Latest news with #cybercriminals


The Sun
a day ago
- The Sun
Over 10 million Android users told to turn off devices after Google exposes ‘infection' – exact list of models affected
HOUSEHOLDS have been warned against buying cheap gadgets online that may come pre-installed with dangerous malware. As many as 10 million devices have been affected, according to a recent security warning from Google. 3 TV set-top boxes, tablets and digital projectors being made in China have been found to be either susceptible to a malware known as BadBox 2.0, or have it already downloaded by the time it is shipped. BadBox targets Android devices and has been found inside 24 apps on the Google Play Store, security researchers at MalwareBytes have said. While those apps, and several BadBox servers, were removed as of March 2025, it remains one of the biggest malware threats to internet-connected TVs. The minute consumers set up the device, they open up a backdoor for criminals to access other devices in their home network. Cyber criminals gain access either by installing malicious software prior to the users purchase, or infecting the device as it downloads required applications during the set-up process. Badbox can run advertising fraud, as well as more worrying attacks, such as ransomware, where users are often asked to pay a fee to stop data being leaked. In its security warning, Google wrote: "The BadBox 2.0 botnet compromised over 10 million uncertified devices running Android's open-source software (Android Open Source Project), which lacks Google's security protections. 3 "Cyber criminals infected these devices with preinstalled malware and exploited them to conduct large-scale ad fraud and other digital crimes." The tech giant has now filed a lawsuit in the New York federal court against the crooks behind BadBox. Some of the known devices that have been infected include Android TV boxes with model numbers X88 Pro 10, T95, MXQ Pro, and QPLOVE Q9. It's unclear if these are the only affected TV boxes. Though tablets and digital projectors with unknown model numbers are still reportedly affected. If you think you have purchased a cheap Android-powered set-top box - especially one mentioned above - it's important to check if it Google Play Protect-certified. Google Play Protect is Android's built-in malware and unwanted software protection, which the tech company has updated to automatically block BadBox-infected apps. "While these actions kept our users and partners safe," according to Google. "This lawsuit enables us to further dismantle the criminal operation behind the botnet, cutting off their ability to commit more crime and fraud." The FBI has also issued an alert about the BadBox malware campaign, saying there may be more gadgets affected. "Cyber criminals gain unauthorised access to home networks through compromised IoT (internet of things) devices," the FBI wrote in an alert. "Such as TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames and other products." WHAT TO LOOK OUT FOR There are six signs that your digital gadgets may have been infected with BadBox 2.0 malware, according to the FBI: Possible indicators of BadBox 2.0 botnet activity include: The presence of suspicious marketplaces where apps are downloaded. Requiring Google Play protect settings to be disabled. Generic TV streaming devices advertised as unlocked or capable of accessing free content. IoT devices advertised from unrecognizable brands. Android devices that are not Play Protect certified. Unexplained or suspicious Internet traffic. Image credit: Getty


CNET
6 days ago
- CNET
Think Twice Before You Click That Link. It Could Be a Scam
If you get a random text asking you to click a link, it's probably a scam. Getty/Karl Tapales You can blame artificial intelligence or data breaches, but the fact is most of us are receiving phishing emails and texts more often than before. At the same time, scam links are getting harder to spot, which is bad news for victims who mistakenly click on a malicious URL while living their busy lives. Phishing and spoofing scams led to more than $70 million in losses in 2024, according to the FBI's Internet Crime Complaint Center. Many links include standard "https" encryption and domains similar to legitimate websites in order to trick everyday people. If you click on a scam link, you could suffer monetary losses. But you may also give up very sensitive information like your name and credit card information to scammers or even risk malware being downloaded onto your device. How to identify scam links Scam links are regularly found in phishing emails, text messages or other communications sent by cybercriminals. They're designed to fool you into downloading malware or bringing you to a fake website to steal your personal identifying information. Some examples of popular phishing scams include unpaid toll, gold bar and employment scams. Criminals typically send these links out en masse -- often aided by artificial intelligence. Enough people fall victim to phishing scams every year that con artists find it worth their while to follow the same playbook. Here's how to avoid taking the bait. Check the URL "Smartphones do their best to block scam links, so attackers use tricks to make their links clickable," said Joshua McKenty, CEO of a cybersecurity company that helps businesses protect mobile phones and call