Ransomware Recovery

If you’re hit by ransomware, do not panic. Think through the processes below.

1. When can you start on your client’s recovery? At least seven days will lapse before you can get to work on the systems.
2. How long will my client be down? Give your client some ready, loaner servers.
3. Should my client pay the ransom? Keep your client asset list ready. What is the priority for bringing the data back online.
4. Am I as an MSP going to be liable? You will encounter this later in the process. Make whoever provides your errors and omissions insurance aware of the problem.
5. How do I prevent this?
– Set up users so they don’t have admin rights.
– Do not log in to workstations with domain admin accounts.
– Create an alert to let you know if you have a domain admin logged into a machine that’s been idle for more than an hour.
– Don’t give normal users domain access rights. Only give them these rights when they are applying updates. Give them local admin rights only as needed and create these rights on a separate account.
– Do not share passwords or usernames between accounts.
– Never log in to your backup servers or solution from the servers you are backing up.
– Check your AV status, running or not? Make sure it gets updated and users can touch it.

*** Ransomware doesn’t work if it doesn’t kill the backups. ***

Google takes responsibility

I can’t do any better than to point out that Google incognito mode shares your IP address, device data, and browser history despite seemingly offering a private browsing experience. “Google has updated its disclaimer in Incognito Mode according to MSPowerUser, and lawyers have been working to finalize a settlement.”
Read for more.

My voice is my passport

That was one of the famous lines from Sneakers (1992). Today, you may have devices and apps listening in on your passport. Voice assistants like Bixby, Siri, or Alexa may be doing it. Apple says Siri runs a speech recognizer at all times. “Hey Siri” or “OK Google” can start the recording. Apps may also be recording your voice.

Use these recommended steps to protect yourself.
1. Turn off Siri, Bixby, or Alexa.
2. Turn off your microphone by going to the settings for each app that may use your voice (or ambient sound!).
3. Use anti-malware software.
4. Use a VPN.

Anti-virus software may help you. Just like a VPN can.

Do the job properly, and upgrade and modernize correctly

Doing a piece on technical debt and cybersecurity. Developers know the term technical debt. When faced with a deadline, peripheral requirements are sacrificed for expediency. The proper course of action is to spend more time to complete a project. Sacrifices cause the solution to deviate and, in the long term, can impact performance, scalability, resilience, or other similar system characteristics.

While not all technical debt can result in negative outcomes, shortcuts, and outdated security and infrastructure can impact your cybersecurity significantly. Not only can efficiency be reduced, but an easy and limited solution can amount to an open door. The organization’s eyes are not on the future and the door gets wider.

In short, you need to do the job right, including modernizing old tech and configuring correctly. You must also adapt to the changing cyber landscape–or increase your vulnerabilities by not doing the job properly.

Post-Christmas Cautionary Tech Settings and Practices

So your living room may still have wrapping paper on the floor and it was easy to unwrap those gifts and forget to set them up correctly.  Use the following settings and practices to make your new gadgets run privately and securely:

  • Set up privacy settings that can help you locate your new, missing devices, like “Find my…”
  • Physical privacy can be improved with a privacy screen protector, so you won’t have eavesdroppers sitting or standing next to you tuning in.
  • Set up anti-malware software on your new devices.
  • Clean the data off your old devices and recycle them.
  • With new computers, tablets, and TVs, disable ads and tracking.
  • Set strong passwords/passphrases, PINs, and multi-factor authentication.
  • Turn on backups!
  • Use Brave or Vivaldi.

These are indispensable actions. I hope you had a great Christmas!

Christmas Greetings From Your Local Scammer

Some basic cyber practices for the holiday!

