This year has been quite a rollercoaster in the cyber realm, marked by a variety of incidents and developments that kept us on our toes. From data breaches and privacy concerns to ransomware attacks and the emergence of new threat vectors, the landscape has been eventful.
The journey began with a Twitter data dump, laying bare user account details like names, handles, email addresses, and account creation dates. This exposed users to potential social engineering attacks and doxing. Notably, Okta, the Single Sign On (SSO) provider, suffered breaches twice within two months, affecting their Support Case Management system and impacting okta through their third-party vendor, Rightway Healthcare. Additionally, a Discord data leak disclosed usernames, Discord IDs, email addresses, billing details, and hashed passwords.
The drama extended to concerns about data privacy with Zoom's policy changes and the World Coin craze, leading to its ban in Kenya. Fake clones of Telegram surfaced on the Play Store, causing further confusion. Much closer to home, Anonymous Sudan made headlines for launching DDOS attacks and notably bringing down most of our government systems like e-citizen. Naivas supermarkets suffered ransomware attacks with data obtained including names, phone numbers and email addresses. Kenya Airports Authority (KAA) were also breached but KAA said that the data accessed was public information.
These were just highlights as there were much more attacks, vulnerabilities exposed, breaches and leaks that happened this year. Much more than could be covered in one article.
Worryingly, there were emerging trends, particularly the significant influence of AI on cybersecurity, both defensively and offensively. Tools like ChatGPT were exploited by cyber threat actors, with our very own root@Bob-/ exploring WormGPT as a hacker's alternative in this article. We also saw the rise voice cloning AI being used to scam people over the phone by pretending to be someone the victim knows. Ransomware attacks shifted from simple data encryption to the theft of data, leveraging it for extortion in exchange for not releasing it to the public.
A new threat emerged involving keyboard-based attacks, as discussed in this article. Additionally, "quishing" gained traction, where threat actors utilized QR codes as a more effective phishing method.
Amidst these challenges, there were positive developments. INTERPOL and AFRIPOL joined forces to take down cyber-criminals responsible for over $40 million in financial losses. Chrome implemented a solution to combat phishing attacks, and Google introduced the Sec-PaLM generative AI for cyber threat intelligence, aiming to harness AI as a tool for cybersecurity rather than a weapon. Encouraging trends included improved security in IoT devices, enhanced supply chain security, the transformative potential of AI in the security landscape, and a growing emphasis on cybersecurity awareness training, recognizing the human factor the most vulnerable attack vector.
Talking about being cyber-aware, this article explains how you can kinda make your online life more private to avoid getting hacked. Big companies aren't really concerned about your privacy, so it's up to you to take charge and protect yourself.
That’s it from me this year. If you enjoyed our content, share it. If not, share your feedback. Thanks for reading, watching and engaging with our content this year. Looking forward to seeing you again next year!. Peace✌️