centers from AI-driven phishing scams. For example, you'll want to watch for an "@" sign in the URL, or you might have two different URLs "glued together" by a question mark, he added. Especially if the first URL is a or an link. Dave Meister, a cybersecurity spokesman for global cybersecurity company Check Point, added that you may be able to hover over the URL to reveal the actual destination. People should also look out for "typo-squatting," when the URL looks authentic, but it has "PayPa1" instead of "PayPal." That should tip you off that it's a bad link. Remember the URLs you frequently visit It would behoove everyone to pay attention to the URLs they visit often. "Major brands, especially banks and retailers, don't often change up their domain names," McKenty said. "If the link says it's likely safe. If it says, stay away." Be suspicious of short links Short links are often in texts and on social media. "Sadly, there's no safe way to check a shortened URL," McKenty said. He recommended not clicking on them. " or "shorturl" links often have standard " encryption, which make them appear trustworthy. In these cases, it's best to read the message itself and pay attention to any threatening language or pressure to act immediately to identify the scam. How are scam links sent to victims? Text scams Ironically, these don't always rely on website links. In fact, phone numbers are a frequent vehicle used in scammers' phishing attempts, according to McKenty. "People get tricked into clicking a phone number that's not actually their bank or the IRS, and then surrendering identity information on the phone," he said. If you think you got a message from a scammer, as tempting as it is to mess with them, do your best to resist. If you interact with the scammer, they may want to circle back knowing that you're reachable. Email scams Emails can also have scam links. McKenty said that while clicking on phone numbers and links in texts is happening more frequently, "the biggest dollar losses are still the classic email scams." He suggests copying any link you see into a notes app so that you can properly inspect it before clicking. QR code scams Sometimes, scams can even be embedded into a QR code. "QR codes have become the new stealth weapon, used everywhere from restaurant menus to parking meters," said Meister. "Scammers are known to slap fake codes on top of real ones in public, or embed them in phishing emails, linking to cloned websites or malware downloads," he said. Before you scan, make sure the QR code makes sense. If it's on the side of a gas pump, on a random park bench or in an unrecognized email, it's better to avoid it. Social media direct messages Chances are, you've run into these scam links. Sometimes social media accounts get compromised by cybercriminals posing as people you know. If your "uncle" sends you a direct message while sounding like a pushy timeshare salesman, telling you to check out this investment opportunity by clicking on a link, call your uncle first. What if I already clicked a link? If you clicked on a scam link, a number of things could happen. If you have software protecting your device, the firewall probably blocked it. If you don't have software protecting you from computer viruses and malware, then you might have a problem. Try these tips if you think you might've clicked on a phishing link: Get anti-virus software. If you don't already have anti-virus software that can help rid your laptop or desktop of viruses, you should get one. There are plenty of free and paid options to choose from. If you don't already have anti-virus software that can help rid your laptop or desktop of viruses, you should get one. There are plenty of free and paid options to choose from. Be aware of malware. Your phone isn't immune to malware. Scam links are often designed to trick somebody into downloading malware, which can then give the scammer access to your phone. If your phone is infected with malware, do not access any financial apps. Instead, clear your browser cache, remove any apps you don't recognize, or try a factory reset. If you're really stuck, you could also call your phone's tech support. Your phone might be slow or unresponsive and you may see increased pop-up ads if it's infected. Your phone isn't immune to malware. Scam links are often designed to trick somebody into downloading malware, which can then give the scammer access to your phone. If your phone is infected with malware, do not access any financial apps. Instead, clear your browser cache, remove any apps you don't recognize, or try a factory reset. If you're really stuck, you could also call your phone's tech support. Your phone might be slow or unresponsive and you may see increased pop-up ads if it's infected. Contact your bank or credit card issuer. If you've been visiting your bank website or app on a compromised device, to be safe, let your financial institution know. If you've been visiting your bank website or app on a compromised device, to be safe, let your financial institution know. Contact the authorities. If you clicked on a spam link and were scammed out of money, report it to the Federal Trade Commission so they can spread the word about the scam. You'll also want to call your police department and anyone else you can think of. The more people are aware of a scam, the less likely they'll fall for it.


