • You should see messages indicating successful flushing of the DNS resolver cache and renewal of your IP address.

Step 5: Close Command Prompt

      • Once you’ve completed the commands and confirmed success, you can close the Command Prompt window.

Note:

      • Flushing the DNS resolver cache and renewing your IP address can help resolve network connectivity issues and ensure that your computer has the latest IP address information.
      • These steps may vary slightly depending on your operating system. Always run Command Prompt with administrator privileges for these actions.

Mac/Apple Flushing DNS:

 

  1. Change Your Coinbase Location Settings
    • Before logging in to your Coinbase account, ensure NordVPN is running and connected to the preferred server location.
    • Log in to your account, go to “Privacy Settings,” and change your “Location/Region/Country” to match your VPN server.
    • Save the changes and you’re all set.

Can’t Change Your Coinbase Location Settings? Here’s What to Do

If you’re unable to change your region, location, or country on Coinbase’s account settings, you can contact Coinbase support for assistance. Follow these steps:

  • Connect to NordVPN and your preferred server.
  • Find the “Contact Us” or “Get in touch” page on Coinbase’s website here: https://help.coinbase.com/en-gb
  • Send a message to Coinbase support requesting a manual update of your physical location.
  • Wait for 24-48 hours for their response.

Other Methods to Hide Your IP Address and Location on Coinbase

In addition to using a VPN or proxy server, you can also consider using a neighbor or trusted friend’s Wi-Fi networks or proxy servers. However, keep in mind the security and privacy implications of these methods. If you are unsure or don’t know whether or not your Internet/Device/Computer is truly SECURE, take 2 minutes of your valuable time and go here to run a VPN and Browser Leak Scan: https://browserleaks.com/webrtc

 

VPN vs. Proxy vs. Public Wi-Fi: A Comparison

Here’s a comparison table outlining the key differences between using a VPN, proxy server, and public Wi-Fi to hide your IP address and change your location on Coinbase:

 

Features/Attributes VPN Proxy Server Public Wi-Fi
IP Address Masking Yes Yes Yes
Encryption Yes (High-level) No No
Geolocation Spoofing Yes Yes Partial
Ease of Setup Easy Moderate Easy
Speed Fast (depends on service) Moderate Varies (often slow)
Security High Low Very Low
Privacy High Low to Moderate Very Low
Access to Restricted Content Yes Yes Maybe
Consistency High Moderate Low
Cost Subscription Subscription or one-time fee Free
Legality & Compliance Generally Legal, some restrictions apply Generally Legal, some restrictions apply Legal

In summary, using a VPN offers the highest level of security and privacy, while proxy servers and public Wi-Fi networks may be less reliable. Choose the method that best suits your needs and always prioritize your online privacy and security.

By following these steps and tips, you can effectively hide your IP address and change your location on Coinbase, ensuring your online activities remain private and secure.

Disclaimer:

The information provided in this blog post is for educational purposes only. While we strive to provide accurate and up-to-date information, we cannot guarantee the effectiveness or suitability of the methods described.

By following the steps outlined in this guide, you acknowledge that neither any individuals affiliated with GeeksByTheHour nor its affiliates are responsible for any actions, events, or consequences that may occur as a result.

It is recommended to consult with a qualified IT professional or technician before performing any network-related actions on your computer. Always proceed with caution and at your own risk.

Machine vs. Mind: Will AI be 2024’s Most Dangerous Cyber Weapon?

In 2024, for cybersecurity, we’re entering an era where advanced AI tools and escalated social engineering tactics (especially during election years) are changing the game. To avoid potential cyber threats, businesses, governments and individuals must grasp these emerging trends.

1. Rise Of Cybersecurity AI

In 2024, AI’s role in cybersecurity will expand to encompass automated responses and predictive analytics. It’s mainly about taking preventive measures in advance….

Integrating AI into cybersecurity applications can improve threat detection and incident response. For instance, AI can identify anomalies or deviations that may indicate potential security threats. Previously unseen attacks can be detected.

With cyberattacks becoming more sophisticated, AI’s ability to analyze vast datasets and identify patterns will be pivotal. Since AI has become a major part of cyber criminals’ toolkit, AI is expected to become a mainstay in cybersecurity solutions.

