As #cybersecurity attacks are increasing exponentially, SolarWinds was a target for hackers for almost a year now. Here’s some insight on how it happened and how to prevent being a part of a #cyberattack.
In the past several months, we have seen an increase in attackers on our healthcare facilities. With the #COVID-19 vaccine rollout, it is so important that healthcare facilities protect their network and increase their #cybersecurity posture. Here is Ara Aslanian, CEO of Inverselogic and reevert, thoughts on what they can do to improve security. #cyberattack
Ransomware attacks have always been a large issue in the cybersecurity world. The victims of ransomware attacks may also be blamed along with hackers.
The Treasury Department’s Office of Foreign Assets Control (OFAC) recently came out with an advisory stating that those who pay the ransom of a ransomware attack may themselves be subject to fines. While this may sound good on paper, in practice this black-and-white approach to a growing cybersecurity problem can be detrimental to all involved.
Popular in many an action movie, the “we don’t negotiate with terrorists” mantra may be thought of as appropriate dogma to cyberattacks. If one pays a bad actor the demanded ransom, then it incentivizes future attacks on others. If everyone refused to pay these ransoms, the method of attack would no longer be a profitable one, and they would move on to another cybercrime. Of course, in the movies, Harrison Ford always gets his plane back and the girl; companies who are unprepared victims of ransomware are seldom that lucky.
What makes ransomware such an effective method of attack is precisely why paying that ransom is not always a bad idea. For most attacks, the ransom is pennies on the dollar compared to what the cost of a recovery would be. For all the ethical debate about rewarding someone for their crime, the reality is that not doing so may cause the most possible damage to the company or individual attacked. The city of Atlanta is an excellent example.
Atlanta was the victim of the SamSam Ransomware in January of 2018. The requested ransom for this attack was $6,800 to unlock a single computer or $51,000 for all the decrypt keys needed to restore the city’s entire system. This attack was the largest successful cyber attack on a U.S. city in history. The attack affected around six million people, interrupting activities such as paying bills and fines, some court-related processing, as well as several internal systems for the city itself. Atlanta decided not to pay the $6,800 or the $51,000 ransom. They did not reward the bad actors for their bad actions and decided to take on the recovery themselves. To do this, Atlanta initially put in $2.7 million to recover everything, but once their systems were finally set back into place, the actual costs to the city were nearly $10 million. Atlanta didn’t let the bad guys win, but at what cost?
$10 million suddenly stripped from a city’s budget does not just mean the problem was fixed, it meant that they were now short of $10 million originally set for other things like salaries, school budgets, road repairs, etc. What could have been a negligible expense ended up costing millions and impacting the city for years to come. The question is what impact does the OFAC advisory really have on protecting U.S. cities and companies from these types of ransom attacks?
The answer unfortunately is, not much. For one thing, this advisory punishes the victim of the attacks. Instead of having to consider the cost of paying the ransom versus the cost of not, they now have to factor in the ransom plus the fine. This makes for some very fuzzy math. Either the fine is so high that it costs a company more to go through a very expensive recovery phase or the fine plus ransom is still less than the cost of recovery.
If the cost of the fine plus ransom is greater than the cost of recovery, under the government’s guidance all ransomware attacks would be exponentially more expensive for the victims. In many cases, it may actually shut down a company that is unable to pay thousands or millions of dollars to recover.
If the cost of the fine and ransom ends up being less than the cost of recovery, then the government is essentially profiting from ransomware attacks. The fiscally responsible move will still be to pay the ransom, but now the government will get a little cut of every attack. Under this model what is the government’s motive to end such attacks?
In both scenarios, the only party to actually suffer is the victim. The government either profits or keeps the status quo, the hacker either gets paid or doesn’t, same as today. The victim is either forced out of business or put in a financially vulnerable spot by the government or simply must pay a “victim’s tax” for being targeted. This would make for a terrible action movie.
If the OFAC advisory isn’t really an effective way of protecting U.S. businesses and cities from ransomware attacks, then what should the government be doing? The answer is in education.
Being a victim of a ransomware attack isn’t an inevitability. Being put into a situation of having to decide whether to pay is not absolute. With the right internal policies, procedures, and technology in place, being the victim of a ransomware attack is entirely avoidable. But you need to know what policies and procedures to have in place. You need to know what tech is available to protect you. The government should expand itself as a resource to help businesses and cities become aware.