Crypto Insight
7 days ago
- Business
- Crypto Insight
Can AI bots steal your crypto? The rise of digital thieves
AI bots are self-learning software that automates and continuously refines crypto cyberattacks, making them more dangerous than traditional hacking methods. At the heart of today's AI-driven cybercrime are AI bots — self-learning software programs designed to process vast amounts of data, make independent decisions, and execute complex tasks without human intervention. While these bots have been a game-changer in industries like finance, healthcare and customer service, they have also become a weapon for cybercriminals, particularly in the world of cryptocurrency. Unlike traditional hacking methods, which require manual effort and technical expertise, AI bots can fully automate attacks, adapt to new cryptocurrency security measures, and even refine their tactics over time. This makes them far more effective than human hackers, who are limited by time, resources and error-prone processes. Why are AI bots so dangerous? The biggest threat posed by AI-driven cybercrime is scale. A single hacker attempting to breach a crypto exchange or trick users into handing over their private keys can only do so much. AI bots, however, can launch thousands of attacks simultaneously, refining their techniques as they go. Speed: AI bots can scan millions of blockchain transactions, smart contracts and websites within minutes, identifying weaknesses in wallets (leading to crypto wallet hacks), decentralized finance (DeFi) protocols and exchanges. AI bots can scan millions of blockchain transactions, smart contracts and websites within minutes, identifying weaknesses in wallets (leading to crypto wallet hacks), decentralized finance (DeFi) protocols and exchanges. Scalability: A human scammer may send phishing emails to a few hundred people. An AI bot can send personalized, perfectly crafted phishing emails to millions in the same time frame. A human scammer may send phishing emails to a few hundred people. An AI bot can send personalized, perfectly crafted phishing emails to millions in the same time frame. Adaptability: Machine learning allows these bots to improve with every failed attack, making them harder to detect and block. This ability to automate, adapt and attack at scale has led to a surge in AI-driven crypto fraud, making crypto fraud prevention more critical than ever. In October 2024, the X account of Andy Ayrey, developer of the AI bot Truth Terminal, was compromised by hackers. The attackers used Ayrey's account to promote a fraudulent memecoin named Infinite Backrooms (IB). The malicious campaign led to a rapid surge in IB's market capitalization, reaching $25 million. Within 45 minutes, the perpetrators liquidated their holdings, securing over $600,000. AI-powered bots aren't just automating crypto scams — they're becoming smarter, more targeted and increasingly hard to spot. Here are some of the most dangerous types of AI-driven scams currently being used to steal cryptocurrency assets: 1. AI-powered phishing bots Phishing attacks are nothing new in crypto, but AI has turned them into a far bigger threat. Instead of sloppy emails full of mistakes, today's AI bots create personalized messages that look exactly like real communications from platforms such as Coinbase or MetaMask. They gather personal information from leaked databases, social media and even blockchain records, making their scams extremely convincing. For instance, in early 2024, an AI-driven phishing attack targeted Coinbase users by sending emails about fake cryptocurrency security alerts, ultimately tricking users out of nearly $65 million. Also, after OpenAI launched GPT-4, scammers created a fake OpenAI token airdrop site to exploit the hype. They sent emails and X posts luring users to 'claim' a bogus token — the phishing page closely mirrored OpenAI's real site. Victims who took the bait and connected their wallets had all their crypto assets drained automatically. Unlike old-school phishing, these AI-enhanced scams are polished and targeted, often free of the typos or clumsy wording that is used to give away a phishing scam. Some even deploy AI chatbots posing as customer support representatives for exchanges or wallets, tricking users into divulging private keys or two-factor authentication (2FA) codes under the guise of 'verification.' In 2022, some malware specifically targeted browser-based wallets like MetaMask: a strain called Mars Stealer could sniff out private keys for over 40 different wallet browser extensions and 2FA apps, draining any funds it found. Such malware often spreads via phishing links, fake software downloads or pirated crypto tools. Once inside your system, it might monitor your clipboard (to swap in the attacker's address when you copy-paste a wallet address), log your keystrokes, or export your seed phrase files — all without obvious signs. 2. AI-powered exploit-scanning bots Smart contract vulnerabilities are a hacker's goldmine, and AI bots are taking advantage faster than ever. These bots continuously scan platforms like Ethereum or BNB Smart Chain, hunting for flaws in newly deployed DeFi projects. As soon as they detect an issue, they exploit it automatically, often within minutes. Researchers have demonstrated that AI chatbots, such as those powered by GPT-3, can analyze smart contract code to identify exploitable weaknesses. For instance, Stephen Tong, co-founder of Zellic, showcased an AI chatbot detecting a vulnerability in a smart contract's 'withdraw' function, similar to the flaw exploited in the Fei Protocol attack, which resulted in an $80-million loss. 3. AI-enhanced brute-force attacks Brute-force attacks used to take forever, but AI bots have made them dangerously efficient. By analyzing previous password breaches, these bots quickly identify patterns to crack passwords and seed phrases in record time. A 2024 study on desktop cryptocurrency wallets, including Sparrow, Etherwall and Bither, found that weak passwords drastically lower resistance to brute-force attacks, emphasizing that strong, complex passwords are crucial to safeguarding digital assets. 