The IT Nerd

The most frequently reused credentials eventually end up on breached lists accessible to purchase on the dark web, thus becoming a weak point in personal and company security when subject to brute force and password-spraying attacks.
 

Examining the most often reused passwords allows individuals to gain insights into what type of passwords to avoid when safeguarding their online journeys. 

Some passwords, like password, 123456, qwerty, and other similar basic choices, have always been and will remain some of the most insecure picks to protect one’s account.

However, the data presented by Atlas VPN, which comes as a courtesy of SpyCloud, who extracted it from various lists on the dark web, reveals that the most commonly used credentials also change year-by-year and reflect the hottest topics.  

It is no surprise that music, streaming, and celebrity culture are among the most prevalent themes in passwords in 2022. 

Celebrity names as most common passwords

Last year, hundreds of thousands of credentials included keywords connected to celebrities Taylor Swift, Bad Bunny, Jennifer Lopez, Ben Affleck, and Elon Musk. 

Swift’s 10th album, “Midnights,” which reportedly generated $230 million in sales, resulted in passwords such as taylor, taylor swift, swiftie, and midnights being used 186,000 times. 

Similarly, Bad Bunny’s status as the most-streamed artist on Spotify in 2022 inspired the use of bad bunny, titi, and verano as passwords, with the latter two being among his popular songs, appearing 141,000 times.

The acquisition of Twitter by Elon Musk inspired the use of twitter and elon musk as passwords, which were used 74,000 times. 

Additionally, Jennifer Lopez and Ben Affleck’s reunion and marriage, known as Bennifer, was reflected in passwords such as jennifer lopez, jlo, ben affleck, and bennifer, appearing 46,000 times.

Avoid streaming and family-related passwords

Other pop culture events that captured the public’s attention were also reflected in the list of frequently reused passwords. 

The growing popularity of streaming TV services was reflected in passwords such as youtube, netflix, and hulu, which were chosen 261,000 times. 

The death of Britain’s Queen Elizabeth and other news about the royal family ignited the use of queen, queen elizabeth, and royal family as passwords. In total, credentials with the aforementioned keywords were used 167,000 times in 2022, according to various databases on the dark web.  

As expected, other frequently reused passwords included russia, russian war, ukraine, ukraine war, and trump. 

To read the full article, head over to: https://atlasvpn.com/blog/queen-elizabeth-and-taylor-swift-among-most-used-passwords-in-2022 

In today’s world, where technology is embedded in every aspect of our lives, it is essential to understand the risks of using different software and devices.

According to the data presented by the Atlas VPN team, Google, Fedora Project, and Microsoft products had the most vulnerabilities in 2022. If we look into the specific products, security researchers found the most exploits in Fedora, Android, and Windows operating systems.

More vulnerabilities in a product do not necessarily mean it is less secure. Popular and open-source products tend to have more vulnerabilities due to the larger number of users discovering exploits.

Google products had 1372 exploits in 2022, the most of all vendors. The Android operating system had 897 vulnerabilities, which was the most of all Google products. In addition, security researchers found 283 exploits in the Chrome browser, but it did not make our top 10 list of products.

The Fedora Project was the second vendor with 945 discovered vulnerabilities. Its product Fedora Linux had the most, 944 exploits, of all products.

Security researchers discovered 939 vulnerabilities in Microsoft products in 2022. Windows 10 and 11 both had over 500 exploits, while in Windows Server OS, from 2012 to 2022, the number of vulnerabilities ranged from 414 to 553.

Debian products had 887 exploits, and their Linux OS had 884 vulnerabilities, taking 3rd place among all products. Furthermore, Apple had 456 exploits in their products, one of which, macOS, had 379 vulnerabilities in 2022.

​​Cybersecurity writer at Atlas VPN, Vilius Kardelis, shares his thoughts on vulnerabilities: 

“As the reliance on technology continues to increase, so does the threat of cyberattacks. Individuals and organizations must remain vigilant about updating their software and taking proactive steps to protect against cyber threats.”