Three ways the government can help with ransomware education are:
PSA videos – Create short and informative videos that can be incorporated into any HR department’s cybersecurity employee training program. Videos like these can highlight what to look for to identify a phishing scam, how to keep your personal information safe from being a phishing target, and steps to take the moment an attack is apparent.
Cyber training classes – The best way to prevent a ransomware attack is to ensure everyone within a network, be it a municipality or a corporation, is aware of all the suggested cybersecurity policies and best practices, as well as how to identify any potential point of attack. Building off the basic information that can be shared through a PSA, these classes presented by the government could go into much greater detail and provide employees with everything they need.
Cybersecurity education in schools – Ransomware and other such malicious cyber attacks will always be a threat. It is the nature of a constantly changing digital world. While keeping employees up to date on the latest threats with PSA Videos and Cyber Training classes is vitality important, we need to address these threats at the root. The best way to achieve this is to instill from a young age the threats and dangers of cyberattacks. Teach students how to look at phishing scams or behavioral vulnerabilities with a focused mind, so that as the next generation of workers enters their various fields, they are less likely to fall prey.
The government’s role is to protect its citizens and companies. Punishing the victim should not be one of its tactics to do so. Though it may be counter-intuitive, sometimes paying off a ransom is the best move to make. The best way to prevent these types of attacks is proper education and actions before they occur. With the government’s support of a comprehensive cybersecurity education program that works with today’s generation of workers as well as the next, it will have much greater success in decreasing successful ransomware attacks in the short and long term.
As the situation with Coronavirus COVID-19 advances, many state governments are now issuing orders to work from home for the purposes of slowing down the spread of the virus through “social distancing”. While this period of uncertainty and fear grows, so do the phishing attempts of cybercriminals who seek to take advantage of potential victims.
European cybersecurity agency ENISA has been warning users to stay vigilant for any suspicious looking emails that arrive in users’ inboxes – especially those that mention the Coronavirus – urging people to avoid clicking links or downloading files that may otherwise include malware and infect devices. Instead, it is recommended to check the legitimacy of the email through methods such as checking the direct website or calling a company’s direct phone line if the email and sender looks suspicious. Any unusual requests through an email should be handled with skepticism and caution.
Aside from being careful of such emails, ENISA also recommends employees to follow these security measures to stay safe while working from home:
Maintaining a secure WiFi connection and having WiFi password protected so as to keep others away from accessing your web traffic. Employees should also make certain their connection on WiFi is secure rather than using an untrusted network through public WiFi.
Having an antivirus software downloaded on your device as you work on sensitive material
Making sure your computer software is up-to-date with the latest security updates
Locking your desktop screen when it is not in use
Making sure all files are being backed up in case of an emergency (e.g. a ransomware attack)
During this time with remote work, employers should also take responsibility in making sure all employees are well equipped with tools necessary to ensure business security. For example, having an emergency cybersecurity plan or support available for workers when facing technical issues, or having a protocol to follow when working from home in the case of accessing sensitive files.
From time to time, we receive strange texts from numbers we don’t recognize telling us that our Amazon account has or needs a delivery update or that there is unusual activity detected in our bank account. Texts like these are accompanied with a suspicious looking link that asks you to click to log in. The issue with these messages is that sometimes it could be difficult to tell if it’s a scam when it mentions a company, bank, or other entity we typically interact with. While this may be so, we’ve outlined a few tips for you to keep in mind when you get that suspicious SMS message:
Tip #1: Don’t Click on Links from a Text You Don’t Recognize
It’s important to look out for one of the bigger signs that the text you received could be a scam: if it asks you to click on a link. Usually, you can tell when a link is fraudulent through the domain name. Other times it may be a bit more difficult to assess the link, especially if the company name is used within the link. In whichever case, it’s best practice to just avoid clicking on any such links sent to your phone. If you receive a delivery notification that asks you to check its status through a link, go to your web browser or application instead and log into your account to do so.
Tip #2: Don’t Reply to Suspicious SMS Messages
Messages that you don’t recognize could ask you to reply “YES” or “NO” or to give them a call about your bank account that was experiencing suspicious activity. In any case, avoid replying back to such messages and note that call to action texts that you don’t recognize could very well be an SMS scam.