4. Deepfake impersonation bots Imagine watching a video of a trusted crypto influencer or CEO asking you to invest — but it's entirely fake. That's the reality of deepfake scams powered by AI. These bots create ultra-realistic videos and voice recordings, tricking even savvy crypto holders into transferring funds. 5. Social media botnets On platforms like X and Telegram, swarms of AI bots push crypto scams at scale. Botnets such as 'Fox8' used ChatGPT to generate hundreds of persuasive posts hyping scam tokens and replying to users in real-time. In one case, scammers abused the names of Elon Musk and ChatGPT to promote a fake crypto giveaway — complete with a deepfaked video of Musk — duping people into sending funds to scammers. In 2023, Sophos researchers found crypto romance scammers using ChatGPT to chat with multiple victims at once, making their affectionate messages more convincing and scalable. Similarly, Meta reported a sharp uptick in malware and phishing links disguised as ChatGPT or AI tools, often tied to crypto fraud schemes. And in the realm of romance scams, AI is boosting so-called pig butchering operations — long-con scams where fraudsters cultivate relationships and then lure victims into fake crypto investments. A striking case occurred in Hong Kong in 2024: Police busted a criminal ring that defrauded men across Asia of $46 million via an AI-assisted romance scam. AI is being invoked in the arena of cryptocurrency trading bots — often as a buzzword to con investors and occasionally as a tool for technical exploits. A notable example is which in 2023 marketed an AI bot supposedly yielding 2.2% returns per day — an astronomical, implausible profit. Regulators from several states investigated and found no evidence the 'AI bot' even existed; it appeared to be a classic Ponzi, using AI as a tech buzzword to suck in victims. was ultimately shut down by authorities, but not before investors were duped by the slick marketing. Even when an automated trading bot is real, it's often not the money-printing machine scammers claim. For instance, blockchain analysis firm Arkham Intelligence highlighted a case where a so-called arbitrage trading bot (likely touted as AI-driven) executed an incredibly complex series of trades, including a $200-million flash loan — and ended up netting a measly $3.24 in profit. In fact, many 'AI trading' scams will take your deposit and, at best, run it through some random trades (or not trade at all), then make excuses when you try to withdraw. Some shady operators also use social media AI bots to fabricate a track record (e.g., fake testimonials or X bots that constantly post 'winning trades') to create an illusion of success. It's all part of the ruse. On the more technical side, criminals do use automated bots (not necessarily AI, but sometimes labeled as such) to exploit the crypto markets and infrastructure. Front-running bots in DeFi, for example, automatically insert themselves into pending transactions to steal a bit of value (a sandwich attack), and flash loan bots execute lightning-fast trades to exploit price discrepancies or vulnerable smart contracts. These require coding skills and aren't typically marketed to victims; instead, they're direct theft tools used by hackers. AI could enhance these by optimizing strategies faster than a human. However, as mentioned, even highly sophisticated bots don't guarantee big gains — the markets are competitive and unpredictable, something even the fanciest AI can't reliably foresee. Meanwhile, the risk to victims is real: If a trading algorithm malfunctions or is maliciously coded, it can wipe out your funds in seconds. There have been cases of rogue bots on exchanges triggering flash crashes or draining liquidity pools, causing users to incur huge slippage losses. AI is teaching cybercriminals how to hack crypto platforms, enabling a wave of less-skilled attackers to launch credible attacks. This helps explain why crypto phishing and malware campaigns have scaled up so dramatically — AI tools let bad actors automate their scams and continuously refine them based on what works. AI is also supercharging malware threats and hacking tactics aimed at crypto users. One concern is AI-generated malware, malicious programs that use AI to adapt and evade detection. In 2023, researchers demonstrated a proof-of-concept called BlackMamba, a polymorphic keylogger that uses an AI language model (like the tech behind ChatGPT) to rewrite its code with every execution. This means each time BlackMamba runs, it produces a new variant of itself in memory, helping it slip past antivirus and endpoint security tools. In tests, this AI-crafted malware went undetected by an industry-leading endpoint detection and response system. Once active, it could stealthily capture everything the user types — including crypto exchange passwords or wallet seed phrases — and send that data to attackers. While BlackMamba was just a lab demo, it highlights a real threat: Criminals can harness AI to create shape-shifting malware that targets cryptocurrency accounts and is much harder to catch than traditional viruses. Even without exotic AI malware, threat actors abuse the popularity of AI to spread classic trojans. Scammers commonly set up fake 'ChatGPT' or AI-related apps that contain malware, knowing users might drop their guard due to the AI branding. For instance, security analysts observed fraudulent websites impersonating the ChatGPT site with a 'Download for Windows' button; if clicked, it silently installs a crypto-stealing Trojan on the victim's machine. Beyond the malware itself, AI is lowering the skill barrier for would-be hackers. Previously, a criminal needed some coding know-how to craft phishing pages or viruses. Now, underground 'AI-as-a-service' tools do much of the work. Illicit AI chatbots like WormGPT and FraudGPT have appeared on dark web forums, offering to generate phishing emails, malware code and hacking tips