2. Election Year Disinformation

Election years provide fertile ground for social engineering and disinformation campaigns, and there’s no reason to believe 2024 will be an exception. As political tensions rise, so do efforts to manipulate public opinion and undermine democratic processes.

Americans lost $10.3 billion to online scams in 2022, which also emphasizes the need for ongoing employee security awareness training that includes exercises to help identify social engineering tactics and phishing attempts. The use of open-source intelligence tools (OSINT) to root out network vulnerabilities is recommended as a preventive measure to combat threat actors.

3. Escalation Of Ransomware Attacks

Ransomware remains a formidable threat in 2024, with tactics becoming increasingly complex and negotiations more aggressive. According to Cybersecurity Ventures, damages from cybercrime are projected to exceed $10.5 trillion globally by 2025.

This alarming escalation calls for robust backup strategies, employee training, cyber insurance, negotiation expertise and incident response plans. Companies can follow the example of external performing tasks such as penetration testing, validating network integrity, identifying unauthorized activity and monitoring for suspicious behavior.

4. AI-Based Predictive Social Engineering

2024 will likely see a rise in AI-based predictive social engineering and a disturbing convergence of AI and social manipulation techniques.

Leveraging AI, cybercriminals can prey on human weaknesses such as impulsiveness, greed and curiosity to more convincingly create personalized phishing campaigns at scale. AI-facilitated social engineering attacks have been reported to the FTC.

This emerging trend underscores the need to perform AI risk assessments and to consider outsourcing expertise to a virtual AI officer who can step into the role and run AI-resistant security protocols.

5. National U.S. Data Privacy Act

The progression of data privacy regulations—beginning with the European Union’s General Data Protection Regulation (GDPR) and extending to California’s Consumer Privacy Act (CCPA)—is paving the way for establishing a national data privacy act in the U.S. called the American Data Privacy and Protection Act.

With five states’ privacy acts becoming effective in 2024 and other data breaches costing companies an average of $4.45 million, legislating a national data privacy standard is more urgent than ever.

6. Cyberattacks On Cannabis Retailers

The burgeoning cannabis industry, particularly retailers, is increasingly vulnerable to cyberattacks as they transition to digital platforms. Banks and credit card services could begin to accept electronic payments and ACH transfers from cannabis businesses—thanks to pending legislation making its way through Congress—and the gap between point of sale (PoS) systems and potential data breaches narrows significantly.

Human error and complacency are major risk factors, and the industry’s nascent adoption of digital technologies makes it an attractive target for cybercrime. Retail dispensaries must prioritize cybersecurity to protect their client data and financial transactions, as the sector’s so-called “green rush” also attracts the unwanted attention of threat actors.

7. Zero Trust Elevates To Boardroom Status

The concept of zero trust in cybersecurity, akin to the rise of anti-virus software in the 1990s, is set to become a staple topic in boardroom discussions in 2024. Gaining steady momentum, the implementation of zero trust is no longer a technical nicety but a business imperative.

Rooted in the principle of “never trust, always verify,” the widespread adoption of zero-trust architectures signifies a paradigm shift in security strategies, emphasizing continuous verification of every user and device, regardless of their location or network.

This strategic move elevates cybersecurity from a technical concern to a core business function, crucial for protecting organizational assets.

8. FEMA Cyber Insurance

To make a bold and unprecedented prediction, FEMA, the federal agency known for last-resort flood insurance, may eventually be called upon to serve as a model and backstop for cyber insurance policies not covered by commercial carriers.

With traditional insurance carriers withdrawing from high-risk regions like Florida due to severe climate events, there is a growing need for federal intervention. A FEMA initiative could potentially underwrite essential services like airports, hospitals, energy and water treatment plants as commercial insurance options become limited.

Conclusion

The increasing complexity of cyber threats underscoring the security trends of 2024 highlights the need for advanced mitigation strategies. Organizations will need to understand these trends, ensure they enable best practices and consider collaborating with outsourced cybersecurity expertise to navigate the security environment and ensure a robust, future-ready cyber defense.

How To Lock Down Your Computer

How to Quickly Lock Your Windows 11/10 PC

 

Your privacy matters. That’s why it’s good practice to lock a desktop or laptop whenever you leave it unattended. Use any of the methods below to stop other people from snooping around your PC.

