Cyber Security Archives

Tag Archive for: Cyber Security

Equifax Data Breach Protection Tips

How to Protect Yourself from the Equifax Data Breach

Equifax, one of the three major consumer credit reporting agencies disclosed that hackers compromised Social Security and driver’s license numbers as well as names, birthdates, addresses and some credit cards on more than 143 million Americans. If you have a credit profile, you were probably affected.

Credit reporting companies collect and sell vast troves of consumer data from your buying habits to your credit worthiness, making this quite possibly the most destructive data security breach in history. By hacking Equifax, the criminals were able to get all of your personally identifying information in a one-stop shop. This is the third major cybersecurity breach at Equifax since 2015, demonstrating that they continue to place profits over consumer protection. Ultimately, their negligence will erode their margins, their credibility and their position as one of the big three.

But that isn’t your concern – your concern is protecting yourself and your family from the abuse of that stolen information that will happen over the next 3 years.

Minimize Your Risk from the Equifax Data Breach

Assume that your identity has been compromised. Don’t take a chance that you are one of the very few adult American’s that aren’t affected. It’s not time to panic, it’s time to act.
If you want to see the spin that Equifax is putting on the story, visit their website. Here’s how the story usually develops: 1. They announce the breach and say that fraud hasn’t been detected 2. A few days later when you aren’t paying attention, they retract that statement because fraud is happening, 3. Sometime after that they admit that more people, more identity and more fraud took place than originally thought. They encourage you to sign up for their free monitoring (which you should do), but it does nothing to actually prevent identity theft, it just might help you catch it when it happens.
I recommend placing a verbal password on all of your bank accounts and credit cards so that criminals can’t use the information they have from the breach to socially engineer their way into your accounts. Call your banks and credit card companies and request a “call-in” password be placed on your account.
Begin monitoring your bank, credit card and credit accounts on a regular basis. Consider watching this video and then setting up account alerts to make this process easier.
Visit AnnualCreditReport.com to get your credit report from the three credit reporting bureaus to see if there are any newly established, fraudulent accounts set up. DON’T JUST CHECK EQUIFAX, AS THE CRIMINALS HAVE ENOUGH OF YOUR DATA TO ABUSE YOUR CREDIT THROUGH ALL THREE BUREAUS.
MOST IMPORTANTLY, FREEZE YOUR CREDIT. The video above walks you through why this is such an important step. Some websites and cybersecurity experts will tell you to simply place a fraud alert on your three credit profiles. I am telling you that this isn’t strong enough to protect your credit. Freezing your credit puts a password on your credit profile, so that criminals can’t apply for credit in your name (unless they steal your password too). Here are the credit freeze websites and phone numbers for each bureau. Equifax is being overwhelmed by requests, so be patient and keep trying. Even if it doesn’t happen today, you need to Freeze Your Credit!

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
Toll-Free: 1.800.685.1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1.888.909.8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1.888.397.3742

John Sileo is an an award-winning author and keynote speaker on cybersecurity. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Trump Russia Investigation Update: Did Campaign HELP Russians Plot Disinformation Strategy?

Honestly, we don’t know yet. There was a time when our voting preferences, our political leanings, our policy choices were our own business. Now they are someone else’s business, quite literally. There are so many stories coming out about Donald Trump’s connections to and collusion with the Russians that it is getting hard to keep these accusations straight. Here’s the latest:

Trump Russia Investigation Update

The key word is help. As in, actively provide information that the Russians may not have been able to discover on their own. “Help” is not a synonym for encourage, appreciate or enjoy.