on demand. For a fee, even non-technical criminals can use these AI bots to churn out convincing scam sites, create new malware variants, and scan for software vulnerabilities. AI-driven threats are becoming more advanced, making strong security measures essential to protect digital assets from automated scams and hacks. Below are the most effective ways on how to protect crypto from hackers and defend against AI-powered phishing, deepfake scams and exploit bots: Use a hardware wallet: AI-driven malware and phishing attacks primarily target online (hot) wallets. By using hardware wallets — like Ledger or Trezor — you keep private keys completely offline, making them virtually impossible for hackers or malicious AI bots to access remotely. For instance, during the 2022 FTX collapse, those using hardware wallets avoided the massive losses suffered by users with funds stored on exchanges. AI-driven malware and phishing attacks primarily target online (hot) wallets. By using hardware wallets — like Ledger or Trezor — you keep private keys completely offline, making them virtually impossible for hackers or malicious AI bots to access remotely. For instance, during the 2022 FTX collapse, those using hardware wallets avoided the massive losses suffered by users with funds stored on exchanges. Enable multifactor authentication (MFA) and strong passwords: AI bots can crack weak passwords using deep learning in cybercrime, leveraging machine learning algorithms trained on leaked data breaches to predict and exploit vulnerable credentials. To counter this, always enable MFA via authenticator apps like Google Authenticator or Authy rather than SMS-based codes — hackers have been known to exploit SIM swap vulnerabilities, making SMS verification less secure. AI bots can crack weak passwords using deep learning in cybercrime, leveraging machine learning algorithms trained on leaked data breaches to predict and exploit vulnerable credentials. To counter this, always enable MFA via authenticator apps like Google Authenticator or Authy rather than SMS-based codes — hackers have been known to exploit SIM swap vulnerabilities, making SMS verification less secure. Beware of AI-powered phishing scams: AI-generated phishing emails, messages and fake support requests have become nearly indistinguishable from real ones. Avoid clicking on links in emails or direct messages, always verify website URLs manually, and never share private keys or seed phrases, regardless of how convincing the request may seem. AI-generated phishing emails, messages and fake support requests have become nearly indistinguishable from real ones. Avoid clicking on links in emails or direct messages, always verify website URLs manually, and never share private keys or seed phrases, regardless of how convincing the request may seem. Verify identities carefully to avoid deepfake scams: AI-powered deepfake videos and voice recordings can convincingly impersonate crypto influencers, executives or even people you personally know. If someone is asking for funds or promoting an urgent investment opportunity via video or audio, verify their identity through multiple channels before taking action. AI-powered deepfake videos and voice recordings can convincingly impersonate crypto influencers, executives or even people you personally know. If someone is asking for funds or promoting an urgent investment opportunity via video or audio, verify their identity through multiple channels before taking action. Stay informed about the latest blockchain security threats: Regularly following trusted blockchain security sources such as CertiK, Chainalysis or SlowMist will keep you informed about the latest AI-powered threats and the tools available to protect yourself. As AI-driven crypto threats evolve rapidly, proactive and AI-powered security solutions become crucial to protecting your digital assets. Looking ahead, AI's role in cybercrime is likely to escalate, becoming increasingly sophisticated and harder to detect. Advanced AI systems will automate complex cyberattacks like deepfake-based impersonations, exploit smart-contract vulnerabilities instantly upon detection, and execute precision-targeted phishing scams. To counter these evolving threats, blockchain security will increasingly rely on real-time AI threat detection. Platforms like CertiK already leverage advanced machine learning models to scan millions of blockchain transactions daily, spotting anomalies instantly. As cyber threats grow smarter, these proactive AI systems will become essential in preventing major breaches, reducing financial losses, and combating AI and financial fraud to maintain trust in crypto markets. Ultimately, the future of crypto security will depend heavily on industry-wide cooperation and shared AI-driven defense systems. Exchanges, blockchain platforms, cybersecurity providers and regulators must collaborate closely, using AI to predict threats before they materialize. While AI-powered cyberattacks will continue to evolve, the crypto community's best defense is staying informed, proactive and adaptive — turning artificial intelligence from a threat into its strongest ally. Source:


Forbes
14-07-2025
- Business
- Forbes
A Cybersecurity Primer For Businesses In 2025