Unlike signing out, locking a computer is faster, just as secure, and doesn’t require you to shut down open programs. You also get to unlock it instantly and pick up where you left off. This article will go through various ways to quickly lock Windows 11 and 10.

Table of Contents

Lock Computer via the Start Menu

The most straightforward approach to locking your PC is simply to use the Start menu. Open it, select the User icon or your profile portrait, and choose the option labeled Lock.

Note: If the Lock option is not present, open the Control Panel, go to Hardware and Sound > Power Options > Change what the power buttons do, and activate the box next to Lock to add it.

Lock Computer with a Keyboard Shortcut

If you prefer keyboard shortcuts, an even faster way to lock a Windows computer is pressing Windows Key + L. Use it a few times, and you’ll get it hard-coded into your muscle memory.

Lock Computer with a Desktop Shortcut

If you find it challenging to use the Win + L keyboard shortcut, you can create a desktop shortcut capable of locking your PC just as quickly.

  1. Right-click a vacant area within the desktop area.
  2. Select New > Shortcut on the context menu.
  3. Copy and paste the following snippet of text into the Create Shortcut window and select Next:

rundll32.exe user32.dll,LockWorkStation

  1. Type a name for the shortcut—e.g., “Lock PC”—and select Finish.
  2. Double-click the shortcut whenever you want to lock your PC.

Lock PC via the Windows Security Screen

The Windows Security screen (a.k.a. the Ctrl + Alt + Delete screen) offers another quick way to lock Microsoft Windows. The best thing about this method is that you can use it even if Windows 11 or 10 isn’t responsive. Simply press Ctrl + Alt + Del to get the Windows Security screen to show up. Then, select Lock.

Lock Computer via Task Manager

If you ever find yourself using the Task Manager in Windows 11 or 10 and want to lock down your PC immediately, you can do that using the Task Manager itself.

  1. Right-click the Start button and select Task Manager.
  2. Select More details to expand the default Task Manager view.
  3. Switch to the Users tab.
  4. Select your Windows user account.
  5. Select the Disconnect option at the lower-right corner of the window.

Lock Computer Alongside Screen Saver

If you regularly forget to lock your PC, you can set up a screensaver to kick in automatically and lock your PC when it engages.

  1. Open the Start menu, search for screen saver, and select Turn Screen Saver On or Off to invoke the Screen Saver Settings pop-up.
  2. Open the drop-down menu under Screen saver and pick a screensaver (select Blank if you prefer to keep the computer screen dark when the screensaver is active).
  3. Specify a time in minutes within the Wait box, check the box next to On resume, display logon screen, and select OK.

Your PC will display the screensaver when left idle for the time duration. Press a key or mouse button whenever you want to exit it and get to the Lock Screen.

Lock Computer With Dynamic Lock

Dynamic Lock automatically locks the operating system if it detects a weak Bluetooth signal between your PC and another device. Although it works with any Bluetooth peripheral, using a smartphone (Android or iPhone) is the most practical.

Connect Smartphone to PC

Before activating Dynamic Lock, you must pair your smartphone with your computer.

  1. Put your phone into Bluetooth discovery mode. That’s as simple as visiting its Bluetooth options screen (e.g., Settings > Bluetooth on the iPhone).
  2. Open the Settings app on your PC (press Windows + I).
  3. Select Devices > Bluetooth & other devices.
  4. Select Add Bluetooth or other device > Bluetooth.
  5. Select your phone and go through the onscreen instructions to pair it.

Activate Dynamic Lock

It’s now just a matter of activating Dynamic Lock.

  1. Open the Settings app on your PC.
  2. Select Accounts > Sign-in Options and scroll down to the Dynamic Lock section.
  3. Check the box next to Allow Windows to automatically lock your device when you’re away.

Your PC will automatically lock itself whenever you move away from it with your iPhone or Android smartphone.

Lock Computer via Run Command

You can perform many valuable activities with Run commands in Windows, including locking your PC. Although it’s hard to justify using Run over the above methods, it’s good to know that this way exists.

