top of page

The dangers of comfort: December's most interesting cybersecurity news



Imagine when the dullest job is also the most dangerous. For example, watching the mixture levels of nitro-glycerine in explosives factories—tedious, and yet the slightest mishap can lead to a massive explosion. Operators started using one-legged chairs to ensure they didn't fall asleep because then they literally fell over. The answer was not more focus but less comfort.

 

Comfort can be a problem in cybersecurity. Some brands rightfully claim to have higher levels of security, but that does not make them impervious. These brands don't claim they are impervious, but consumers often make that assumption and don't take additional personal security steps. Yet, as the first cybersecurity story from December shows, nobody is infallible.

 

iPhones caught in sophisticated "Triangulation" attack

Apple devices are among the most secure on the market due to the company's very guarded software and hardware. But even built-in hardware protections are not invulnerable—security researchers uncovered an extensive attack that created backdoors on Apple devices. Dubbed "Triangulation", the attack was difficult to uncover and required months of reverse-engineering infected iPhones. Triangulation is incredibly sophisticated, using at least four zero-day attacks targeting unknown vulnerabilities. Apple has since patched the discovered issues.

 

Small utilities become geopolitical targets

Keeping to the dangers of comfort, a reminder that you are never too small to be a target. The Aliquippa Water Authority in the US state of Pennsylvania serves around 22,000 people. It didn't expect to be attacked by hackers affiliated to a nation state. Yet such a group breached the utility, targeting a specific device that manages water pressure. On-site staff avoided disaster, but the event underscores that cyberattacks can target anyone—especially where security hygiene is weak. The attack raises the debate about cybersecurity at utilities, not just large sites but now small and rural operations as well.

 

Marketers are neglecting website security

Cybersecurity is still often treated as primarily technical, and it's easy to disassociate between security and other industries. For example, when we think of marketing, cybersecurity hardly jumps to the top of our minds—and the same disassociation also seems to be shared across the marketing world. According to a new study, there is a correlation between companies increasing their focus on web-based marketing and a decline in website security. Such security declined from 79.9% in 2022 to 63.9% in 2023, often due to API integrations and personalisation tools. It's a reminder that all parts of the digital world intertwine with cybersecurity.

 

Criminals feel the heat and want to team up

Cybercrime often projects this image of being beyond reach and not feeling the consequences of their actions. But a combination of cybersecurity and solid police work often shakes them out of their comfort zones. Authorities seized websites, data, and hacking tools from the AlphV/BlackCat ransomware gang and released the gang's decrypter, which allowed victims to recover their data. Soon after, members of the gang chatted with another gang, Lockbit, on social media, saying that "we should all join a cartel or they will hunt us all down one by one." That, or maybe choose not to be a criminal who victimises others for personal gain?


Comments


bottom of page