Encryption your data. Binary code and digital Lock. Hacker attack and data breach. Big data with ... More encrypted computer code. Safe your data. Cyber internet security and privacy concept. Database storage 3d illustration Key perspectives and strategies to defend against the ever-growing tide of cyber risks. Understanding the fundamentals of cybersecurity is increasingly important in our digital age. Cybersecurity, at its core, involves protecting computer systems, networks, and data from attacks, damage, or unauthorized access. As society becomes increasingly reliant on technologies, the risks associated with cyberattacks grow exponentially. In today's interconnected world, common threats such as malware, phishing, and ransomware have become more prevalent. Cybercriminals exploit vulnerabilities in software and human behavior to gain access to valuable data. And cyber threats are not limited to high-profile incidents against government entities or large corporations; they pose a direct risk to small and medium companies, individuals, infrastructure, and the economy as a whole. Cybersecurity is essential for the digital age: cybersecurity is not just a technological issue but a security problem. It is crucial for survival and thriving in the digital age, not just a business cost item. Moreover, the implications of neglecting cybersecurity can be severe, affecting a company's reputation, financial standing, and legal compliance. This reality makes it clear that a solid cybersecurity strategy is necessary for success. Isometric illustration of a hacking attack or security breach. 3D rendering Understanding The Rapidly Evolving Threat Landscape The landscape of cybersecurity is a complex environment that is changing rapidly, driven by persistent threats like ransomware and state-sponsored cyber warfare. Ransomware attacks have surged, targeting organizations of all sizes. These attacks often involve encrypting critical data, rendering it inaccessible until a ransom is paid. The financial implications can be severe, forcing many companies to reconsider their cybersecurity strategies and invest in advanced protection measures. Hackers' use of AI tools has increased the risks that businesses face from cyberattacks. They use AI to create advanced malware and automated phishing efforts that may evade traditional security measures in order to create adaptable threats. Cybercriminals are currently employing AI to generate phony company profiles and counterfeit identities and using large language models to craft more convincing spear-phishing messages. The proliferation of Internet of Things (IoT) devices adds another layer of complexity to this threat landscape. Many IoT devices have weak security protocols, making them attractive targets for cybercriminals. Once compromised, these devices can serve as entry points for larger attacks on networks, potentially leading to significant data breaches. With the increasing number of connected devices in homes and businesses, the risk of exploitation only grows. In this environment, organizations must remain vigilant and proactive, adjusting their defenses to counteract new types of threats. As attacks become more advanced, protection strategies must also adapt. This defensive posture will require not only technological upgrades but also a commitment to understanding regulatory and ethical considerations surrounding cybersecurity. Risk The Need for A Cybersecurity Risk Management Strategy A well-rounded cybersecurity strategy requires several key components to effectively protect against threats and manage risks. That includes doing risk assessments. Organizations should first identify and evaluate their vulnerabilities, understanding which assets are most at risk and the potential impact of distinct types of attacks. This assessment informs priorities, enabling institutions to allocate resources effectively. Once risks are understood, implementing security measures becomes the next logical step. These measures can range from technical solutions like firewalls and encryption to procedural practices such as employee training and incident response planning. Each element should align with the organization's overall risk management goals, creating a cohesive approach that supports both security and operational efficiency. Continuous monitoring and response are equally important. Cyber threats evolve rapidly, making it essential for organizations to stay vigilant. This involves not only detecting and responding to incidents promptly but also regularly reviewing and updating security protocols in response to new threats. If a business is considering AI-related technologies. To effectively manage and use AI-based technology, the business will need to set up a cybersecurity and AI risk framework A proactive approach, rather than a reactive one, is crucial for maintaining a robust cybersecurity posture. A strong cybersecurity risk management strategy must be dynamic and integrated. It evolves in response to both external pressures and internal developments, adapting to new threats and leveraging emerging technologies as strategic assets. The journey toward robust cyber resilience is ongoing and requires continual reassessment, investment, and cross-functional engagement to protect sensitive data and maintain stakeholder trust. Industrial Revolution 4.0 Age of Technology Automation Industry Factoring Emerging Technologies in Cybersecurity Emerging technologies are reshaping the landscape of cybersecurity, responding to the growing challenges posed by cyber threats. Artificial intelligence (AI) is significantly enhancing security measures. AI and machine learning are increasingly being adopted to analyze vast amounts of data, identify anomalies, and predict potential threats before they can cause harm. These technologies enable organizations to act proactively, strengthening their defenses against cyberattacks. Blockchain technology offers a decentralized approach to data security, providing transparency and reducing the risks associated with data tampering. By ensuring that information is recorded in a way that cannot be altered, blockchain can enhance trust between users and organizations, a crucial element in cybersecurity strategies. With the rise of quantum computing, there are further implications for cybersecurity. Quantum technology presents both risks and opportunities, as it has the potential to break current encryption methods while also enabling new, more secure forms of data protection. Quantum technology promises unprecedented security measures through advanced encryption methods that can safeguard sensitive data against sophisticated cybercriminals. This convergence of technologies signifies a shift in how cybersecurity can be approached. As these innovations continue to develop, the effectiveness of protecting sensitive information will