Category: Security

If you’re hit by ransomware, do not panic. Think through the processes below.

1. When can you start on your client’s recovery? At least seven days will lapse before you can get to work on the systems.
2. How long will my client be down? Give your client some ready, loaner servers.
3. Should my client pay the ransom? Keep your client asset list ready. What is the priority for bringing the data back online.
4. Am I as an MSP going to be liable? You will encounter this later in the process. Make whoever provides your errors and omissions insurance aware of the problem.
5. How do I prevent this?
– Set up users so they don’t have admin rights.
– Do not log in to workstations with domain admin accounts.
– Create an alert to let you know if you have a domain admin logged into a machine that’s been idle for more than an hour.
– Don’t give normal users domain access rights. Only give them these rights when they are applying updates. Give them local admin rights only as needed and create these rights on a separate account.
– Do not share passwords or usernames between accounts.
– Never log in to your backup servers or solution from the servers you are backing up.
– Check your AV status, running or not? Make sure it gets updated and users can touch it.

*** Ransomware doesn’t work if it doesn’t kill the backups. ***

That was one of the famous lines from Sneakers (1992). Today, you may have devices and apps listening in on your passport. Voice assistants like Bixby, Siri, or Alexa may be doing it. Apple says Siri runs a speech recognizer at all times. “Hey Siri” or “OK Google” can start the recording. Apps may also be recording your voice.

Use these recommended steps to protect yourself.
1. Turn off Siri, Bixby, or Alexa.
2. Turn off your microphone by going to the settings for each app that may use your voice (or ambient sound!).
3. Use anti-malware software.
4. Use a VPN.

Anti-virus software may help you. Just like a VPN can.

Doing a piece on technical debt and cybersecurity. Developers know the term technical debt. When faced with a deadline, peripheral requirements are sacrificed for expediency. The proper course of action is to spend more time to complete a project. Sacrifices cause the solution to deviate and, in the long term, can impact performance, scalability, resilience, or other similar system characteristics.

While not all technical debt can result in negative outcomes, shortcuts, and outdated security and infrastructure can impact your cybersecurity significantly. Not only can efficiency be reduced, but an easy and limited solution can amount to an open door. The organization’s eyes are not on the future and the door gets wider.

In short, you need to do the job right, including modernizing old tech and configuring correctly. You must also adapt to the changing cyber landscape–or increase your vulnerabilities by not doing the job properly.

Some basic cyber practices for the holiday!

• Guard your Personal Identification Number (PIN) in public. Eavesdroppers may be spying on you from behind while you are typing it in or if you write it down. Cover the keypad. Watch for skimming devices attached to ATMs, which can capture your PIN.
• Watch out for indications of tampering or skimming on card readers or someone trying to distract you or offer you help, especially at gas stations, bars, and restaurants. Inform the merchant or authorities if you think you’re a victim.
• When you are traveling, you want to avoid shopping hassles. Head this off by calling your bank or credit card company to notify them. This way, the company will know not to lock your cards for unusual activity.
• Keep your bank and credit cards secure; avoid public display.
• Contactless payments through an RFID credit card (contactless or tap-to-pay cards) are among the safest purchasing methods. Your RFID-enabled card, smartphone, or other wearable uses encryption and tokenization to protect your personally identifiable information (PII). RFID technology sends information between a tag and a scanner using radio waves. A credit card is RFID enabled if you see the contact list symbol on the front or back (similar to a sideways WiFi symbol). To protect your RFID device, an RFID-blocking wallet can prevent someone from robbing you even if you don’t take it out of your pocket.
• Use the chip on your card rather than the magnetic strip.
• Use a combination of letters, numbers, and symbols for your passwords, update them regularly, and avoid reusing them. A password manager is the best way to create complex and secure passwords.
• If you are shopping online, make sure you see the lock icon or “https” in your browser’s address bar.
• Your credit card or payment service should offer fraud protection.
• Don’t use public WiFi or computers when performing online transactions.
• Take advantage of your bank or credit service’s transaction alerts and review them routinely for unauthorized or suspicious transactions.
• Report to a bank or credit card company if you lost your card or had it stolen. Most times, these companies have 24/7 hotlines for this.
• Beware of phishing emails with links or attachments, and do not expose your PII over the phone or online to any unknown person or company.
• Use anti-malware software to protect yourself from data breaches.
• Don’t use credit cards on public WiFi networks.
• Use the Apple Pay, Google Pay, or Samsung Pay digital wallets to store your credit and debit card information safely. You can use these features on a smartphone or smartwatch, which operates with Near Field Communication (NFC) technology to process your payments. If your device has one of the digital wallets, you can wave your device over a contactless reader for a few seconds to process the secure payment.
• PayPal and Venmo offer an alternative secure purchasing method. You can link them to your bank account, credit, or debit card to a PayPal account to execute transactions without exposing your financial details to a third party and take advantage of encrypted financial data and fraud protection.
• What do you do if you’ve been scammed?
• 1) Change your passwords and call your account provider if you can.
• 2) Review your account statements for any unrecognized transactions.
• 3) Use a Fraud protection service like LifeLock or other identity theft companies. You can get dark web monitoring of your Social Security Number, driver’s license, phone number, email information, and transaction alerts.
• 4) Report cyberattacks to the Federal Communications Commission or other law enforcement.
• 5) Get the advice of a lawyer and then speak with law enforcement afterward, especially if you are charged with a crime.
• 6) Run your own or request a background check.
• 7) Alert the Equifax, TransUnion, and Experian credit bureaus if you want to freeze or lock your credit report.

