Simply Cyber Newsletter #97

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your end users, peers, and executives. Support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

82% of Phishing Sites Now Target Mobile Devices. Phishing sites often using HTTPS to appear secure. Mobile malware is rising, with healthcare most affected. Sideloading apps significantly increases malware risks, and both Android and iOS devices face increasing vulnerabilities.

What you need to know: Educate your end users on securing their personal devices to protect the business. Phishing attacks targeting mobile devices have surged, with 82% of malicious sites using HTTPS to appear secure (Zimperium zLabs Global Mobile Threat Report, 2024). Even if an end user's phone isn’t directly connected to the business network, risky behaviors like sideloading apps from unofficial sources (which increases malware risk by 200%) or falling for phishing sites can still compromise personal and business data. By educating users on avoiding these risks, keeping their devices updated, and staying aware of mobile threats, you help them protect their own data; and in turn, reduce the chance of those threats spreading to your organization.

FOR PEERS

CISA: Hackers target industrial systems using “unsophisticated methods.” CISA warns that attackers are breaching critical infrastructure OT/ICS devices, particularly in water systems, using unsophisticated methods like brute force and default credentials. Security professionals must implement stronger defenses to protect against these persistent and potentially disruptive threats.

What you need to know: Even though this warning specifically targets OT/ICS, the broader lesson is that attackers often exploit weak points, like default credentials and misconfigurations, across all sectors. Critical infrastructure may be the immediate target, but the same unsophisticated tactics can be used to breach other types of networks. Security professionals in every field should strengthen their defenses by securing internet-exposed devices, enabling multifactor authentication, and regularly updating systems. By learning from these attacks on OT/ICS, teams can bolster their own security postures and prevent attackers from gaining footholds in any environment.

FOR EXECUTIVES

US Proposes Ban on Automotive Software & Hardware From China, Russia. The U.S. Department of Commerce proposes a ban on Chinese and Russian tech in vehicles by 2027 and 2030. Business executives should consider how future bans on foreign products or services might disrupt supply chains and strategic operations.

What you need to know: The proposed ban on foreign automotive technology signals a broader concern for industries reliant on foreign products, including third-party vendors. Future restrictions could disrupt supply chains across sectors, so executives must assess dependencies now. By starting these conversations early and developing contingency plans, companies can proactively shift to alternative suppliers or domestic technologies. This approach ensures that, by the time such regulatory changes take effect, your business will already be well into a new, resilient strategy. This approach will help in minimizing disruption and maintaining competitive advantage in a changing geopolitical landscape.

Stay current on trending topics, tips, events and resources in cybersecurity, connect with me on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Thank you so much and see you again next Monday!

Have a great week, #TeamSC!

Gerry

NEW PODCAST PREMIERE! SIMPLY DEFENSIVE

Premieres: Monday, Sep. 30th from Simply Cyber Media Group

Welcome to the inaugural episode of Simply Defensive! Join hosts Josh Mason and Wade Wells as they introduce the podcast and share their professional backgrounds in cybersecurity.

Discover the story behind the podcast's creation, their unique approach compared to vendor-driven content, and the importance of community in cybersecurity. Josh dives into his journey from being a pilot in the Air Force to becoming a director of cyber training, while Wade talks about his varied roles in the cybersecurity industry, including his work in SOCs and threat intelligence.

Get insights on upcoming talks, community involvement, and the launch of future episodes focused on real-world experiences from the defensive side of cybersecurity.

We hope to see you in chat at 9:30 AM EDT, immediately following the Daily Cyber Threat Brief and Jaw Jackin’ AMA.

SIMPLY CYBER CON

When & Where: Friday, November 1 - Harbor Walk | College of Charleston, Charleston, SC

Simply Cyber Con is hybrid, available to attend live in-person, or virtual. Speakers are presenting in-person on location.

Learn more about Simply Cyber Con talks, how to make it a cybersecurity weekend with Security B-Sides Charleston, and register to attend NOW at simplycybercon.org.

Tickets are limited and we are less than a month away. Make your plans today! #teamsc

SIMPLY CYBER CON MERCH IS NOW AVAILABLE

Simply Cyber Con 2024 merch has arrived! We have an assortment of styles available for everyone.

Gear up for November 1st! Purchase your merch now.

Special thanks to Simply Cyber Con’s non-profit sponsor, Cybersecurity Central, for the design and merchandise support. Learn more about CC at CybersecurityCentral.org.

DAILY CYBER THREAT BRIEF SIMPLY CYBER

Catch the most popular weekday cyber threat news analysis live stream around and meet the most supportive community ever. #TeamSC

Join us on the Daily Cyber Threat Brief, available on YouTube, LinkedIn, and your favorite podcast platform. Click the links below to favorite on your devices.

SIMPLY CYBER ACADEMY FOR GRC CYBER CAREERS

Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. Plus, we have TWO NEW COURSES to excel your cyber career.

We specialize in GRC Cybersecurity Careers.Visit academy.simplycyber.io.