  • Guard your Personal Identification Number (PIN) in public. Eavesdroppers may be spying on you from behind while you are typing it in or if you write it down. Cover the keypad. Watch for skimming devices attached to ATMs, which can capture your PIN.
  • Watch out for indications of tampering or skimming on card readers or someone trying to distract you or offer you help, especially at gas stations, bars, and restaurants. Inform the merchant or authorities if you think you’re a victim.
  • When you are traveling, you want to avoid shopping hassles. Head this off by calling your bank or credit card company to notify them. This way, the company will know not to lock your cards for unusual activity.
  • Keep your bank and credit cards secure; avoid public display.
  • Contactless payments through an RFID credit card (contactless or tap-to-pay cards) are among the safest purchasing methods. Your RFID-enabled card, smartphone, or other wearable uses encryption and tokenization to protect your personally identifiable information (PII). RFID technology sends information between a tag and a scanner using radio waves. A credit card is RFID enabled if you see the contact list symbol on the front or back (similar to a sideways WiFi symbol). To protect your RFID device, an RFID-blocking wallet can prevent someone from robbing you even if you don’t take it out of your pocket.
  • Use the chip on your card rather than the magnetic strip.
  • Use a combination of letters, numbers, and symbols for your passwords, update them regularly, and avoid reusing them. A password manager is the best way to create complex and secure passwords.
  • If you are shopping online, make sure you see the lock icon or “https” in your browser’s address bar.
  • Your credit card or payment service should offer fraud protection.
  • Don’t use public WiFi or computers when performing online transactions.
  • Take advantage of your bank or credit service’s transaction alerts and review them routinely for unauthorized or suspicious transactions.
  • Report to a bank or credit card company if you lost your card or had it stolen. Most times, these companies have 24/7 hotlines for this.
  • Beware of phishing emails with links or attachments, and do not expose your PII over the phone or online to any unknown person or company.
  • Use anti-malware software to protect yourself from data breaches.
  • Don’t use credit cards on public WiFi networks.
  • Use the Apple Pay, Google Pay, or Samsung Pay digital wallets to store your credit and debit card information safely. You can use these features on a smartphone or smartwatch, which operates with Near Field Communication (NFC) technology to process your payments. If your device has one of the digital wallets, you can wave your device over a contactless reader for a few seconds to process the secure payment.
  • PayPal and Venmo offer an alternative secure purchasing method. You can link them to your bank account, credit, or debit card to a PayPal account to execute transactions without exposing your financial details to a third party and take advantage of encrypted financial data and fraud protection.
  • What do you do if you’ve been scammed?
  • 1) Change your passwords and call your account provider if you can.
  • 2) Review your account statements for any unrecognized transactions.
  • 3) Use a Fraud protection service like LifeLock or other identity theft companies. You can get dark web monitoring of your Social Security Number, driver’s license, phone number, email information, and transaction alerts.
  • 4) Report cyberattacks to the Federal Communications Commission or other law enforcement.
  • 5) Get the advice of a lawyer and then speak with law enforcement afterward, especially if you are charged with a crime.
  • 6) Run your own or request a background check.
  • 7) Alert the Equifax, TransUnion, and Experian credit bureaus if you want to freeze or lock your credit report.


All I Want For Christmas Is Not To Be Scammed

So, the spirit of Christmas and Hannukah is here: houses and trees lit up, gift wrapping — and scammers. The denizens of the underworld may ruin your holiday while you are concentrating on shopping and giving. They even steal from charitable givers. Continue reading “All I Want For Christmas Is Not To Be Scammed”

Seeing Signs of Network Compromise? The Guardians of Cybersecurity Can Help

Bug bounties are to the internet what wanted posters were to the Wild West. Companies like Google, Facebook, Microsoft, and government offices like the U.S. Department of Defense have been enlisting professional “white hats” (also “ethical hackers” or “security researchers,” sometimes “penetration testers”) to find weaknesses in their defenses — with hefty cash rewards for those who find them (see appendix at end).

White hats – the guardians of cybersecurity — help you find the vulnerabilities in your systems and networks before the black hats do. If a malicious user compromises your network, you may not know for 60 months. That’s the average time until a business becomes aware that a hacker has been in its network. And many serious problems for your business can occur during and after that time. While big companies like Equifax, Maersk, and Target have become victims of cyberattacks and recovered, small to medium-sized businesses hit by hackers may not survive. SMBs may not have the necessary resources and staff to recover fully. Continue reading “Seeing Signs of Network Compromise? The Guardians of Cybersecurity Can Help”

23 and Me and You and Your Identity

This 23andMe data breach came out last Friday, but I wanted to mention it. It didn’t get the notice it should have because of Saturday’s events. It is certainly odd that Jewish and Chinese individuals were targeted. Why anyone would want this type of data, from a certain ethnic group?

But speculation aside, this is a big deal. The culprits are selling these records.

Beware Fake USB Flash Drives and SSDs

Just a reminder for recognizing fake flash media (SSDs and USB flash drives), since I shopped for some recently.

