Author: J.C. Cross

CIS Security Controls Explained

When we talk about security controls we are talking about technical and operational steps and settings for preventing or minimizing attacks. The Center for Internet Security has listed 18 controls as critical. With them you can minimize the risk of data breaches and exfiltration, IP and ID theft, corporate espionage, privacy loss, and denial of service attacks, among other cybersecurity threats. Continue reading “CIS Security Controls Explained”

Pandemic Blues: the Clock is Ticking and the Hackers are Calling.

2021 was witness to a number of major cyberattacks: SolarWinds, Microsoft Exchange, Quanta, Colonial Pipeline, Kaseya, and Log4j. These attacks proved that food companies, utilities, supply chains and software providers could all be compromised. Cybercrime is up 600% since the pandemic began: Continue reading “Pandemic Blues: the Clock is Ticking and the Hackers are Calling.”

Bank cyber recommendations

A local bank sent out a newsletter about how relying on caller ID is no longer possible. Scammers can spoof phone numbers. 

Also, watch out for callers impersonating a bank, credit card or other financial account representative. Don’t provide any PII or financial account information over the phone. Hang up and call your institution directly. Do not click any email links or texts if you don’t know if they are from who they say they are.

Watch out for scammers saying fraud has occurred and phone calls, texts, links or emails that try to get you to provide real information about your accounts. Don’t perform any sending or transferring of money by phone, text or email. Banks will never get you to transfer money to yourself.

  • Who are you sending money to?
  • Who are you talking to or emailing?
  • Avoid giving out PII or account details.
  • When in doubt, hang up and call your bank directly.
  • Avoid urgent requests for money or supposed account problems.

Don’t think it can’t happen to you. What’s at risk?

You may not want to address cybersecurity, thinking it can’t happen to you. But it can. You hear the stories about the big companies hit with a cyberattack, but thousands of attacks are happening right now. Sixty seven percent of SMBs with fewer than 1,000 employees have experienced a cyberattack; fifty-eight percent have been hit with a data breach. An attack will affect everything you do–and more than likely (60% of SMBs) lead to bankruptcy within a year.

Everything you’ve worked for and love.

Finances are the thing that you as a business owner are, rightly, concerned about. Even if your company does not end up bankrupt, your business could be saddled with immense costs, possible fines and lawsuits over a data breach. Day-to-day operations that could be disrupted:  employee daily workflows, customer service, and regulation and compliance requirements.

Your plans for the future could also be threatened. You saw a vision for the future, attracting new customers, generating new business and creating a well-known brand. Your reputation could be damaged.

Part of the growth threatened is improvements in employee communication, performance, motivation and cyber savvy, and you can’t attract new, diverse talent to a company with a bad rep.

Over 92% of cyberattacks start with email. It may have been a careless employee who put your business at risk, clicking a phishing link or being scammed by email. That’s means you know how to stop most attacks: cyber education for your employees.

You need to prepare. Fight for what you love and built.

How to move WordPress to new domain name


So with the move / switch to a new domain name, I encountered something that would seem simple enough to fix. My hosting company switched the site for me and the root domain name changed so everything was broken, i.e. the CSS and JavaScript were not loading and only unstyled text was showing. I thought (wasn’t sure at the time and was hoping for the best) that the problem was the root domain. Continue reading “How to move WordPress to new domain name”

Wizard Spider call centers

On the dark web you can buy call center services and bot armies that are amazing in scope (“hundreds of millions of dollars in assets. ..The group’s extraordinary profitability allows its leaders to invest in illicit research and development initiatives,’ the researchers say. ‘Wizard Spider is fully capable of hiring specialist talent, building new digital infrastructure, and purchasing access to advanced exploits.'”).  https://www.zdnet.com/article/wizard-spider-hacking-group-hires-cold-callers-to-scare-ransomware-victims-into-paying-up

It is impressive. Wizard Spider also leverages BEC.

 

Funny passwords!

As a system admin you need to be on the lookout for people who make these. “[T]here were 1,862 data breaches in 2021 — a 68% increase over breaches in 2020. And, new year-over-year results indicate a fast start to data breaches in 2022, as more than 90% of data breaches are cyberattack-related.”
https://www.securitymagazine.com/articles/97518-the-20-most-common-passwords-leaked-on-the-dark-web

Pandemic depression, self-harm and suicide jumps

It’s easy to blame the pandemic for everything, but there was a 45% increase in self-injury and suicide cases among 5- to 17-year-olds in the first half of 2021. We can blame social media, and we’d be right to, but it’s not all due to that either.

Now I don’t have children, but my interactions with friends’ kids and my nephews have made me realize that there is intense need for understanding and importance in our youth at those ages. Then in college, young adults are trying to grasp their meaning and place in the world through a career. Both of these times are critical in self development–but the last thing they needed was a pandemic shutdown (imho).

https://www.morningbrew.com/daily/stories/2022/04/24/the-teen-mental-health-crisis-mystery

Mailchimp: the hack, the user education?

