Optery

Credential harvesting campaigns are a major threat to organizations. They are enabled by publicly available personal data on data broker sites, especially those sites that link phone numbers to employees at specific organizations. Removing your employees' data from these sites can prevent your team from being targeted. #CybersecurityAwarenessMonth #StaySafeOnline #Cybersecurity

It’s Cybersecurity Awareness Month, and social engineering remains a top threat to businesses! Social engineering attacks exploit exposed personal data to manipulate employees into divulging sensitive information or granting unauthorized access. Removing this data significantly limits an attacker’s ability to create convincing pretexts and trick your team. #CybersecurityAwarenessMonth #StaySafeOnline #Cybersecurity

Optery is now included on the Cybersecurity and Infrastructure Security Agency (CISA) resources page for high-risk communities, providing free and discounted services to help mitigate cyber and physical risks. Curated by CISA in partnership with the Joint Cyber Defense Collaborative (JCDC) participants and other leaders in cybersecurity and civil society, this page offers a catalog of critical resources designed for communities at heightened risk of being targeted by malicious actors because of their identity or work. They aim to assess and mitigate risk, offer support during digital emergencies, and strengthen cyber defenses. Contributing to these, Optery offers free and discounted tools and services for high-risk groups to find and remove exposed personal information from the internet, significantly reducing the risk of cyber and physical threats. Check out the resources here: https://lnkd.in/denb8Nvg #cybersecurity #personaldataremoval #privacy

Credential-based attacks and spear phishing continue to dominate as top cyber threats. The Cybersecurity and Infrastructure Security Agency (CISA), alongside the U.S. Coast Guard (USCG), recently released their FY23 Risk and Vulnerability Assessment (RVA) Report. The report analyzed critical security weaknesses across federal, state, local, and private sector infrastructure, including maritime critical infrastructure. Among its findings, Valid Accounts were the most common successful attack technique, responsible for 41% of successful attempts. A common method under this tactic is cracking password hashes, which was successful in 89% of USCG assessments to access Domain Administrator accounts. Before cracking password hashes, attackers must first obtain them. One of the easiest ways to do so is to leverage exposed personal information online and enter that info on breach repository sites. These sites often return cleartext passwords and password hashes that are associated with the accounts linked to the target’s personal data. Once obtained, attackers can then crack the password hashes using specialized tools and wordlists. The second most common successful attack technique according to the report was Spear Phishing. This is a form of social engineering in which an attacker exploits the personal data of a target and poses as a trusted source to lure the target into unwittingly providing sensitive data or access to the recipient's network or system. While the report recommends strong password policies, phishing awareness training, and phishing-resistant MFA among its mitigations, personal data removal provides a critical preventative layer of defense against both credential-based attacks and spear phishing. By minimizing exposed personal data, you make it harder for attackers to obtain your password information in the first place, and significantly reduce your likelihood of being targeted via social engineering. #passwordcracking #spearphishing #personaldataremoval 🔑 Link in comments to the full report.

Cyber counterintelligence isn't just for spy agencies anymore. It’s now a key part of protecting your business from cyber attacks. Cyber attacks begin with Open Source Intelligence (OSINT) reconnaissance, where attackers gather organizational details and employee personal information to find vulnerabilities which can be exploited. Data broker sites make executive and employee PII easily accessible—and equally easy for hackers to exploit via social engineering and credential-based attacks. Removing employee personal info from data brokers disrupts attackers’ intelligence gathering efforts by limiting the fuel they need for successful attacks. This can prompt them to seek other, more exposed targets instead. By preemptively counteracting an adversary's intelligence-gathering capabilities through personal data removal, you can deter attackers and prevent cyber attacks at the recon phase. #personaldataremoval #counterintelligence #cybersecurity