Severity of vulnerabilities

The Common Vulnerability Scoring System (CVSS) assesses the severity of vulnerabilities in computer systems and networks. It assigns them a numerical score based on a set of criteria such as exploitability, impact, and complexity.

Over a fifth (23%) of vulnerabilities found in Microsoft products are rated 9+. In addition, 20% of exploits are given a score of 7-8.

Apple product exploits with a score of 9+ account for 17% of all vulnerabilities. In addition, 26% of vulnerabilities are rated 6-7.

Google occupies the third spot on the list regarding severe exploits valued at 9+. They constitute 14% of all vulnerabilities.

Only 2% of vulnerabilities are scored as the most severe in the Fedora Project, while those rated 6-7 make up 21% of all exploits.

To read the full article, head over to:https://atlasvpn.com/blog/google-fedora-project-and-microsoft-products-had-the-most-vulnerabilities-in-2022

Americans are losing more to fraud than ever before. According to the data presented by the Atlas VPN team, based on the numbers provided by the Federal Trade Commission, consumers in the United States lost an unprecedented $8.8 billion to various scams in 2022 — a 43% rise from the previous year. 

While fraud losses increased, the number of fraud cases dropped by a fifth from 2.9 million in 2021 to 2.4 million in 2022. 

Fraudsters utilize a range of techniques and scams to cash in from unsuspecting victims. However, some scams are more lucrative than others. 

Investment-related fraud hurt consumers the most, with reported losses reaching $3.8 billion in 2022, up 116% from $1.8 billion in 2021. Funds lost to investment fraud alone constituted nearly half the total losses to fraud in the US last year. Overall, there were 104,703 investment fraud cases recorded in 2022. 

While US citizens lost the most money to investment fraud, imposter scams were the most prevalent, with 725,989 cases reported in 2022. Together they cost US consumers $2.7 billion — 11% more than the previous year.

The third spot on the list is occupied by business and job opportunities fraud. US consumers reported 92,723 such fraud instances, totaling $367.4 million in losses. Compared to 2021, losses to business and job opportunities fraud increased by 76%.

Other fraud types that caused US consumers significant losses include online shopping and negative reviews scams ($358.1) and prizes, sweepstakes, and lottery scams ($301.9 million).

​​Cybersecurity writer at Atlas VPN, Ruta Cizinauskaite, shares tips on how to avoid falling victim to fraud:

“While fraudsters continuously find innovative ways to deceive victims, there are some general rules you can follow to protect yourself from falling victim to fraud. Be wary of unsolicited calls, emails, or messages, try to verify the identity of the person or organization contacting you, and take the time to think through any requests or offers before making a decision. Most importantly, don’t share your personal information, such as your social security number, bank account information, or credit card details, unless you are absolutely sure it is necessary and legitimate.”

To read the full article, head over to: 

https://atlasvpn.com/blog/americans-lost-a-record-8-8-billion-to-fraud-in-2022

Over the past few years, investment scams have become increasingly sophisticated and widespread, taking advantage of the rise of digital technologies.

According to data analyzed by the Atlas VPN team, Americans were scammed out of $3.8 billion through fraudulent investment opportunities. Compared to 2021, the amount of losses has grown by 116%. Many of these scams use social media platforms, websites, apps, and other channels to reach potential victims.

In the last 4 years, investment scams in the US have grown by nearly 4000%. In 2018, fraudsters stole $94.5 million using investment scams, and 8,392 (57% of all) fraud reports indicated a loss. By 2022, the number of reports had increased significantly, with 77,599 reports (74% of all) revealing a loss of money in investment scams.

Furthermore, scammers have been getting away with more and more money. In 2018, the median loss from investment scams was $2,262. Since then, it steadily grew from year to year, and now, in 2022, it has reached $21,727.