Tip #3: Be Mindful of the Message Content
It’s important to look out for a few tell-tale signs within message content that may reveal the malicious nature of a text. Several things to spot include the greeting message, spelling, grammar, and the link provided. If anything seems out of character through the message, then you’re probably right to think it may be fraudulent. Again, it’s always best to sign into your account through the official website than clicking on a link you’re unsure of – especially if the domain doesn’t appear to be an official company website link.
Tip #4: Use Your Phone’s Block Feature
To help you avoid receiving any further messages from a sender, iPhones come equipped with the ability to “Report Junk” for texts you don’t recognize. The option appears when your phone recognizes that the number is not part of your contacts list. You can also block a number that sends you malicious messages by pressing on the contact info button at the top of your iMessage, press on the number once more at the top, then scroll to the bottom to press “Block this Caller”.
A malware called Emotet is spreading through the US and UK, specifically targeting banks and financial sectors according to a report published by Menlo Security. Cybercriminals have implemented a malware campaign that spreads via phishing emails, with the attachment of a malicious Microsoft Word document attachment. The email is made to look official through mention of financial topics such as invoices or banking details in the subject line, attracting victims to click on the file.
Emotet malware use was on the decline back in December 2019, yet began to pick up momentum again early into the new year as cybercriminals use it for new malicious purposes.
These targeted attacks are meant to disrupt multiple sectors including media/entertainment, transportation, and food/beverage in locations such as the US, UK, Philippines, Spain, and India. Emotet attacks have largely been focused on the financial services sector, with half of these campaign attacks affecting the US and a quarter affecting the UK.
After a user clicks to download the infected Word file and presses on “enable editing”, embedded macros are deployed onto the victim’s computer, which then successfully transfers the Emotet malware. Once transferred over to the user’s device, Emotet not only steals sensitive information, but can also facilitate the spread of more malware to other computers that use a shared network.
Emotet can’t be traced to just one source of administration, since its function as a botnet infects Windows computers globally, which then spreads further through those infected devices.
As Emotet continues to wreak havoc, business employees should take precautionary measures in avoiding any suspicious emails that arrive in their inbox, as documents or any links attached could very well be infected with malware. Users should be cautious of those emails that ask to “enable macros”. Keeping computer operating systems up-to-date is also an important step to take in order to stay safe.
Ransomware attacks, cyber attacks, data breaches – these are just a few cybersecurity threats that catches one’s attention. However, here are some other types of threats you may not have expected:
Malicious USBs That Could Carry Viruses
Some USB Sticks could be very dangerous if initially tampered with and – once plugged in – can install a backdoor on PCs. You should be very cautious of plugging in a USB drive to your PC if you are unsure of where it’s from. Other USB sticks may not start causing immediate damage once inserted. Instead, such USBs could carry viruses that could wreak havoc on your computer after initial download. Always make sure you know where the USB comes from, keep your computer’s operating system up-to-date, and have the proper security tools installed.
Browser Extensions That May Do More Harm Than Good
Browser extensions have everyday useful features, but some extensions need close evaluation from its users. Extension developers could use these programs to collect data on what you search online. If you happen to choose the wrong extension, it could end up annoying you with pop-ups, installing unneeded software, and could also sell your browser data. To help prevent this, minimize your extension downloads, do your research on the developers behind each extension, and just stick to the ones you know of.
Charging Cables That Could Give Hackers Access To Your Device
The purpose of a charging cable is to give power to your device and help sync information. However, there are some charging cables out there that look very similar to your everyday charger, but they could give hackers access to your device’s information. All you would have to do is click “trust this computer” when a malicious cable is plugged in, and the hacker would have access to your device. To help prevent this issue, be mindful of the charging cables you purchase or only use the charging cables that come with your device.
Photo Uploads That Give More Information Away Than Wanted
There’s nothing wrong with posting photos on social media. However, you should be careful with putting your pictures on “public”, as uploaded photos can carry your location data. Apps like Facebook and Instagram remove this information, but apps like Google Photos track the location of where the photo has been taken. Posting the photo online with a location tag can add the location back to a photo even if you remove the location data. This photo data can put you at risk of identity theft or online stalking if a cybercriminal were to use your pictures for these malicious purposes. To prevent this, keep your social profiles on “private” mode.
Smart Home Devices That Could Be Hacked
As homes get smarter, hackers have the chance to target them. If hackers are able to access homes, they could make sure doors remain unlocked or check your security cameras. To combat this, buy devices that are well-known and make certain that all your devices – including your router – are always up-to-date with the latest software. Also, do not keep default passwords for your smart home device accounts. Make sure your passwords are hard to guess and are not used elsewhere. For more protection, turn on two-factor authentication for your device accounts.