Without getting too political (because after all, this is a cyber security blog), here are the basics of the Trump-Russia Investigation from a cyber security perspective:

The Trump campaign had possession of a huge amount of information about American voters from Cambridge Analytica, the data mining firm hired to help collect and use social media information to identify and persuade voters to vote (or not vote), through an activity known as political micro-targeting.
Jared Kushner, the president’s son-in-law and now a senior adviser in the White House, was head of digital strategy during the campaign, meaning he was overseeing this effort to micro-target voters.
The Russians unleashed bots, or robotic commands, that swept across the Internet and picked up fake news stories or harshly critical news stories about Hillary Clinton and disseminated them across the United States. By Election Day, these bots had delivered critical and phony news about the Democratic presidential nominee to the Twitter and Facebook accounts of millions of voters.
Some investigators suspect the Russians micro-targeted voters in swing states, even in key precincts where Trump’s digital team and Republican operatives were spotting unexpected weakness in voter support for Hillary Clinton.

So the question is this: Did the Trump campaign, using what we assume to be lawfully-obtained micro-targeted voter intelligence, give access to the Russians so that they could point harmful disinformation campaigns at those vulnerable jurisdictions?

Many top security analysts doubt Russian operatives could have independently “known where to specifically target … to which high-impact states and districts in those states.” As Virginia Sen. Mark Warner said recently, “I get the fact that the Russian intel services could figure out how to manipulate and use the bots. Whether they could know how to target states and levels of voters that the Democrats weren’t even aware (of) really raises some questions … How did they know to go to that level of detail in those kinds of jurisdictions?”

And that is Senator Mark Warner’s mistake – that the micro-targeting had to be so specific that it only hit potential Trump voters in certain jurisdictions. It did not. The campaigns could have been aimed at every person in that state, let alone the jurisdiction, only touching the opinions of those who were ready to hear the message. A phishing campaign isn’t sent only to those people in an organization most vulnerable to that type of social engineering – it is sent to everyone, and the most vulnerable are the only ones that respond. Similarly, it was good enough for Russia to cast their anti-Hillary message in the general vicinity of the target; there was no need for a bullseye to render the disinformation campaign to be effective. Those who received the message but were slightly outside of the voter profile or geographical jurisdiction simply recognized it for what it was, false news. The rest were unethically influenced.

But we don’t know yet if there is a connection between the micro-targeting big data purchased by the campaign and the Russian botnet disinformation attack. We do know, however, that Russia attempted to influence the outcome of the election – and that is what we as cyber security experts, must focus on.

Either way – collusion or not – the implications against our privacy (let alone the political ramifications of foreign entities influencing our election process) are huge. Remember, the Trump campaign had obtained this huge volume of information on every voter, maybe as much as 500 points of data from what kind of food do they eat to what are their attitudes about health care reform or climate change. And yes, I’m sure the Democrats had much of the same information and probably didn’t “play fair” either. The point is that we have gotten so far beyond just accepting that our personal information is readily available and easily manipulated that no one is even bringing up that part of the story.

We, America, have been lulled into allowing everyone else – corporations, our government, even foreign nations – to have more access to our data footprint than even we do.

John Sileo is an an award-winning author and keynote speaker on cyber security. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Ransomware: Cyber Security Expert’s Next Big Threat

Ransomware: A Vital Course on the Next Big Cyber Threat

Ransomware is pretty much exactly what it sounds like: it holds your computer or mobile phone hostage and blackmails you into paying a ransom. It is a type of malware that prevents or limits users from accessing their system and forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems or to get their data back.

It’s been around since about 2005, but earlier this year, the FBI issued an alert warning that all types of ransomware are on the rise. Individuals, businesses, government agencies, academic institutions, and even law enforcement agents have all been victims.

Crowti (also known as Cryptowall), and FakeBsod are currently the two most prevalent ransomware families. These two families were detected on more than 850,000 PCs running Microsoft security software between June and November 2015. Another to take note of is known as Fessleak, which attacks Adobe Flash flaws. It is a “malvertising” trend that pushes fileless exploit into memory and uses local system files to extract and write malware to disk from memory.