A few reasons for such growth are the increasing internet and social media use, which helped scammers find new ways to reach potential victims. Additionally, the rise of interest in crypto made people think they could get rich quickly by investing in it during economically unstable times.

​​Cybersecurity writer at Atlas VPN, Vilius Kardelis, shares his thoughts on the rise of investment-related scams:

“Overall, investment scams have grown significantly due to various factors, including technological advancements, economic instability, and the increased sophistication of scammers. Individuals need to be aware of these risks and take steps to protect themselves from such scams.”

How do scammers contact you?

Some states experienced much more scams than others, and fraudsters used certain contact and payment methods more commonly.

Most commonly, scammers contact Americans through social media when offering investment opportunities. People reported 27,611 attempts of fraud through social media. By far, the most common payment method in such scams was cryptocurrencies. People lost over $880 million worth of crypto throughout 30,162 reported investment fraud cases.

Another vital statistic is that Nevada was the most common target of scammers. Nevadans reported 316.5 investment-related scams per million population. Californians were second with 272.7 reports per million population.

To read the full article, head over to:

https://atlasvpn.com/blog/americans-lost-nearly-4-billion-to-investment-scams-in-2022

Russian authorities have attempted to isolate their nation’s internet from the rest of the world since the start of the war in Ukraine on February 24, 2022. Hundreds of websites have already been blocked, including two major social media platforms – Instagram and Facebook. 

Russians are turning to VPNs to bypass the country’s tightening internet controls. 

The recently updated VPN Adoption Index by Atlas VPN reveals that VPN downloads in Russia grew from 12.59 million in 2021 to 33.54 million in 2022, representing a YoY growth of 167%. 

In 2020, only 4.9 million downloads originated from Russia, which put the VPN adoption rate at 3.37%, ranking the country at the 55th spot globally. 

While last year, nearly a quarter (22.98%) of the country’s population installed VPN services on their devices, with Russia becoming the 8th most popular market for VPNs

The most significant wave of VPN installs from Russia began on March 11, 2022, when the Russian government’s communication agency announced it would block Instagram and Facebook after finding Meta Platforms Inc. “extremist.”

On March 14, 2022, the number of VPN installs originating from Russia increased by 11,253% above the norm. 

To read the full article, head over to: https://atlasvpn.com/blog/vpn-usage-in-russia-increased-by-167-in-2022

In recent years, state-sponsored cyberattacks have become a growing concern for governments, businesses, and individuals alike.

According to the data analyzed by the Atlas VPN team, Ukraine was a victim of 29 state-sponsored attacks in 2022. Behind most of the government-backed attacks stand China and Russia, with 44 and 38 cyberattacks, respectively.

The United States suffered 14 state-sponsored cyberattacks. Most of these attacks came from Iran or China-backed hackers who launched phishing and malware campaigns against US companies or government entities.

State-backed hackers launched 7 attacks on Russia in 2022. The majority of them were by the Ukrainian IT army in response to Kremlin’s started war on Ukraine.

South Korea was a victim of 6 government-backed cyberattacks. North Korean cybercriminals were behind most of the threats. In addition, they were responsible for all 5 attacks on cryptocurrency companies.

Finally, all other state-sponsored threats on countries not mentioned here made up 76 total cyberattacks.

​​Cybersecurity writer at Atlas VPN, Vilius Kardelis, shares his thoughts on state-sponsored attacks:

“The rise of state-sponsored cyberattacks poses a significant threat to the stability of our interconnected world. Governments must collaborate to establish clear rules of engagement in cyberspace to prevent the expansion of malicious cyber activities that undermine trust and confidence in the digital infrastructure.”

State-sponsored spying

Governments around the world are engaged in a race to gather as much intelligence as possible.

Nonetheless, out of all government-backed attacks in 2022, 110 were launched to spy on another country or organization. Financial theft was the reason behind 11 threats, while cybercriminals destroyed sensitive information in 8 cyberattacks.