improve. However, the evolving landscape poses new challenges that demand continuous adaptation. Understanding the nature of these emerging threats is essential for organizations aiming to safeguard their digital assets in an increasingly precarious ecosystem. Organizations are adopting advanced technological measures not only to protect their assets but also to stay ahead of cybercriminals who continuously adapt their tactics. Business, Technology, Internet and network concept. Labor law, Lawyer, Attorney at law, Legal advice ... More concept on virtual screen. Addressing Regulatory and Ethical Considerations Regulatory and ethical considerations in cybersecurity are becoming increasingly important as organizations work to protect user information. Data privacy regulations, such as the General Data Protection Regulation (GDPR), set important standards for how organizations must handle personal data. These regulations require businesses to be transparent about data collection and usage, ensuring that users have control over their information. Compliance with such regulations not only fosters trust but also helps avoid legal penalties. Governance will also be necessary for artificial intelligence (AI) systems. Access control, encryption, and data reduction should all adhere to legal requirements (GDPR, CCPA). Data governance will aid in preventing misuse of cybersecurity. Organizations will need to navigate the balance between security measures and compliance, adapting their practices to meet both security needs and legal obligations. The journey toward robust cyber resilience is ongoing and requires continual reassessment, investment, and cross-functional engagement to protect sensitive data and maintain stakeholder trust. By focusing on these areas, we can foster greater security and trust in an increasingly digital world Check mark 3d symbol on the glossy futuristic surface with abstract glowing dots and lines A Cybersecurity Checklist: How businesses and consumers can fortify their defenses and mitigate risks associated with today's dynamic cyber threat landscape Cybersecurity Awareness: There is a need for a cultural shift within organizations regarding cybersecurity awareness. Understanding these threats is crucial for anyone who uses technology, whether in a corporate setting or at home. Awareness of potential risks allows individuals and organizations to proactively implement security measures. Cybersecurity cannot be viewed solely as an IT issue but should be integrated into the broader organizational culture. Employee Mindsets: By fostering a mindset where every employee understands their role in protecting sensitive information, organizations can create a proactive security environment. This involves collaboration between IT teams, executive leadership, and all employees to ensure that security protocols are not only implemented but actively maintained across every level of the organization. implementing regular training sessions, workshops, and simulated cyberattack scenarios, which can enhance employees' awareness and preparedness in the face of potential threats. Regular training, transparent communication regarding potential threats, and the establishment of clear reporting procedures foster an environment where security is a shared responsibility. Embrace Cyber Hygiene: Businesses and consumers must not underestimate the importance of cyber hygiene. Basic practices like strong passwords, multifactor authentication, and vigilance against phishing attacks are vital for both individuals and companies. Protect The Supply Chain: Addressing supply chain vulnerabilities: attackers exploit the weakest links in the supply chain, often targeting third-party vendors and insider threats, and emphasizes the need to strengthen these areas. Secure IoT devices: As IoT proliferates across various sectors, the importance of implementing stringent security protocols for these interconnected devices grows. Each device presents a potential entry point for cyber threats; thus, organizations must prioritize securing their networks against vulnerabilities inherent in IoT ecosystems. Digital transformation and data management: The shift towards cloud and hybrid cloud environments stresses the importance of effective data management and the role of Chief Data Officers in leveraging the abundance of data generated by emerging technologies. Deploy Emerging Tech: Leveraging emerging technologies for cybersecurity: automation, AI, and machine learning can serve as essential tools for enhancing cybersecurity by enabling real-time threat detection and analysis. Organizations must adopt a mindset of continuous improvement, ensuring that their cybersecurity policies evolve in tandem with technological advancements and emerging threats. Incident management and resilience: Recognizing that breaches are inevitable, companies and consumers need to focus on incident management and build resilience by backing up and encrypting data and developing actionable response plans. Public-private collaboration: Utilize strong public-private partnerships, based on shared research and development, prototyping, and risk management frameworks, to address the evolving cyber challenges. NIST offers operational security frameworks for many businesses that are industry-specific. Need for proactive and layered defense strategies: with the changing threat landscape, there is a need for a multi-layered security approach, including "Security by Design," "Defense in Depth," and "Zero Trust" architectures, to counter increasingly sophisticated cyber threats. As cyber threats continue to evolve, building a strong defense is not just about technology but also involves understanding the human factors and processes that contribute to a secure environment. An integrated approach will empower organizations to better protect themselves against the growing array of cyber threats. Shaping and adapting strategies that will safeguard digital infrastructure and foster a secure technological environment for the future is a critical path.