  1. Press Windows Key + R or right-click the Start button and select Run.
  2. Type the following command into the Run dialog box:

rundll32.exe user32.dll,LockWorkStation

  1. Select OK, or press Enter to lock Windows.

Lock Computer via Windows Terminal

Another obscure way to lock a Windows 11/10 PC requires running a command through the Windows Terminal or Windows PowerShell consoles. Here’s how to use it:

  1. Right-click the Start button and select Windows Terminal (Windows 11) or Windows PowerShell (Windows 10).
  2. Type the following command:

rundll32.exe user32.dll,LockWorkStation

  1. Press Enter.

Tip: The above command also works on the older Command Prompt console. Open the Start menu, type cmd, and select Open to get to it.

While this command is not particularly useful for locking your PC in the moment, it can be handy to include the command in a script so that your PC locks when the script finishes.

Total Lockdown

Locking your Windows PC has no downsides and keeps intruders at bay. It’s easy to forget to do that, however, so it’s always worth taking your time to tweak your screensaver settings or set up Dynamic Lock. While you’re at it, check out how to create a passwordless login in Windows to make getting back in even faster.

About The Author

Dr. Sky Houston has a legacy, passion and expertise in Information Technology. He specializes in topics related to Consumer & Business Technology and optimizing productivity. “Tame Your Technology Or It Will Tame You” is his way of life! When he isn’t solving tech issues of all sizes, he is busy optimizing, troubleshooting and locking down Client’s Internet, Networks, Devices and Computers, you can catch him teaching and training network, productivity improvements and Cyber Security.

Subscribe on YouTube!
Did you enjoy this tip? If so, check out our YouTube channel. We cover Windows, Mac, Software, Shortcuts and Apps, and also have a bunch of troubleshooting tips and how-to videos. Click the button below to subscribe!

 

Our Publishing Family

Geeks By The Hour is part of the Global Strong publishing family.

About Geeks By The Hour

Welcome to Geeks By The Hour – a blog full of tech tips from trusted IT experts. We have hundreds of articles and guides to help you troubleshoot any issue. Our articles have been read over 1 million times since we launched in 2009.

Copyright © 2009-2023 SkyTheTechGuy.com & GeeksByTheHour.com All Rights Reserved

Top 10 Cybersecurity Trends (Updated for 2023)

Top 10 Cybersecurity Trends (Updated for 2023)

Table of Contents

1) Rise of Automotive Hacking 

2) Potential of Artificial Intelligence (AI) 

3) Mobile is the New Target 

4) Cloud is Also Potentially Vulnerable 

5) Data Breaches: Prime Target

6) IoT with 5G Network: The New Era of Technology and Risks 

7) Automation and Integration 

8) Targeted Ransomware

9) State-Sponsored Cyber Warfare

10) Insider Threats

2023: The Digital Transformation realized for businesses, organizations and even governments are relying on computerized and progressively increased digital systems to manage their day-to-day activities making Cybersecurity a primary goal and priority for all Executives and Organizations of all sizes.

The 2020 pandemic  year exacerbated this fact – with up to 75% of billions of people globally transitioning from their physical office (which had the IT resources and personnel) to their “home office”. Essentially turning the entire “working from home industry” and all of the IT and HR requirements that it needs due to safeguarding data from various online attacks or any unauthorized access as the new “norm” of virtual/remote work.

Going Forward: Continuous change in technologies including the popular Dual Authorization Password apps primarily through utilizing the smart phone also implies a parallel shift and priority in Cybersecurity trends across the board in every organization as news of data breach, ransomware, malware, compromised devices/browsers and hacks unfortunately become the norms. This is simply based on adapting to the progressing volume (millions before the 2020 Pandemic worked from home, today it is billions) of remote workers. Here are the top Cybersecurity trends for 2023:

1) Rise of Automotive Hacking 

Modern vehicles nowadays come packed with automated software creating seamless connectivity for drivers in cruise control, engine timing, door lock, airbags and advanced systems for driver assistance. These vehicles use Bluetooth and WiFi technologies to communicate that also opens them to several vulnerabilities or threats from hackers. Gaining control of the vehicle or using microphones for eavesdropping is expected to rise in 2023 with more use of automated vehicles. Self-driving or autonomous vehicles use an even further complex mechanism that requires strict cybersecurity measures.