Governments were the primary targets of state-backed hackers, as they launched 75 attacks on such entities. Businesses faced 55 nation-sponsored cyberattacks. Cybercriminals hacked journalists, human rights activists, or other citizens 48 times. Lastly, military objects suffered 8 state-sponsored cyberattacks.

To read the full article, head over to:

https://atlasvpn.com/blog/unveiling-the-invisible-war-ukraine-suffered-29-state-sponsored-cyberattacks-in-2022

Atlas VPN announced yesterday that has upgraded its service with 10Gbps servers. The newly introduced servers come with custom kernel optimization to deliver even greater speed and stability while browsing, streaming, downloading, or gaming.

Servers are at the core of any VPN service. When a user connects to a VPN, all of their data travels via its selected server, which encrypts and decrypts it before the data reaches the internet. However, if servers get congested with traffic, browsing speed can suffer as a result.

While the company has been using reliable 1Gbps servers since its start, with the onset of high-speed 5G technology and a rapidly growing user base, it has started the shift toward new, more powerful servers. 

Currently, the 10Gbps servers are available for the Amsterdam, Netherlands, location. However, the company plans to expand the 10Gbps network to cover more locations in the near future. 

The newly introduced 10Gbps servers are the latest addition to Atlas VPN’s premium offering. The premium bundle also includes privacy-optimized servers Privacy Pro, as well as advanced security tools, such as data breach tracker Data Breach Monitor, and malware and third-party tracker blocker SafeBrowse, among other benefits.

Data presented by Atlas VPN shows that 25.7% of pig butchering scams had their first point of contact on dating websites.

Pig butchering is a relatively recent social engineering scam in which fraudsters contact people via social media sites or emails and text messages and cultivate trust through long-term dialogue. They create the illusion of a friendship or romantic relationship, also called the “feeding” phase.

At some point, the fraudsters suggest that the victim invests in cryptocurrencies on the suggested platform.

Little does the victim know even though the website looks trustworthy, the platform itself isn’t connected to a legitimate cryptocurrency exchange or market.

Victims who visit these bogus investment dashboards see large returns and believe their investment is bringing huge returns quickly. Then, the fraudster advises investing even more while the getting is good, hence luring out even a larger sum of money from the victim. In other words, “harvesting” the already “fed” victim. 

Finally, when the victim attempts to cash out, they are hit with multiple procedures and fees. As suspicion builds, shortly, the website is shut down, and the previous friend or romantic interest is nowhere to be found.

The data on pig butchering scams is originally from the Pig Butchering Scam Reportby RealCall, based on a survey of 996 RealCall users, interviews with scam victims, former scam sweatshop workers, advocates, rescue workers, etc., and some research in numerous channels. The survey findings were released in January 2023. 

Surprisingly, nearly 48% of the respondents report that they have gone through a pig butchering scam and experienced financial losses. 

Another 49% of those surveyed said that they had encountered a pig butchering scam in the past but were able to identify it and avoid it. 

Worth noting that the surveyed respondents already use the service offered by RealCall, which is used to detect and block unknown spam calls and robocalls, suggesting that the population surveyed has already had a negative experience pertaining to being contacted by an anonymous actor with negative intentions, so these percentages should not be applied to the more general population.

On the other hand, knowing the most common points of contact is still useful in order to avoid getting taken advantage of. 

As already mentioned, 25.7% of respondents say they were first messaged through dating websites, while 40.4% of victims note their initial contact with fraudsters was through anonymous calls and messages.

Another 11.2% of communication was started on social media, and 9.3% through job-hunting channels. These days, only 7.6% of contact is made through emails. 

Man loses $1 million

Not long ago, Forbes released an extensive article revealing how a pig butchering scam works in real life. Here, a 52-year-old guy from San Francisco lost $1 million after being approached by scammers posing as an old friend.

The deception was carried out during a months-long, WhatsApp chat that totaled more than 271,000 words. 