In the latest installment of our Privacy Protectors Spotlight series, we are excited to feature Rachel Tobac, a renowned expert in human hacking and social engineering defense strategies. Rachel is an ethical hacker and the CEO of SocialProof Security, a company dedicated to helping businesses and individuals protect their sensitive data from cyber threats, particularly through the prevention of social engineering attacks. Renowned for her expertise, Rachel has become a leading voice in cybersecurity, consistently advocating for better awareness and stronger security protocols to combat the human element of hacking. Her live demonstrations, frequent media appearances, and hands-on training programs have made her a pivotal figure in educating organizations and the public about how social engineers exploit vulnerabilities in human behavior to breach systems. Through her work, Rachel has become an invaluable resource in the fight against cybercrime. She has helped to break down the complexities of social engineering in an engaging, accessible way and has equipped countless individuals and companies with practical strategies to defend themselves. By advocating for a 'Politely Paranoid' mindset—where education, vigilance, and strong security practices converge—Rachel has helped make it significantly harder for hackers to succeed. At Optery, we are greatly inspired by Rachel Tobac’s work and are happy to spotlight her for her outstanding contributions to privacy protection and security. Read the full spotlight on Rachel Tobac and join us in recognizing her important work! https://lnkd.in/euHzF3vD #socialengineering #humanhacking #cybersecurity 

LinkedIn recently introduced a feature that auto-enrolls users in a setting where their content—like posts, profiles, and media—can be used to train LinkedIn’s generative AI models. This change was rolled out quietly, with no prior update to LinkedIn’s terms of service. If you don’t want “LinkedIn and its affiliates” to “use your personal data and content you create on LinkedIn to train generative AI models that create content,” here’s how to opt out: 1. Click your profile picture in the top menu, then select "Settings & Privacy". 2. In the left-hand menu, go to "Data privacy". 3. Scroll to the bottom of the "How LinkedIn uses your data" section and click "Data for Generative AI Improvement". 4. Toggle off the switch for “Use my data for training content creation AI models.” #dataprivacy #personalinformation #optout

Fueled by exposed personal data, credential-based attacks and spear phishing continue to dominate as top cyber threats. The Cybersecurity and Infrastructure Security Agency (CISA), alongside the U.S. Coast Guard (USCG), recently released their FY23 Risk and Vulnerability Assessment (RVA) Report, which analyzed critical security weaknesses across federal, state, local, and private sector infrastructure, including maritime critical infrastructure. The report highlights key attack methods and vulnerabilities exploited by cyber threat actors. Among its findings, Valid Accounts were the most common successful attack technique, responsible for 41% of successful attempts. A common method under this tactic is cracking password hashes, which was successful in 89% of USCG assessments to access Domain Administrator accounts. Before cracking password hashes, attackers must first obtain them. One of the easiest ways to do so is to leverage exposed personal information online and enter that info on breach repository sites. These publicly available sites often return cleartext passwords and password hashes that are associated with the accounts linked to the target’s personal data. Once obtained, attackers can then crack the password hashes using specialized tools and wordlists. The second most common successful attack technique according to the report was Spear Phishing. This is a form of social engineering in which an attacker exploits the personal data of a target and poses as a trusted source to lure the target into unwittingly providing sensitive data or access to the recipient's network or system. While the report recommends strong password policies, phishing awareness training, and phishing-resistant MFA among its mitigations, personal data removal provides a critical preventative layer of defense against both credential-based attacks and spear phishing. By minimizing exposed personal data, you make it harder for attackers to obtain your password information in the first place, and significantly reduce your likelihood of being targeted via social engineering. #passwordcracking #spearphishing #personaldataremoval 👉 See the comments for a link to the full report.

Thank you, StartX, for featuring Optery's CEO and Founder, Lawrence Gentilello, in your spotlight series!

The amount of executive and employee personal data that a company leaves on the web sends a powerful signal to attackers. When a business proactively works to take their employee PII out of circulation, so it is not easily accessible through quick Google searches or data broker sites, it not only minimizes the PII attack surface but also signals that the company is hyper-diligent about security. It tells attackers the company likely has security-conscious employees and other protections in place that will make it a challenging target. In contrast, businesses that haven’t addressed employee PII exposure may appear more vulnerable during attacker reconnaissance efforts, offering ample fuel for social engineering and suggesting potential weaknesses elsewhere. This can make the company a more attractive target. The more a business reduces its personal data exposure, the less opportunities attackers have to exploit. By demonstrating preparedness and vigilance, companies can deter potential attackers, reducing the likelihood of being targeted. #socialengineering #PII #personaldataremoval