2) Potential of Artificial Intelligence (AI) 

With AI being introduced in all market segments, this technology with a combination of machine learning has brought tremendous changes in cybersecurity. AI has been paramount in building automated security systems, natural language processing, face detection, and automatic threat detection and the ChatGPT OpenAI capabilities that are literally transforming industries of anything relating to “the written word” including Copy Writing, Marketing, Advertising, Education, and many, many others are all being automated with AI. Although, it is also being used to develop smart malware and attacks to bypass the latest security protocols in controlling data. AI enabled threat detection systems can predict new attacks and notify admins for any data breach instantly.

3) Mobile is the New Target 

Cybersecurity trends provide a considerable increase (50 percent) for mobile banking malware or attacks in 2020, making our handheld devices a potential prospect for hackers. All of our photos, financial transactions, emails, and messages possess more threats to individuals. Smartphones are logically one of the biggest targets for anyone with the skills and agenda primarily based on two facts:

  1. Smartphones are used by more people globally today than PC’s (personal computers)
  2. The security and vulnerabilities of smartphones are far less on average than PC’s
  3. Social Media like Facebook, Instagram, and Tik Tok as well as other installed Apps of all types on smartphones/PC’s/devices are being targeted more and more each day by malicious individuals and “ransomware gangs” globally.

4) The “Cloud” i.e. Internet is Also Potentially Vulnerable 

With more and more organizations now established on clouds, security measures need to be continuously monitored and updated to safeguard the data from leaks. Although cloud applications such as Google or Microsoft are well equipped with security from their end still, it’s the user end that acts as a significant source for erroneous errors, malicious software, and phishing attacks more than ever before today. Malicious actors across the globe are adapting faster than end users can act, especially in today’s ever so popular Social Media world.

5) Data Breaches: Prime target

Data will continue to be a leading concern for organizations around the world. Whether it be for an individual or organization, safeguarding digital data is the primary goal now. Any minor flaw or bug in your system browser or software is a potential vulnerability for hackers to access personal information. New strict measures General Data Protection Regulation (GDPR) was enforced from May 25th, 2018 onwards, offering data protection and privacy for individuals in the European Union(EU). Similarly, the California Consumer Privacy Act (CCPA) was applied after January 1st, 2020, for safeguarding consumer rights in the California area.

6) IoT with 5G Network: The New Era of Technology and Risks 

With the advent and growth of 5G networks, a new era of inter-connectivity will become a reality with the Internet of Things (IoT).

The Internet of Things (IoT)  is essentially an interconnected global network where all devices are connected to each other as well as the “internet” 24×7. This communication between multiple devices also opens them to vulnerabilities from outside influence, attacks or an unknown software bug. Even the world’s most used browser supported by Google, Chrome was found to have serious bugs. 5G architecture is comparatively new in the industry and requires a lot of research to find loopholes to make the system secure from external attack.

Every step of the 5G network might bring a plethora of network attacks that we might not be aware of. Here manufacturers need to be very strict in building sophisticated 5G hardware and software to control data breaches.

7) Automation and Integration 

With the size of data multiplying every day, it is eminent that automation is integrated to give more sophisticated control over the information. Modern hectic work demand also pressurizes professionals and engineers to deliver quick and proficient solutions, making automation more valuable than ever. Security measurements are incorporated during the agile process to build more secure software in every aspect. Large and complex web applications are further hard to safeguard making automation as well as cyber security to be a key concept of the software development process.

8) Targeted Ransomware

Another important cybersecurity trend that we can’t seem to ignore is targeted ransomware. Especially in the developed nations’ industries rely heavily on specific software to run their daily activities. These ransomware targets are more focused today in 2023 including examples like the Wanna Cry attack on the National Health Service hospitals in England corrupted more than 70,000 medical devices. Though generally, ransomware asks to threaten to publish the victim’s data unless a ransom is paid still it can affect the large organization or in case of nations too.

9) State-Sponsored Cyber Warfare

There won’t be any stoppage between the western and eastern powers in attempts to find superiority. The tension between the US and Iran or Chinese hackers often creates worldwide news though the attacks are few; they have a significant impact on an event such as elections. And with more than 70 elections bound to be held this year, criminal activities during this time will surge. Expect high-profile data breaches, key infrastructure like airlines grounding planes due to internal software compromises, etc. as top cybersecurity trends for 2023.