To read the full article, head over to:

https://atlasvpn.com/blog/bad-romance-over-25-of-%E2%80%98pig-butchering%E2%80%99-scams-happen-on-dating-sites

With the rising popularity of streaming services, they have also become the prime target of cybercriminals. Some hackers may be after a free ride on your Netflix or Spotify account, others after your personal details, while a chunk of hackers try to profit by selling hacked streaming accounts on the dark web. 

The Atlas VPN team, using data from Whizcase, reports that dark web accounts for popular streaming services are sold for an average of $11.

The cheapest accounts belong to SoundCloud users. They are being sold for as little as $6. 

On the other side of the spectrum are Apple Music and Disney+. They have the biggest price tag among hacked streaming accounts on the dark web, around $15 and $14, respectively. 

Spotify and Netflix accounts are offered at $12 each, while Hulu and Twitch accounts are sold for $11, followed by HBO Max at $10. In the meantime, hacked accounts of Amazon Prime Video users are being offered for $9.

Streaming accounts typically contain not only the user’s name, surname, date of birth, and contact information but also often have linked payment methods, making them a valuable target for cybercriminals.

Fraudsters frequently gain unauthorized access to people’s streaming accounts using login credentials obtained from data breaches. This happens because many people use the same login information for multiple accounts. If one of the accounts gets compromised in a breach, others are also at risk. Hackers can also use phishing scams to trick people into giving away sensitive information that can then be used to access their accounts.

To read the full article, head over to: https://atlasvpn.com/blog/this-is-how-much-hacked-streaming-accounts-cost-on-the-dark-web

The first-ever thorough analysis of the state of cybersecurity of the US defense industrial base (DIB) reveals that nearly 90% of its contractors do not meet the required security standards.

Defense contractors possess sensitive national security information and are being constantly targeted with sophisticated hacking operations led by state-sponsored hackers.

The in-depth analysis of the Pentagon supply chain was commissioned by CyberSheath, a cybersecurity compliance service provider, and was carried out by Merrill Research, a leader in providing custom, multi-methodological research services. Access the State of The Defense Industrial Base Report here. 

The survey questioned 300 US-based DIB contractors via an online survey in July 2022.

The supply chain of the departments in question was evaluated using the Supplier Risk Performance System (SPRS), which is the DoD’s single, authorized system to retrieve supplier security performance information.

Contractors who do not possess an SPRS score of 70 or higher are deemed non-compliant with the Defense Federal Acquisition Regulation Supplement (DFARS) criteria.

The DFARS is a set of cybersecurity regulations the DoD imposes on its contractors. The DFARS, which has been in effect since 2017, demands a score of 110 to be considered fully compliant.

Data presented by Atlas VPN shows that a startling 89% of contractors have an SPRS score of less than 70, which means that they do not meet the legally required minimum.  

Over 25% of the supply chain received SPRS scores between -170 to -120, while only 11% of surveyed contractors received a score that is regarded as compliant.

The research conclusions show a clear and present risk to US national security.

These findings should not be easily overlooked, considering the current global political tensions and the constant barrage of attacks from state-sponsored hackers.

Areas of non-compliance

Approximately 80% of the DIB does not monitor its systems 24/7/365 and does not use security monitoring services headquartered in the United States. Using foreign cybersecurity services has a risk on its own.

Other flaws were discovered in the following areas:

• 80% do not have a vulnerability management system.
• 79% do not have a robust multi-factor authentication (MFA) system in place, and 73% do not have an endpoint detection and response (EDR) solution.
• 70% of organizations have not implemented security information and event management (SIEM)

These security measures are legally required by the DIB, and if they are not satisfied, the DoD and its capacity to undertake armed defense face a major danger. 

To read the full article, head over to: https://atlasvpn.com/blog/nearly-90-of-the-pentagon-supply-chain-fails-basic-cybersecurity-requirements