Even the Jeff Bezos’ of the world are not immune to being hacked.
In 2018, Jeff Bezos received a WhatsApp message from an account belonging to Saudi Arabia’s crown prince, Mohammed bin Salman. The message, a video of Saudi and Swedish flags with Arabic text, was not expected despite having previously communicated through the app. The file was more than it appeared, with a separate bit of code hidden that most likely implanted malware, giving attackers access to the entire phone including photos and private communication. Bezos commissioned and paid for a forensic analysis to discover who hacked the iPhone. The analysis has raised concerns about Prince Mohammed, accusing the prince of using the malware to spy on and intimidate Bezos, who also owns The Washington Post. The theory goes deeper since at the time of the hack, Jamal Khashoggi, a Saudi writer, was employed at The Post, which has published coverage critical of the Saudi government. Khashoggi was also killed in the Saudi consulate in Istanbul in late 2018.
There are still unknowns remaining about the infiltration of Bezos’ phone, including the type of malware used, and whether or not Bezos opened the file sent to him. Whether the theory about Prince Mohammed is true or not, we know one thing for sure: private hackers for hire exist, and popular messaging platforms have vulnerabilities that attackers can exploit, no matter who you are. To learn more about this specific case, and the importance of cybersecurity, visit here.
Phishing IQ
The number one threat to your corporate network these days is email which looks real but are crafted to entice you to respond, click, or download something. These emails usually are current looking, urgent in nature, and play against our fear of something being wrong, personally or professionally.
These emails fall under the heading of phishing – and can be very persuasive and very dangerous. Clicking on a link typically will bring you to a web page asking for additional information (i.e. fishing) which can expose you or your company to further attacks. Responding to an email of this type can encourage the sender to continue a dialogue which can lead to a possible compromise of information. And trying to download a file or open a file can kick off a process which can overtake your computer or unleash a virus which can damage data on your network permanently.
Education is key in identifying what these emails look like and how to spot a fake from a real email. It can also heighten people’s awareness to a sloppily formed email (ex. spelling mistakes and/or bad grammar) or an email coming from a spoofed address which only looks like an email address you may actually communicate with.
The landscape is constantly changing, making ongoing education part of your arsenal of security defense. Fortunately MCG, Inc. has partnered with the number one email training platform, Knowbe4, to automate both the evaluation of your current level of education and to provide training modules for your team to increase their knowledge and decrease the chances of these emails causing damage. The solution is web based, very easy to learn how to use, and provides instant feedback on your organization’s risk score. And the pricing is very affordable for what is included.
If you have not heard of Knowbe4 and want to learn more about this solution, please reach out to the office for more information. We have found the return on investment is almost immediate.