10) Insider Threats

Human error is still one of the primary reasons for data breaches and cyber security issues and service tickets, up to 75% of all reported in fact according to the most recent 2022 statistics. Any employee having a grudge or just a bad day at their employer or intentional loophole can bring down a whole organization with millions of stolen data. One example of this in 2022 was an official Report by Verizon that a documented data breach gives strategic insights on cybersecurity trends that 45 percent of total attacks were directly or indirectly made by the employees. Creating a culture of more awareness within premises to safeguard data in every way possible is truly the primary goal today in 2023 as well as the future.

The Best Antivirus for Windows 10 Today (2023) (Is Windows Defender Good Enough?)

The Best Antivirus for Windows Today In 2023: Is Windows Defender Good Enough?

 

Windows Defender was originally known as Microsoft Security Essentials back in the Windows 7 days when it was offered as a separate download, but now it’s built right into Windows and it’s enabled by default. Many people have been trained to believe that you should always install a third-party antivirus, but that isn’t the best solution for today’s security problems, like ransomware.
If improving Security for your end device is your overall goal and you have a PC (aka Windows-OS device) then you must download and install WINPATROL. There is a FREE limited edition, but if you care for what comes in to your device then for a week's worth of coffee it is HIGHLY SUGGESTED you pay for the Upgrade. I have the paid version on every devices that runs on Windows since Windows 7 came out and it is THE BEST BARGAIN IN PC SECURITY. https://www.bleepingcomputer.com/download/winpatrol/
So, What Is the Best Antivirus Program In 2023?

 

We definitely recommend you read the entire article so you fully understand why we recommend a combination of Windows Defender and Malwarebytes, but since we know that tons of people will just scroll down and skim, here is our recommendation for how to keep your system secure:
  • Keep the Built-in Windows Defender for traditional antivirus – but today in 2023, malicious hackers require you to adapt and focus on Ransomware, zero-day attacks, keyloggers, and malware (such as Keyloggers that can copy and use every key stroke on your device for their own purposes) that require the 1-2-3 Defense listed below.
  • Use Malwarebytes for Anti-Malware and Anti-Exploit – all of the huge malware outbreaks these days are using zero-day flaws in your browser to install ransomware to take over your PC, and only Malwarebytes provides really excellent protection against this with their unique anti-exploit system. There’s no bloatware and it won’t slow you down.

Editor’s Note: This doesn’t even mention the fact that Malwarebytes, the company, is staffed by some really great people that we really respect. Every time we talk to them, they are excited about the mission of cleaning up the internet. It’s not often that we give an official How-To Geek recommendation, but this is our favorite product by far, and something we use ourselves.

A One-Two-Three Punch Equals a Knockout for anyone trying to cause harm: Registry/Windows Defense (WinPatrol), Antivirus (Windows Defender) and Anti-Malware (MalwareBytes)
1. You need antivirus software on your computer, no matter how “carefully” you browse. Being smart isn’t enough to protect you from threats, and security software can help act as another line of defense.

2. However, antivirus itself is no longer adequate security on its own. We recommend you use a good antivirus program and a good anti-malware program. Together, they will protect you from most of the biggest threats on the internet today: viruses, spyware, ransomware, and even potentially unwanted programs (PUPs)—among many others.

3. So which ones should you use, and do you need to pay money for them? Let’s start with the first part of that unified threesome combo: antivirus.

Is Windows Defender Good Enough On Its Own? NO IT IS NOT!

When you install Windows 10 or Windows 11 (not recommended as of this time), you will have an antivirus program already running. Windows Defender comes built-in to Windows 10, and automatically scans programs you open, downloads new definitions from Windows Update, and provides an interface you can use for in-depth scans. Best of all, it doesn’t slow down your system, and mostly stays out of your way—which we can’t say about most other antivirus programs.

For a short while, Microsoft’s antivirus fell behind the others when it came to comparative antivirus software tests—way behind. It was bad enough that we recommended something else, but it’s since bounced back, and now provides very good protection.

So in short, yes: Windows Defender is good enough (as long as you couple it with a good anti-malware program, as we mentioned above—more on that in a minute).

