If you’re a LinkedIn user, log in now and strengthen your security. Reports indicate that LinkedIn accounts are under attack.

First brought to light by Cyberint, LinkedIn users have taken to social media with word that their accounts have been frozen or outright hacked. In some cases, users received ransom notes for the return of their hacked accounts.

It appears that LinkedIn is weathering a wave of brute-force attacks. This type of attack works much like it sounds—hackers try to force their way into accounts by guessing passwords. With powerful hacking apps, they can guess millions of passwords in seconds.

As a result, one of two things is happening:

LinkedIn users receive an official, legitimate email from LinkedIn alerting them that their account has been locked due to unusual activity. This measure likely kicked in because of a brute force attack or because the attack occurred on an account using two-factor authentication. In this case, the account wasn’t compromised. However, these users then must reactivate their accounts per instructions provided by LinkedIn.
Users try to log in and find that their password has been changed. Effectively, their account has been hacked. Reports show that some of these accounts get deleted. In other cases, the hacker changes the account’s email to an address using the “rambler.ru” domain, which makes the account unrecoverable by the user.

Given the scope, scale, and consistent use of the rambler.ru domain, this has all the signs of an organized attack. As of this writing, no group has claimed credit.

How quickly can someone hack my password with a brute force attack?

If any event underscores the need for strong, unique passwords, this is it.

Given today’s computing power, the password generators hackers use for brute force attacks can create millions of passwords in seconds. Weak passwords have no chance against them. It’s a simple matter of statistics.

Consider a password that uses eight numbers, uppercase and lowercase letters, and symbols. Sounds pretty strong, right? Unfortunately, a brute force attack might crack that password in as fast as one second.

Password Length

(Using numbers, uppercase and lowercase letters, and symbols)

Time to Crack the Password

8
One Second

12
Eight Months

16
16 Million Years

However, increase that password length to twelve numbers, uppercase and lowercase letters, and symbols—it’d that eight months to crack that password. Bump it up to 16, and it would take 16 million years. The longer it is, the more complex it is. And thus tougher to crack. It’s the difference between one second and 16 million years. And if a hacker’s brute force attack on one password takes too long, it’ll simply move onto the next one.

How to protect yourself from the LinkedIn attacks.

Log into your LinkedIn account now and verify that it’s indeed secure. Then, take the following steps:

Enable two-factor authentication. You’ll find this in your security settings. Using two-factor authentication makes hacking your account far, far more difficult than hacking it with password protection alone.
Set a new password. Make it strong and unique, using numbers, uppercase letters, lowercase letters, and symbols. As illustrated above, the longer the better—14 or even up to 16 characters.
Confirm your contact email. LinkedIn will alert users of unusual activity. Ensure that the contact information in your account profile uses an email address that you regularly check.

How to create your own strong, unique password. One that you can still remember.

Fourteen characters? Even up to 16 characters? How do you create that without just mashing on your keyboard? (Not recommended.) A layered password can do the work. It’s a way of creating a phrase and turning it into a strong, unique password that you can still remember.

Pick a phrase that is memorable for you: Don’t use easily discovered information, like your birthdate or pet’s name. Try something linked with an interest or hobby. If you’re an avid runner, you might choose a phrase like, “Running 26.2 Rocks!”
Replace letters with numbers and symbols: Remove the spaces. Then, you can put symbols and numbers in the place of some of the letters. Runn1ng26.2R0ck$!
Include a mix of letter cases: Finally, you want lower and uppercase letters that aren’t in a clear pattern. Algorithms know how to look for common patterns like camelCase or PascalCase. Runn1NG26.2R0cK$!

Now, you have a 17-character password that challenges hackers and that’s still something you can remember.

Or, have a password manager handle the strong, unique passwords for you.

Granted, creating strong, unique passwords for dozens and dozens of accounts can take a bit of time. (To put it mildly.) It can take yet more time if you manage them, such as if change them regularly (which can help protect you from data breaches and brute force attacks like this one at LinkedIn). Here, a password manager can help.

A password manager can create, memorize, and store strong, unique passwords. It’ll use the random numbers, letters, and characters we mentioned earlier. The passwords won’t be memorable, but the manager does the memorizing for you. You can also use it to update passwords regularly. In a time of data breaches, this offers you extra protection. Taken together, every account you have gets powerful password protection when you hand the job over to a password manager.

Log in now and secure your LinkedIn account.

This wave of attacks reminds us just how powerful, or weak, our passwords can be. A strong, unique password in conjunction with two-factor authentication stands as your best defense as LinkedIn weathers these attacks. Strengthen your security.

Strengthen your other accounts as well. Hackers target websites and platforms of all sizes, and not every attack makes the headlines. Strong security measures for each of your accounts will protect you best if you end up as a hacker’s target.

The post How to Safeguard Your LinkedIn Account and Strengthen Your Security appeared first on McAfee Blog.

Read More

NCC Group researchers observed 502 ransomware attacks in July 2023, with a large proportion made up of Clop’s continued exploitation of MOVEit

Read More

License plate scanners aren’t new. Neither is using them for bulk surveillance. What’s new is that AI is being used on the data, identifying “suspicious” vehicle behavior:

Typically, Automatic License Plate Recognition (ALPR) technology is used to search for plates linked to specific crimes. But in this case it was used to examine the driving patterns of anyone passing one of Westchester County’s 480 cameras over a two-year period. Zayas’ lawyer Ben Gold contested the AI-gathered evidence against his client, decrying it as “dragnet surveillance.”

And he had the data to back it up. A FOIA he filed with the Westchester police revealed that the ALPR system was scanning over 16 million license plates a week, across 480 ALPR cameras. Of those systems, 434 were stationary, attached to poles and signs, while the remaining 46 were mobile, attached to police vehicles. The AI was not just looking at license plates either. It had also been taking notes on vehicles’ make, model and color—useful when a plate number for a suspect vehicle isn’t visible or is unknown.

Read More

Australian utility company Energy One confirmed it had taken steps to limit a cyber-attack affecting its corporate systems

Read More

Legitimate software used to deploy backdoor malware

Read More