Welcome to the latest copy of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we analyze the wild world of security.

Okay, I have a acknowledgment to make. Despite accoutrement aegis day in and day out, I accomplished I don’t absolutely convenance what I preach.

I have written extensively about the accent of two-factor affidavit (2FA) just through this very newsletter several times before. Every time the issue of claimed online aloofness has come up in here, I’ve urged you to turn on 2FA for an extra layer of security.

I anticipation I have been doing this 2FA thing right until my phone got stolen a couple of days ago. The phone — on which I had installed an authenticator app — was, causeless to say, a aperture to dozens of casework I had signed up for.

webrok
So what went wrong? Short answer: backup codes, or lack thereof.

Although I had jotted down the backup codes for most of my accounts, I noticed, to my shock and horror, that I had missed out a few others. The result? I was locked out and I ended up spending way too much time trying other arduous ways to balance access to my accounts.

As they say, lesson learnt. If you want to avoid being in my position, use a cross-platform authenticator app like Authy that can accord your tokens amid your assorted devices.

Here are some other tips: While SMS is not a reliable band-aid for 2FA, it doesn’t hurt to add a second phone number to your annual in case you lose access to your main number. Also set up 2FA on two altered accessories so that one can act as a backup.

Finally, if all else fails, acquaintance chump service. But be warned that the accretion action can take several days, and in some cases, may even crave you to create a brand new annual (such as Discord).

This is why it’s capital to have backup options, so in case the worst happens, you can easily get access to your accounts back.

What’s trending in security?

The US Treasury administration is keeping a close watch on ransomware payments, Facebook shut down a malware groupthat hijacked users’ accounts to buy awful ads, and Tesla assuredly added support for 2FA.

  • The FBI is abutting hands with the CIA and NSA to hunt adopted hackers. [Reuters]
  • Law administration agencies arrested 179 people across Europe and the US in an operation named “DisrupTor” for accustomed out adulterous sales of drugs and guns on the dark web. In a agnate development, Polish police shut down a hacker super-group complex in bomb threats, ransomware, and SIM swapping attacks. [BBC / ZDNet]
  • The European Court of Justice, the EU’s accomplished legal authority, ruled that member states cannot aggregate citizens’ mobile and internet data en masse. [CNBC]
  • Singapore became the first country in the world to use facial analysis for its civic ID scheme called SingPass, acceptance citizens secure access to both clandestine and government services. [BBC]

webrok

  • The US Administration of Homeland Aegis accepted that 184,000 photos from a facial acceptance pilot affairs were hacked from a Customs and Border Control subcontractor, and at least 19 were posted on the dark web last year. [Motherboard]
  • Facebook shut down “SilentFade” Chinese malware gang that hijacked accounts to purchase awful ads, ultimately ambidexterity users of $4 actor to buy ads for diet pills and fake artist handbags amid late 2018 and February 2019. [WIRED]
  • Popular dating app Grindr fixed a flaw in its countersign reset action that accustomed anyone with ability of a user’s email abode to take over the account. [TechCrunch]
  • Clark County School Commune in Las Vegas found itself in a spot after clandestine advice of 320,000 students, including Social Aegis numbers and apprentice grades, were leaked in an underground forum after school admiral chose not to pay the ransom accepted in return for unlocking commune computer servers. [The Wall Street Journal]

webrok

  • But the US Treasury is befitting a close watch. The administration said those who facilitate payments on behalf of ransomware victims, including agenda forensics firms, could be subjected to hefty fines if the attackers are on the US sanctions list. This comes after wearables maker Garmin paid a ransom to the ahead accustomed EvilCorp gang. [US Dept of Treasury]
  • As hospitals fall victim to ransomware attacks, a group of volunteers called the Cyber Threat Intelligence League have stepped in to adviser threats in the medical sector and level up their cyber defenses. [WIRED]
  • Twitter suffered its biggest hack in July, and with the US elections around the corner, it’s advancing itself to avert addition one. The social media belvedere has hired Rinki Sethi as its new chief advice aegis officer. [WIRED]
  • A hack-for-hire cyberespionage group known as BAHAMUT has been linked to a “staggering” number of advancing attacks adjoin Saudi diplomats, Sikh separatists, and Indian business admiral in the Middle East and South Asia, while also agreeable in absolute bamboozlement campaigns. [Blackberry]
  • The last fortnight in data breaches, leaks and ransomware: Arthur J. Gallagher & Co, Blackbaud, Chowbus, KuCoin, Microsoft Windows XP, Swatch, and Universal Health Services.

Data Point

With ransomware attacks ascent everywhere abundance and intensity, there has been a 50% access in the daily boilerplate of attacks over the last 3 months compared to the first half of 2020. They have emerged as one of the most assisting means for baddies to make money, and it’s absurd to abandon anytime soon.

webrok
According to Check Point Research, “US ransomware attacks angled (98.1% increase) in the last 3 months, making it the #1 most targeted country for ransomware, followed by India, Sri Lanka, Russia and Turkey.” The reason for the surge? Threat of double extortion, gaps in IT basement due to the global shift to remote work, and the return of the Emotet botnet for ransomware campaigns.

Tweet of the week

webrok

That’s it. See you all in two weeks. Stay safe!

Read next: Google will now alert you of domiciliary sounds through Android notifications