Do you use one of these passwords?

/0 Comments/in /by

Is your password listed below?

On average, 80% of consumers have had their emails leaked onto the dark web. You could easily be among that majority without even knowing it.

Those leaked emails often lead hackers directly to your passwords for other online accounts and identity theft. Here’s a list of the 20 passwords most commonly found on the dark web, due to data breaches:

  1. 123456
  2. 123456789
  3. Qwerty
  4. Password
  5. 12345
  6. 12345678
  7. 111111
  8. 1234567
  9. 123123
  10. Qwerty123
  11. 1q2w3e
  12. 1234567890
  13. DEFAULT
  14. 0
  15. Abc123
  16. 654321
  17. 123321
  18. Qwertyuiop
  19. Iloveyou
  20. 666666

If you use any of the above passwords for any of your online accounts, you’d be wise to swap them out for something more secure. Cybersecurity experts often recommend picking something longer than the minimum number of recommended characters, and using uncommon characters – like punctuation marks or other symbols – in place of letters and numbers, to make your password harder to guess.

The majority of people reuse passwords for multiple accounts, which is a practice you should avoid whenever possible. If hackers can get into one of your accounts, you can at least make it harder for them to get into the rest of them.

You should also figure out which pieces of information about you and your family are publicly available, and avoid using passwords that include that information – including birthdays, anniversaries, names of loved ones and even your hometown.

U.S. President Joe Biden participates in a bilateral meeting with Saudi Arabia's Crown Prince Mohammed bin Salman, at Al Salam Royal Palace, in Jeddah

Collaboration between the US and Saudi Arabia – Cybersecurity and 5G infrastructure.

/0 Comments/in /by
U.S. President Joe Biden participates in a bilateral meeting with Saudi Arabia’s Crown Prince Mohammed bin Salman, at Al Salam Royal Palace, in Jeddah, Saudi Arabia July 15, 2022. REUTERS/Evelyn Hockstein

Cybersecurity

The Saudi National Cybersecurity Authority (NCA) has signed a Memorandum of Understanding (MoU) for Cybersecurity Cooperation with the US Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA). The MoU was signed on the sidelines of US President Joe Biden’s visit to the Saudi Kingdom.

 

It aims to promote bilateral cooperation in cybersecurity to safeguard the cyberspace and vital interests in the Kingdom and the United States. It focuses on several areas such as sharing cyber threats information between both countries, and exchanging best practices and expertise in this field.

 

The new cyber agreement between the U.S. and Saudi Arabia could boost Western goals of protecting telecom networks from Beijing’s hackers. They plan to collaborate on best practices, technologies, tools, and approaches to cybersecurity training and education.

5G infrastructure

Saudi Arabia will invest in new U.S.-led technology to develop and secure reliable 5G and 6G networks. This technology, known as Open Radio Access Network or Open RAN, emphasizes interoperable, rather than proprietary, technologies, making it easier to combine pieces of different vendors’ infrastructure.

 

Saudi Arabia’s support is a badly needed win for the U.S. in its efforts to promote Western 5G technology in a region where the Chinese vendor Huawei is dominant. It is widely deployed in the Middle East due to Chinese government subsidies so it’s difficult for other companies to compete.

 

Cloud-based Open RAN technologies carry significant cost advantages that should make them attractive in markets where Chinese subsidies would otherwise win the day.

 

Putting man back on the moon

Saudi Arabia signed the Artemis Accords with NASA to join the international alliance in civil exploration and the use of the moon, Mars, meteorites, and comets for peace and the beneficial use of space for all of humanity, and to bring Man back on the moon.

 

The Artemis Accords align national priorities for innovation that the Saudi Kingdom announced end of June 2022. This includes future economies, in which space is the next trillion opportunity for the world by 2040 and can aid in the growth of a multitude of sectors and create thousands of jobs.

 

In total, 18 agreements were signed between the two nations however, it is early days and so far it is just words.