OK I admit it. I look for bargains online that are not smart purchases, e.g. USB flash drives or solid state drives (SSDs) that are cheap. But those bargains may be hiding garbage technology or malicious software. In general, you should buy for the quality and dependability of a known manufacturer (see suggested manufacturers below). Also consider whether you want a lower or higher range drive from these companies as price will vary. Continue reading “Beware Fake USB Flash Drives and SSDs”

Norton AI Scam Scanner

I use Norton/Lifelock and they’ve put out this cool little AI-powered site (https://us.norton.com/products/genie-scam-detector) and app (https://apps.apple.com/us/app/norton-genie-ai-scam-detector/id6448706515), which will tell you if the text or image your upload is suspicious. You can upload a screencap of a message, social post, or other site. When you interact with Genie, you can learn if you have encountered a scam or malicious message. Some training still needed; it’s in early access right now, but will no doubt improve.

Safeguarding Customer Trust and Compliance: Why Organizations Are Embracing Zero Trust

Understandably, companies and organizations are embracing zero trust with the daily business pressures that have evolved over the last few years. The pandemic presented small businesses and organizations with new security considerations: remote workers with access to a much wider range of apps, new ways of working onsite, bring your own devices, cloud-based assets, and new supply chain and vendor processes. Furthermore, you may have added these changes to your network ad hoc. Now, you have an unwieldy patchwork of devices and computers at your business. Continue reading “Safeguarding Customer Trust and Compliance: Why Organizations Are Embracing Zero Trust”

Scam map!

This is a pretty cool tool.

You can search by scam keywords used, zip/location, type of scam, dates, or type of contact, or if the alert was from AARP users or law enforcement.

Similarly, the FTC’s Consumer Sentinel Network has this tool: https://public.tableau.com/app/profile/federal.trade.commission/viz/FraudandIDTheftMaps/FraudbyMetroArea

Clear your defaults

Over 50% of enterprise routers are not cleared of data before reselling them. This includes sensitive information like login credentials. Make sure your router creds are not out on the dark web, vulnerable to reuse.

The first thing you should do when starting a new cyber position is an inventory of networking and computer assets. But this also should be an ongoing practice. What is not known becomes an attack vector. Then you’ll be the smart guy. Save yourself from embarrassment…and worse.

Job deposit check scam

Just wanted to touch on one scam that is making the rounds. Many users know the scams to do with sending money to anyone over the internet. But what if you are given a check from a potential employer, such as to buy equipment or work tools, to deposit? What could happen? I interviewed a Chase representative, who told me that he has had recent cases where someone would deposit the check and then the scammer would tell the victim to send on part of the money, or buy gift cards with it. Similarly, “reshipping scams” will ask you to send on a package or funds to another address.

Another such scam can make use of your bank tracking number.

From the FTC’s Consumer Advice:

“The check will bounce, and the bank will want you to repay the amount of the fake check.”

Another warning here is a request to send ID such as a driver’s license as part of pre-employment requirements.

It all goes to the age-old maxim “if it’s too good to be true, it probably is.”

Protecting your PC using Malwarebytes

It used to be that antivirus tools focused on Trojans, worms, and viruses. This AV software relied on strong signature-based detection and regularly-updated signatures. Newer AV software has added behavior-based protection against unknown threats.

Antimalware software now also focuses on exploit tools and off-the-cyber-shelf software used by malicious long-term threat actors (Advanced Persistent Threats) to maintain access over time and continue their exploit.

Continue reading “Protecting your PC using Malwarebytes”

Ransomware Timeline

Utilities and infrastructure, government agencies, hospitals and healthcare institutions, schools, food production and distribution industries–even ferry service to Martha’s Vineyard, all have been attacked by cybercriminals using ransomware, probably now the most used kind of exploit of network systems.

“Even as we speak there are thousands of attacks on all aspects of the energy sector and the private sector generally…it’s happening all the time,” said Energy Secretary Jennifer Granholm to CNN. Continue reading “Ransomware Timeline”

What in the World is a Penetration Test?

A penetration test is an agreed-upon simulated, offensive cybersecurity engagement that tests for vulnerabilities in the target’s systems. The red team is the offensive team and the defenders are the blue team. The organization being tested is looking for weaknesses in their systems.  (Optionally, an organization may set up a purple team to support the engagement.)

In order to do a penetration test you need written permission with specific rules of engagement. You cannot deviate from the plan that is agreed upon. Even scanning the ports of the target system can throw up red flags for the responsible organization and can lead to legal trouble for you if not documented.

Though many red-team/blue-team exercises use in-house teams for both, an outside hacker can actually make some good money doing this. Some hackers make a career out of it. I’ve heard of a contract tester making $50,000 for one engagement; though in-house team members can make $140,000.  There’s even two certifications specifically for penetration testing, the Certified Ethical Hacker and PenTest+ certs.

Halo’s red team/blue team borrows from this concept: Spartan Showdown: Blue Team vs Red Team – YouTube