Took some time with 300 accounts being compromised and getting personal information through them.  Used social engineering and hit client Trezor. Here a corporate policy that recommends exactly what they are hit with.

Took some planning:

“The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app,” the crypto wallet company wrote in a blogpost.”

As usual, some irony dripping off this one when compared to the recommendations on their site help:

“You received an unexpected email from Mailchimp staff or service teams. This may include forgot username emails or password reset emails you didn’t request…For an extra layer of security, we encourage you to set up two-factor authentication with SMS or a two-factor authentication app”

https://mailchimp.com/help/i-think-my-account-has-been-compromised/

Bermuda Citizen Number One

Larger than life.

At the Royal Bermuda Yacht club, Charles lifted his whisky again and let loose some blue language. Then with that twinkle in his eye flirted with my mother. He had just returned from the Arctic sailing trip with Warren “War Baby” Brown and was once again the center of attention in Hamilton.
Continue reading “Bermuda Citizen Number One”

Cyber recommendations for wartime

Saw these recommendations for cyber today. Organizations should be vigilant for the evergreen practices: employee training about phishing and social engineering, give only the permissions needed to users, and scan for vulns and lock down ports you don’t use. But it adds, clean up old accounts (a practice for admins) and resist trying out new security measures.

Four key cybersecurity practices during geopolitical upheaval | Malwarebytes Labs

CISA has also put out some recommendations: Shields Up | CISA

Two Realities

Been reading John Bolton’s The Room Where It Happened. I thought that Trump was reined in by the “adults in the room.” While that sometimes happened, those very same people failed in doing so in the long run.

The other reality? My relative just listened to another Trump rally today.

I don’t understand what the man is rallying for. Like my friend Gijo notes, neither Reagan nor the Bushes threw rallies after they left office. I also remember my first following politics in 1992. Bob Dole, while being unfortunately noncharismatic, was understandable and coherent. He didn’t fly off the handle, at least publicly. Trump brought vitriol and instability as he coped with a job he was unsuited for.

Is he planning a 2024 run? It seems so. There has to be a sane alternative.

“Sanctions are not working”

Lindsay Addario on Firing Line with Margaret Hoover. She covered her times as a war correspondent and the losses of fellow journalists and the decimation of civilians in local communities.

Photographing the Reality of War – The New York Times (nytimes.com)

I wanted to be a photojournalist for a bit, until things just happened. It’s not glamorous (just the idea of a Pulitzer maybe). You have to love what you do.

Just getting back to writing again, as I was on a birthday “getaway.”

OK, I’m a prepper

I bought some extra water because of recent events. I know, cyberattacks may not hit infrastructure–though there are cyberattacks right now in Ukraine, reportedly Russian state actors have not yet attacked infrastructure–but that’s the extent of my prepping. Things over there have continuously escalated, with Russian attacks on civilians, so no one knows what’s going to happen.

Biden: we will “use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure.”

Slightly comforting.

Biden: There is “evolving intelligence that the Russian government is exploring options for potential cyberattacks.”

The government claims to be ready, but your enterprises and SMBs may not be.

https://www.cnn.com/2022/03/22/politics/analysis-biden-warning-putin-cyberattack-us/index.html

There is something that you should be doing right now as an SMB or enterprise:  MFA should no longer be optional. It’s a comparatively small measure considering what could be in way of an attack.

The government made these suggestions, which are a good summing up:

– Deploy modern security tools on your computers and devices to continuously look for and mitigate threats
– Make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors
– Back up your data and ensure you have offline backups beyond the reach of malicious actors
– Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack
– Encrypt your data so it cannot be used if it is stolen
– Educate your employees to common tactics that attackers will use over email or through websites
– Work with FBI and CISA to establish relationships in advance of any cyber incidents

https://www.zdnet.com/article/white-house-warns-do-these-8-things-now-to-boost-your-security-ahead-of-potential-russian-cyberattacks

LokiLock ransomware

So now these crooks are using a new ransomware called LokiLock, that wipes your device. This has already happened in Ukraine and “The US government fears destructive malware could target organizations in the West in retribution for sanctions against Russia.”
‘Everyone loses’: This new ransomware threatens to wipe Windows PCs if its victims don’t pay up | ZDNet

How can you negotiate when they destroy your machine in the process? It’s clearly like NotPetya, where Ukrainian systems were attacked by Russian actors. That’s what is currently

A colleague said that he prefers the U.S. having separate agencies in lieu of a centralized authority. He’s right about centralized authority in general, but I think we need a single federal agency in this case–in the name of readiness for a war perhaps coming soon to your local water company.