Cyber Attack on US Pipeline

/0 Comments/in /by
Colonial Pipeline says corporate website back online | Reuters

Holding tanks are seen in an aerial photograph at Colonial Pipeline’s Charlotte Tank Farm in Charlotte, North Carolina, U.S. May 10, 2021. REUTERS/Drone Base

A cyber-attack was conducted against the Alpharetta-based Colonial Pipeline on the Friday the 7th of May 2021, which spans 5,500 miles from Houston to the Port of New York and New Jersey and meets 45% of the East Coast’s fuel needs. This was a ransomware attack and is believed to have been carried out by ‘Darkside’, a criminal hacker syndicate. The attack targeted the business side rather than the actual operational computer systems that directly run the pipelines themselves., however, the company has halted all pipeline operations as a caution.

 

The Colonial Pipeline, provides nearly half the gasoline, diesel and jet fuel used on the East Coast.  The Georgia-based company said it shut down the pipelines as a precaution and has engaged a third-party cybersecurity firm to investigate the incident, which it confirmed was a ransomware attack. It first disclosed the shutdown late Friday and said it has also contacted law enforcement and other federal agencies.

 

With this major artery shut down, a shortage of heating oil, jet fuel, gasoline and diesel will soon hit the North East. Gas prices are already trending upward, and that’s with a temporary freeze. If the systems that run the pipeline do become compromised, the pipeline may be shut for weeks or even months.

 

The Department of Transportation has issued an emergency waiver for vehicular transport of fuels, but that’s no long-term solution, particularly when the administration has made clear such hacks are “here to stay.” The United States and its infrastructure will face more cyber-attacks, whether by rival nations or opportunistic criminals.

 

The attack is just the latest episode in which hackers have gone after critical systems such as water plants, oil refineries, chemical plants or the electric grid — including a notorious incident in which Russia shut off part of Ukraine’s power supply. It’s also part of a growing plague involving ransomware, in which hackers demanding payments have crippled targets such as hospitals, police stations or municipal governments.

 

Darkside does have unconfirmed Russian ties, and if Russia is directly or indirectly involved in the attack, it means that sanctions have been pointless at this kind of hostile activity.

 

Cyberwarfare is the warfare of right now. Some critics have pointed to the lack of cybersecurity funding in President Biden’s infrastructure plan. This problem is not one which can be solved solely through spending, but a separate and bipartisan bill is necessary to ensure America does not face worse attacks or lose its ability to retaliate.

 

National infrastructure projects should be developed with security in mind, and aging hardware and software should be replaced. All government agencies and government adjacent corporations must put each employee through training exercises, with serious penalties for noncompliance. America must not allow Chinese or Russian hackers to jeopardize our critical national infrastructure. All of this will cost money. Some spending is indisputably necessary.

 

Previous Attacks

 

Last year, a crack in Colonial’s pipeline that went undetected for days or weeks leaked 1.2 million gallons of gasoline in a nature preserve near Charlotte, N.C. And in February, hackers gained access to a water treatment facility’s computer system near Tampa, Fla., essentially attempting to poison the water supply with a huge influx lye. Russian military hackers also targeted computer systems belonging to banks, energy firms, senior government officials and airports in Ukraine in June 2017 as a part of the so-called “NotPetya” cyberattack. Federal prosecutors have accused Iranian hackers of trying to infiltrate the controls for a dam in upstate New York.

 

The Darkside group is a relatively new player in the ransomware space, but it has quickly gained a reputation for patience, competence, sophistication and large ransoms. “The Darkside ransomware attack campaigns stood out for their use of stealthy techniques, especially in the early stages,” according to the security firm Varonis, which investigated several Darkside breaches. “The group performed careful reconnaissance and took steps to ensure that their attack tools and techniques would evade detection on monitored devices and endpoints.

 

Sources:
‘Jugular’ of the U.S. fuel pipeline system shuts down after cyberattack – POLITICO
Pipeline Cyber Attack Demands Reevaluation Of U.S. Infrastructure Security (forbes.com)