How Ransomware Paralyzes Your Computing

There are different types of ransomware. However, all of them will prevent you from using your computer normally, and they will all ask you to do something (pay a ransom) before you gain access to your data. Ransomware will:

Lock your desktop or smartphone and change the password or PIN code
Encrypt important files so you can’t use them (photos, taxes, financials, My Documents, etc.)
Restrict your access to management or system tools (that would allow you to clean the computer)
Disable input devices like your mouse and keyboard
Stop certain apps from running (like your anti-virus software)
Use your webcam to take a picture of you and display it on screen or on a social network
Display offensive or embarrassing images
Play an audio file to scare you (i.e. “The FBI has blocked your computer for a violation of Federal law.”)

Common Ransomware Demands

Generally they demand money in order to unlock your system. Usually, they demand payment through an anonymous payment system like Bitcoin or Green Dot cards, and promise to give you the key if you pay the ransom in time (for example, $17,000 to be paid within 72 hours was the demand given to the Hollywood Presbyterian Hospital, which had all of it’s life-critical medical records frozen)
Sometimes the ransomware shows a “warning from the software company” telling you that you need to buy a new license to unlock your system. Other times, ransomware will claim you have done something illegal with your computer, and that you are being fined by a police force or government agency. These claims are false. It is a scare tactic designed to make you pay the money without telling anyone who might be able to restore your computer and files.

How to Prevent Ransomware Blackmail

The best way to avoid downloading malware is to practice good computer security habits:

Create an offsite backup of your files. Seriously, right now. And make it automatic, so that it happens at least once a day. An external hard drive is one option, but be sure to disconnect it from the computer when you are not actively backing up files. If your back-up device is connected to your computer when ransomware strikes, the program will try to encrypt those files, too. If you have a secure cloud back service that encrypts your files before sending, consider using that as an offsite backup.
Don’t click on links or open attachments in an email unless you know who sent it and what it is. Instead type the URL of the site you want directly into your browser. Then log in to your account, or navigate to the information you need.
Make sure your software is up-to-date.
Don’t download software from untrusted sources.
Minimize “drive-by” downloads by making sure your browser’s security setting is high enough to detect unauthorized downloads. For example, use at least the “medium” setting in Internet Explorer.
Don’t open “double extension” files. Sometimes hackers try to make files look harmless by using .pdf or .jpeg in the file name. It might look like this: not_malware.pdf.exe. This file is NOT a PDF file. It’s an EXE file, and the double extension means it’s probably a virus.
Install and use an up-to-date antivirus solution.
Ensure you have smart screen (in Internet Explorer) turned on.
Have a pop-up blocker running in your web browser.

If you Become a Victim of Ransomware

Stop work! TURN OFF YOUR COMPUTER! Shut down your entire network, if possible until help arrives. You can do this by turning off your switches or routers inside of your premises. Ask your IT professional before taking this step if you think that you might be interrupting service.
Contact an IT Security firm that can visit your office (or home) in person. Handling this type of problem over the internet is not advised, as it could exacerbate your problem.
If you have an offsite backup of your data, have the IT Security firm reinstall your backup and clean it of any ransomware before putting the data and computers back on the network.
Alert other people on your network, as any work completed after infection will be overwritten when the backup is restored.

There is conflicting advice regarding paying ransom. Truly, there is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again. Paying the ransom could also make you a target for more malware. On the other hand, if you have not backed up your files, you may have little choice. Almost 90% of the companies that we have studied as victims of ransomware end up paying the ransom to have their systems unlocked – but only about 50% of them ever receive the unlocking code promised. It’s a gamble, but if you don’t have an off-site backup, it’s probably one you are going to need to take.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

GameOver Zeus Virus Test

The original notice on GameOver Zeus appeared on the US-CERT site. If you’d like to go directly to the tests for the GameOver Zeus virus, scroll down.

Overview of GameOver Zeus

GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, [1] uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.

Systems Affected by GameOver Zeus Virus

Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012

Impact of GameOver Zeus

A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users’ credentials for online services, including banking services.