 

So, the spirit of Christmas and Hannukah is here: houses and trees lit up, gift wrapping — and scammers. The denizens of the underworld may ruin your holiday while you are concentrating on shopping and giving. They even steal from charitable givers. Continue reading “All I Want For Christmas Is Not To Be Scammed”

Bug bounties are to the internet what wanted posters were to the Wild West. Companies like Google, Facebook, Microsoft, and government offices like the U.S. Department of Defense have been enlisting professional “white hats” (also “ethical hackers” or “security researchers,” sometimes “penetration testers”) to find weaknesses in their defenses — with hefty cash rewards for those who find them (see appendix at end).

White hats – the guardians of cybersecurity — help you find the vulnerabilities in your systems and networks before the black hats do. If a malicious user compromises your network, you may not know for 60 months. That’s the average time until a business becomes aware that a hacker has been in its network. And many serious problems for your business can occur during and after that time. While big companies like Equifax, Maersk, and Target have become victims of cyberattacks and recovered, small to medium-sized businesses hit by hackers may not survive. SMBs may not have the necessary resources and staff to recover fully. Continue reading “Seeing Signs of Network Compromise? The Guardians of Cybersecurity Can Help”

Unsubscribing from email lists can be a door-in for malicious email listers. It’s better to use Gmail or your email provider’s block feature. Choose block as spam. Auto unenroll.

Just a reminder for recognizing fake flash media (SSDs and USB flash drives), since I shopped for some recently.

OK I admit it. I look for bargains online that are not smart purchases, e.g. USB flash drives or solid state drives (SSDs) that are cheap. But those bargains may be hiding garbage technology or malicious software. In general, you should buy for the quality and dependability of a known manufacturer (see suggested manufacturers below). Also consider whether you want a lower or higher range drive from these companies as price will vary. Continue reading “Beware Fake USB Flash Drives and SSDs”

Had a friend who had three of these attacks. Always be wary of messages from friends

https://cyberguy.com/scams/this-facebook-messenger-phishing-scam-is-stealing-millions-of-passwords

I use Norton/Lifelock and they’ve put out this cool little AI-powered site (https://us.norton.com/products/genie-scam-detector) and app (https://apps.apple.com/us/app/norton-genie-ai-scam-detector/id6448706515), which will tell you if the text or image your upload is suspicious. You can upload a screencap of a message, social post, or other site. When you interact with Genie, you can learn if you have encountered a scam or malicious message. Some training still needed; it’s in early access right now, but will no doubt improve.

This is a pretty cool tool.
https://www.aarp.org/money/scams-fraud/tracking-map.html

You can search by scam keywords used, zip/location, type of scam, dates, or type of contact, or if the alert was from AARP users or law enforcement.

Similarly, the FTC’s Consumer Sentinel Network has this tool: https://public.tableau.com/app/profile/federal.trade.commission/viz/FraudandIDTheftMaps/FraudbyMetroArea

Over 50% of enterprise routers are not cleared of data before reselling them. This includes sensitive information like login credentials. Make sure your router creds are not out on the dark web, vulnerable to reuse.

The first thing you should do when starting a new cyber position is an inventory of networking and computer assets. But this also should be an ongoing practice. What is not known becomes an attack vector. Then you’ll be the smart guy. Save yourself from embarrassment…and worse.

Just wanted to touch on one scam that is making the rounds. Many users know the scams to do with sending money to anyone over the internet. But what if you are given a check from a potential employer, such as to buy equipment or work tools, to deposit? What could happen? I interviewed a Chase representative, who told me that he has had recent cases where someone would deposit the check and then the scammer would tell the victim to send on part of the money, or buy gift cards with it. Similarly, “reshipping scams” will ask you to send on a package or funds to another address.

Another such scam can make use of your bank tracking number.

From the FTC’s Consumer Advice:

“The check will bounce, and the bank will want you to repay the amount of the fake check.”

Another warning here is a request to send ID such as a driver’s license as part of pre-employment requirements.

It all goes to the age-old maxim “if it’s too good to be true, it probably is.”

It used to be that antivirus tools focused on Trojans, worms, and viruses. This AV software relied on strong signature-based detection and regularly-updated signatures. Newer AV software has added behavior-based protection against unknown threats.

Antimalware software now also focuses on exploit tools and off-the-cyber-shelf software used by malicious long-term threat actors (Advanced Persistent Threats) to maintain access over time and continue their exploit.

Continue reading “Protecting your PC using Malwarebytes”