September 22, Molly wrote an article regarding the the Biggest threats facing businesses through Cyber Security, and then on the same day Yahoo confirmed that over 500 million accounts were hacked! As a technology group we want to warn ANYONE who has a Yahoo account that the BAD Guys are going to have a field day with this. You are going to be inundated with Phishing schemes that are going to be full of masked links that are going to infect your computer.
"Yahoo reported that they believe the user data was stolen in late 2014, yet they just disclosed the breach this morning. The amount of time a breach remains undetected is known as "Dwell Time". FireEye's Mandiant has reported average dwell times of 146 days. In the case of this Yahoo breach, it appears the hackers remained undetected for over 650 days. This high "dwell time" achieved by the hackers is remarkable since Yahoo has one of the most sophisticated security infrastructures in the world. As such, this breach should be an eye-opener to all other enterprises regarding the need for increased spending on security.
Yahoo gave no details of how the nation-state hackers infiltrated the company's network, but experts say the most likely vector was the old reliable spoofed spear phishing attack fooling a Yahoo employee with either a malicious attachment or link that then downloaded malware that got the attackers a foothold into its network."1
To protect yourself, and your organization and all of your users we suggest that you never, ever, ever click on a link from an email that you receive in your Yahoo account or any other email account for that fact, not even your business email, soliciting you to change your username and password, or asking you to log into your email acount, or suggests you follow a link to safeguard your email account.
We suggest that ASAP. you open up your browser and go directly to yahoo.com yourself and reset your password. Do It now. It will be the best security you can use to protect your account moving forward. Change your password. Make it as strong and complex as you possibly can. Then WATCH out for any phishing emails that relate to your Yahoo account. Don't click on them, don't open them, delete them immediately.
Another way is to use the Yahoo Account Key, which is a simple authentication tool that eliminates the need to use a password altogether.
October is cybersecurity month. Make sure to come back and see all the suggestions we have for you to keep your information, data and emails safe.