But Is Windows Defender the Best Antivirus? What About Other Programs?

If you look at that antivirus comparison we linked to above, you’ll notice that Windows Defender, while good, does not get the highest ranks in terms of raw protection scores. So why not use something else?

First, let’s look at those scores. AV-TEST found that it still caught 99.9% of the “widespread and prevalent malware” in April 2017, along with 98.8% percent of the zero-day attacks. Avira, one of AV-TEST’s top rated antivirus programs, has the exact same scores for April—but slightly higher scores in past months, so its overall rating is (for some reason) much higher. But Windows Defender isn’t nearly as crippled as AV-TEST’s 4.5-out-of-6 rating would have you believe.

Furthermore, security is about more than raw protection scores. Other antivirus programs may occasionally do a bit better in monthly tests, but they also come with a lot of bloat, like browser extensions that actually make you less safe, registry cleaners that are terrible and unnecesary, loads of unsafe junkware, and even the ability to track your browsing habits so they can make money. Furthermore, the way they hook themselves into your browser and operating system often causes more problems than it solves. Something that protects you against viruses but opens you up to other vectors of attack is not good security.

Just look at all the extra garbage Avast tries to install alongside its antivirus.

Windows Defender does not do any of these things—it does one thing well, for free, and without getting in your way. Plus, Windows 10 already includes the various other protections introduced in Windows 8, like the SmartScreen filter that should prevent you from downloading and running malware, whatever antivirus you use. Chrome and Firefox, similarly, include Google’s Safe Browsing, which blocks many malware downloads.

If you hate Windows Defender for some reason and want to use another antivirus, you can use Avira. It has a free version that works fairly well, a pro version with a few extra features, and it provides great protection scores and only has the occasional popup ad (but it does have popup ads, which are annoying). The biggest problem is that you need to be sure to uninstall the browser extension it tries to force on you, which makes it hard to recommend to non-technical people.

Antivirus Isn’t Enough: Use Malwarebytes, Too

Antivirus is important, but today, it is far more important that you use a good anti-exploit program to protect your web browser and plug-ins, which are the most targeted by attackers. Malwarebytes is the program we recommend here.

Unlike traditional antivirus programs, Malwarebytes is good at finding “potentially unwanted programs” (PUPs) and other junkware. As of version 3.0, it also contains an anti-exploit feature, which aims to block common exploits in programs, even if they are zero-day attacks that have never seen before—like those nasty Flash zero-day attacks. It also contains anti-ransomware, to block extortion attacks like CryptoLocker. The latest version of Malwarebytes combines these three tools into one easy-to-use package for $40 per year.

Malwarebytes claims to be able to replace your traditional antivirus entirely, but we disagree with this. It uses completely different strategies for protecting you: antivirus will block or quarantine harmful programs that find their way to your computer, while Malwarebytes attempts to stop harmful software from ever reaching your computer in the first place. Since it doesn’t interfere with traditional antivirus programs, we recommend you run both programs for the best protection.

Update: The Premium version of Malwarebytes now registers itself as the system’s security program by default. In other words, it will handle all your anti-malware scanning and Windows Defender won’t run in the background. You can still run both at once if you like. Here’s how: In Malwarebytes, open Settings, click the “Security” tab, and disable the “Always register Malwarebytes in the Windows Security Center” option. With this option disabled, Malwarebytes won’t register itself as the system’s security application and both Malwarebytes and Windows Defender will run at the same time.

Note that you can get some of Malwarebytes’ features for free, but with caveats. For example, the free version of Malwarebytes program will only scan for malware and PUPs on-demand—it won’t scan in the background like the premium version does. In addition, it doesn’t contain the anti-exploit or anti-ransomware features of the premium version.

You can only get all three features in the full $40 version of Malwarebytes, which we recommend. But if you’re willing to forego anti-ransomware and always-on malware scanning, the free versions of Malwarebytes and Anti-Exploit are better than nothing, and you should definitely use them.
There you have it: with a combination of a good antivirus program, Malwarebytes, and some common sense, you’ll be pretty well protected. Just remember that antivirus is only one of the standard computer security practices you should be following. Good digital hygiene isn’t a replacement for antivirus, but it is essential to making sure your antivirus can do its job.