Cybersecurity Monthly Newsletter May 2024

In this issue:

• Financial Sextortion: The dangerous rising scam affecting minors

• Cybersecurity Shorts

• Software Updates

Welcome to your May Savvy Cybersecurity newsletter. Read on to learn more about:

• The scam affecting 65% of Gen Z
• New cybersecurity mandates coming for Medicare/Medicaid hospitals
• And more

Financial Sextortion: The dangerous rising scam affecting minors

The scam begins with a simple message to a teenage male on a social media platform, “Hey.” The sender appears to be a teenage girl. What starts as an innocent conversation getting to know each other quickly turns when the “girl” asks for explicit pictures. Once the pictures are sent, the predators reveal themselves and threaten to share the photos with friends, family, and schools if a ransom is not paid.

The scam, deemed “financial sextortion” by the FBI, has risen at least 20% since 2022. The FBI has reported 13,000 cases of this scam between 2021 and 2023. There are likely many more who have not reported their cases out of anxiety and embarrassment. At least 20 teenagers have died by suicide due to this scam.

A study done by Snap Inc found that 65% of Gen Z say they or their friends were targeted or victims of this type of catfishing scam. Around 1/3 of those targeted wound up sharing explicit images with the criminals operating from countries like Nigeria and the Ivory Coast (making it more difficult for U.S. law enforcement to apprehend them).

Teenagers from affluent households are more likely to be victims of this scam. Javelin Strategy and Research found that 37% of households with an annual income of $150,000 or more were victims of this scam compared to 10% of households making between $50,000 and $100,000.

How to protect minors

The US government and tech companies are taking steps to protect minors from this scam. President Biden has now signed the REPORT Act into law. This requires social media platforms to report crimes involving enticement of children. Meta (the owner of Instagram and Facebook) is also testing optional security features to block explicit images and remind the sender of the dangers before sharing images.

Parents and guardians should discuss this scam with their children—many have probably already been exposed to this scam themselves or through friends. Be sure to explain the dangers and warning signs. Remind children to be cautious about what they share on social media platforms—especially with people they do not know.

The FBI says having an open line of communication between children and parents is the best line of defense for this scam. Don’t assume your child is safe from this scam. The FBI has created resources for caregivers to start this conversation with kids which you may find helpful.

Cybersecurity shorts

U.S. unveils global strategy for secure deployment of emerging technologies. The U.S. State Department has introduced a new international strategy to promote collaboration with allies on cybersecurity and the safe development of emerging technologies such as AI and quantum computing. The strategy, which aligns with the Biden administration’s national security and cybersecurity plans, aims to foster an open, secure digital ecosystem while protecting sensitive technologies from malicious actors.

AI fuels cybersecurity concerns among employees. A recent survey by EY found that 85% of working professionals believe AI has made cybersecurity attacks more sophisticated, with 78% expressing concern about the use of AI in cyberattacks. The study also revealed that 39% of employees lack confidence in using AI responsibly, and 91% want their organizations to update training to keep pace with AI developments. To address these concerns, EY recommends that companies strengthen efforts to educate staff about AI, provide hands-on training, and ensure senior executives lead by example in promoting responsible AI use and transparency. You can read more about the concern here.

White House to mandate cybersecurity standards for hospitals and Medicare/Medicaid recipients. Following a massive data breach at Change Healthcare that exposed the medical data of up to 100 million Americans, the Biden administration plans to impose minimum cybersecurity standards on hospitals and entities receiving Medicare and Medicaid funding. The White House also intends to provide free cybersecurity training to 1,400 small, rural hospitals in the coming weeks. While some healthcare industry representatives have expressed openness to the idea, others, such as the American Hospital Association, have previously opposed such mandates, arguing that they could drain hospitals of the resources needed to combat cyberattacks.

White House cybersecurity initiative falls short in protecting K-12 schools. Despite the White House’s recent plan to bolster cybersecurity in K-12 schools, the proposed measures may not be sufficient to protect educational institutions from the growing threat of cyberattacks. K-12 schools are particularly vulnerable due to weak cybersecurity, lack of dedicated cybersecurity personnel, inadequate cybersecurity skills among staff, and insufficient funding. Estimates suggest that adequately securing the nation’s K-12 schools could cost up to $5 billion annually, far exceeding the $200 million proposed by the FCC over three years.

Black Basta ransomware targets critical infrastructure, authorities warn. U.S. federal authorities have issued a joint advisory warning that the Black Basta ransomware group has targeted more than 500 organizations worldwide, with a focus on healthcare and other critical infrastructure sectors. The group has exploited critical vulnerabilities in ConnectWise ScreenConnect and has been linked to a social engineering campaign targeting users of managed detection and response security tools. The warnings come amidst an escalation of attacks against hospitals and public health organizations, with Black Basta also targeting utilities and manufacturing sectors.

Software updates

Adobe: Adobe released critical security updates for several products this month, including Acrobat, Reader, and Illustrator. You can learn more about the updates here.

Apple: Mac users must update their operating software to macOS Sonoma 14.5. The update closes over 20 security issues in the operating system. You can learn more here.

Google: Google released an update for the Chrome browser this month closing a zero-day exploit. If Chrome is installed on your device, be sure to update it via the prompt on the browser.

Microsoft: Over 60 security vulnerabilities were addressed in this month’s Microsoft update. Two of the updates are critical and actively being exploited. Your devices should prompt you to update automatically. You can learn more here.

SERVICES WE OFFER RELATED TO THIS TOPIC

The information contained in this post is for general use and educational purposes only.  However, we do offer specific services to our clients to help them implement the strategies mentioned above.  For specific information and to determine if these services may be a good fit for you, please select any of the services listed below.