Yahoo
13-07-2025
- Health
- Yahoo
Medicare data breach exposes 100,000 Americans' info
Healthcare data continues to be a top target for cybercriminals. In June alone, two major breaches compromised over 13 million patient records. Now, a newly confirmed Medicare data breach has affected more than 100,000 Americans. The Centers for Medicare & Medicaid Services (CMS) sent letters this week to those affected, confirming that hackers accessed sensitive data linked to accounts. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join my Over 8M Patient Records Leaked In Healthcare Data Breach The breach traces back to suspicious activity starting in late 2023. According to CMS, cybercriminals used stolen personal data from external sources to fraudulently create accounts. That information included: Read On The Fox News App Full names Dates of birth ZIP codes Medicare Beneficiary Identifiers (MBIs) Medicare coverage details CMS began receiving alerts in May 2025 when people reported receiving account confirmation letters for accounts they had not created. This triggered an internal investigation. Hackers not only created unauthorized accounts but, in some cases, accessed additional sensitive data such as: Home addresses Provider and diagnosis codes Services received Plan premium details CMS has deactivated all affected accounts and is mailing new Medicare cards to the estimated 103,000 individuals affected. The agency says no confirmed identity theft cases have been reported yet. CMS stressed the action is being taken out of "an abundance of caution," but the breach raises questions about federal cybersecurity safeguards. If you're one of the people affected by the Medicare data breach: Watch your mailbox for a replacement Medicare card Monitor your account for suspicious activity Report unauthorized services or charges immediately CMS is still investigating how the attackers obtained such accurate personal data and whether more individuals may be at risk. What Is Artificial Intelligence (Ai)? So far, CMS has not identified the attackers. However, the use of valid personal information suggests that the hackers may have obtained data from prior breaches or leaks on other platforms. This breach reveals a troubling vulnerability in the federal healthcare system, where hackers can exploit existing data to create legitimate-looking accounts and access deeply personal medical information. Here are five important steps you can take right now to protect your Medicare information and reduce your risk of identity theft after the breach. Regularly check your Medicare and healthcare accounts for changes you did not make. Be cautious of unfamiliar services, charges or communications from providers you don't recognize. In light of the Medicare data breach, where bad actors used valid personal details to create fake accounts, enrolling in a trusted identity theft protection service can offer an extra layer of defense. These services monitor your Social Security number, email, phone number and other sensitive data to alert you if it's being sold on the dark web or used to open fraudulent accounts. Many top-rated services also help you freeze your credit and bank accounts and offer expert support if your identity is compromised. My top pick includes up to $1 million in identity theft insurance to cover stolen funds and legal fees, plus access to a U.S.-based fraud resolution team that helps you recover faster. See my tips and best picks on how to protect yourself from identity theft at Never share your Medicare number or card details with anyone over the phone or email, unless you initiated the contact and trust the source. Treat it like a credit card. If you believe your information is being misused, remove it from the internet. A personal data removal service can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting a free scan to find out if your personal information is already out on the web: If you notice suspicious activity, report it directly by calling 1-800-MEDICARE (1-800-633-4227) to report Medicare fraud. Also, file a report at to create a recovery plan with the Federal Trade Commission (FTC). This not only helps you recover faster but also contributes to broader investigations that protect others. This Medicare breach may not have resulted in confirmed cases of identity theft so far, but that does not mean the situation should be taken lightly or dismissed as low risk. It took malicious actors less than two years to create over 100,000 fake Medicare accounts using valid personal information, which suggests a significant weakness in how sensitive data is being protected and monitored at the federal level. Do you think healthcare organizations are doing enough to protect your data? Let us know by writing us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join my Copyright 2025 All rights article source: Medicare data breach exposes 100,000 Americans' info