Solutions to GameOver Zeus

Users are recommended to take the following actions to remediate GOZ infections:

Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date.
Change your passwords – Your original passwords may have been compromised during the infection, so you should change them
Keep your operating system and application software up-to-date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it
Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of GOZ from your system.

F-Secure

https://www.f-secure.com/en/web/home_global/online-scanner(link is external) (Windows Vista, 7 and 8)

https://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142(link is external) (Windows XP)

Heimdal

https://goz.heimdalsecurity.com/(link is external) (Microsoft Windows XP, Vista, 7, 8 and 8.1)

McAfee

www.mcafee.com/stinger(link is external) (Windows XP SP2, 2003 SP2, Vista SP1, 2008, 7 and 8)

Trend Micro

https://www.trendmicro.com/threatdetector(link is external) (Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2)

FireEye and Fox-IT

www.decryptcryptolocker.com(link is external) FireEye and Fox-IT have created a web portal claiming to restore/decrypt files of CryptoLocker victims. US-CERT has performed no evaluation of this claim, but is providing a link to enable individuals to make their own determination of suitability for their needs. At present, US-CERT is not aware of any other product that claims similar functionality.

The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.

GOZ has been associated with the CryptoLocker malware. For more information on this malware, please visit the CryptoLocker Ransomware Infections page.

References

- [1] Highly Resilient Peer-to-Peer Botnets Are Here: An Analysis of Gameover Zeus(link is external)
- [2] Malware Targets Bank Accounts

[3] The Lifecycle of Peer-to-Peer (Gameover) ZeuS(link is external)

Revisions

Initial Publication – June 2, 2014
Added McAfee – June 6, 2014
Added FireEye and Fox-IT web portal to Solutions section – August 15, 2014

John Sileo is an an award-winning author and keynote speaker on cyber security and data breach. He specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Do you have the right cyber security training to take a joke?

What does cyber security training have to do with jokes, you ask? Well, you’re sitting at work when someone sends you an email that promises funny pictures, a joke or a viral video. You go ahead and click, forgetting everything you learned in your company’s cyber awareness sessions …but your company may be tricking you into training.

For many, the negative outcomes of ineffective cyber security remain invisible until they hit close to home. A large number of breaches to security occur not just because of the efforts of hackers, but also because of the naïve practices of employees. Anyone can compromise their workplace’s security unintentionally if they aren’t careful. Fortunately, one company named PhishMe is using this as an opportunity to call us out on our bad habits.

This business basically sends fake spam emails to your employees in order to teach them a better approach to privacy (and reveal how easy it is to give up your info). One such campaign, reported in the Wall Street Journal, involved a promise of cute cat photos. You might be thinking “Oh, come on. I wouldn’t fall for that!” But the potential is out there, and it only takes one careless second. And PhishMe has seen the behaviors of millions corrected because of its services. It’s just one of a few companies taking part in an effort to help corporations step up their game by using the methods of hackers against us as a sort of practice ground.

Anticipating the activities of hackers can be as difficult as accurately predicting the weather, but there are measures that companies can take to help bulk up their capabilities. Consider the advantages of proper cyber security training before you – or someone you work with – falls for one of these for real.

John Sileo is a cyber security training expert and keynote speaker on reputation, privacy and cyber data protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

4 Critical Steps to Mobile Security (iPhones, iPads, Laptops)

Is your favorite gadget burning your bottom line?

No, I’m not referring to the unproductive hours you spend on Angry Birds. I’m talking about mobile security.

Why is Mobile Security So Vital?

Think about the most indispensable gadget you use for work – the one without which you cannot survive. I’m taking a calculated guess here, but I bet your list doesn’t include a photocopier, fax or even a desktop computer. Business people have become highly dependent on digital devices that keep them connected, efficient, flexible and independent no matter where they are. In other words, we are addicted to our mobile gadgets: iPhones, Droids, BlackBerrys, iPads, tablets, laptops and the corresponding Wi-Fi connections that link us to the business world.

To stay nimble and ahead of the game, we must be able to respond to any request (a call, email, social media post, text message), research anything (a client’s background, solutions to a problem) and stay current on what’s happening in our field of influence (breaking news, tweets) even when we are out of the office.

But the same gadgets that give us a distinct competitive advantage, if left unprotected, can give data thieves and unethical competitors a huge and unfair criminal advantage. The net result of organizational data theft can be devastating to your job security, your bottom line, and your long-term reputation. The solution, of course, is to proactively protect your mobile office, whether it’s digital, physical or both. Mobile security is not optional.

Data Thieves Target Mobile Offices

What is a mobile office? If you own any of the gadgets listed above and use them even in minor ways for work (checking email, surfing, social media), you have a mobile office. Smartphones and tablets are more powerful than the desktops of just three years ago. Laptops are the bull’s eye for data thieves, though their attention is quickly moving to smaller, easier-to-steal gadgets. If you work out of your car, travel for your company or have a home office in addition to your regular workplace, you are a mobile worker.

Ignoring the call to protect these devices is no different than operating your office computer without virus protection, passwords, security patches or even the most basic physical protection. If you do nothing about the risk, you will get stung, and in the process, may lose your job, your profits and potentially even your company. The threat isn’t idle – I lost my business because I refused to acknowledge the power of information and the importance of protecting it like gold.

To protect yourself and your company from becoming victims of mobile data theft, start with the 4 Critical Steps to Defend Your Mobile Gadgets:

Make sure that employees aren’t installing data hijacking apps (like the Chess app that was pulled from the Android Marketplace because it was siphoning bank account logins off of users’ smartphones) on their smartphones and tablets thinking that they are harmless games.
Implement basic mobile security on all mobile devices, including: secure passwords, remote tracking and wiping, auto-lock, auto-wipe and call-in account protection.
Only utilize protected Wi-Fi connections to access the web. Free hotspots are constantly monitored by data sniffers looking to piggyback into your corporate website.
Don’t ignore non-digital data theft risks like client files left in cars, hotel rooms and off-site offices. The tendency to over-focus on digital threats leaves your physical flank (documents, files, paper trash, etc.) exposed.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Top Tips to Stop Travel Identity Theft – Sileo on Fox Business

Identity theft increases a great deal when you are on the road. Start protecting yourself with these Top 5 Identity Theft Tips while traveling:

Travel Data Light. If you don’t have to take it with you, increase your safety and leave it at home. This includes checkbooks, debit cards, excess credit cards, Social Security cards and any excess digital gadgets. Simplicity is Security!
Guard Your Devices. Smartphones and tablets are as powerful as laptops. Turn on the auto-lock passcode to keep others out of your information.
Surf Protected. Stop using the free WiFi hotspots in cafes, airports and hotels, as they are constantly sniffed by cyber criminals. Instead, setup tethering between your mobile phone and tablet or laptop so that you are surfing safely.
Privacy Please! Instead of leaving loads of data unprotected in your hotel room (a major source of theft), hang your privacy sign on the door and let house cleaning know that you do not want to be disturbed. Lowering traffic lowers risk.
Mind the Lions at the Watering Hole. Take a minute to watch the video to the left to understand how increasing your awareness in airports, hotels, conferences and restaurants can save you tons of time and money.

Remember, protecting identity on the road isn’t just about you, it’s also about the data you handle in your business every day. It’s one thing to put your own identity at risk, it’s an entirely different affair to jeopardize the security of customer data, employee records or intellectual capital owned by the organization that pays you.

John Sileo is an author and recognized keynote speaker on how identity theft prevention bolsters your bottom line. Learn more about how he can inspire your organization to care about data security, social media privacy, identity management and trust leadership. Contact him directly on 800.258.8076.