Just in time for National Cybersecurity Awareness Month, Google Maps, YouTube, and Google Assistant were recently announced to have new tools related to user privacy and security. The new updates to these applications give users more control over what data Google can retrieve, and even gives the option for users to delete already collected data such as within Google Voice Assistant.
Google Maps has now included an incognito mode to keep the application from tracking which places you search for and where you travel to, this thus giving its application users more control over privacy. Incognito mode also helps to keep users’ personalized recommendations from including any locations that would otherwise be irrelevant. Android and iOS users are expected to have this feature available to their Maps application this month.
YouTube is receiving an update as well, with users now able to choose when the app will automatically delete accumulated history. You can choose to keep your watch history for three or 18 months, or just choose to keep the data until you delete it manually.
Google Assistant is also getting an update that allows users to delete any saved voice data. By saying phrases like “Hey Google, delete the last thing I said to you,” or “Hey Google, delete everything I said to you last week,” to your device, Google Assistant will delete its “Assistant Activity”. Deleting voice data from a while back would require you to go into account settings.
This Google Assistant feature is expected to be released in all languages by next month. The English commands will be available this month.
Lastly, Google had released Password Checkup within its Password Manager tool. The Checkup feature notifies its users if their passwords have been compromised from a data breach, weak and need to be strengthened, or whether a password has been reused. Google will be adding this tool to Chrome soon, but users can still take advantage of the feature at passwords.google.com.
Instagram is working on putting user account security at a high priority by making it more difficult for hackers to steal accounts to hold them hostage for ransom or sell for high profit.
Hackers are after big influencer accounts in a scheme reported by Motherboard which involves cybercriminals targeting big name Instagrammers. The attack works through an email link that – once clicked – directs users towards a fake Instagram login page. Once a hacker steals the login credentials and has access to the account, victims are unable to sign-back in or regain access to their own profiles, as hackers change both the recovery email address and phone numbers associated with the account.
Instagram had previously acknowledged the problem of users having difficulty in accessing their accounts, to which the company had advised in setting up two-factor authentication as well as implementation of stronger passwords, but adding these extra steps of security doesn’t exactly help when a cybercriminal has already accessed an account. Phishing links have been used as a primary means of tricking influencers into signing into bogus login pages made to look authentic. Furthermore, if an influencer has used the same account credentials that were previously involved in a data breach elsewhere, cybercriminals can use this information to their advantage to gain access to an account
After users have long complained about Instagram’s lack of responsibility and initiative in taking care of the hacker issue, the company recently announced new ways of combating this ransom tactic.
If a user can’t log in to his/her page, Instagram gives one the option of sending a six-digit authentication code to the account’s original phone number or email address that was used when the account was first created. Any other devices used by hackers that are logged in will be logged out, allowing a user to recover their page by resetting their email and password. This feature is currently under testing.
Instagram has also promised to bring another feature – one already available for Android users – to iOS. The feature allows a user to change their Instagram handle while also allowing one to maintain their previous handle for 14 days. This upcoming update is meant to deter any hackers from taking popular usernames to sell for profit. After the 14 day period is over, the username becomes available for anyone to use.
The groups have been noted as partaking in “shady (at best) and illegal (at worst) activities,” using easily identifiable and locatable names such as “Spammer & Hacker Professional” or “Facebook hack (Phishing)” and yet remained up and active without intervention from Facebook itself.
Researchers at Cisco have found approximately 74 groups that partook in cybercriminal activities such as selling stolen login and account credentials and banking information. Others would sell tools for email spamming. The groups had amassed around 385,000 members in total and were easy to search for through simple keyword phrases like “spam” and “carding” when one looked into Facebook group search.
Cisco’s Talos team had notified Facebook about the hacker groups through abuse reporting, to which Facebook had responded by removing a few of the groups while keeping others up and only removing some posts deemed as a violation of policy. After the Talos researchers spoke directly with Facebook’s security team, the groups were taken down, but the issue of cybercrime on the social media site still remains a prevalent problem as new groups always seem to emerge.
Such activity isn’t new to the Facebook community. Groups like these have been operating for years on the social media platform. Brian Krebs from KrebsonSecurity had found 120 cybercrime groups back in 2018, for example, notifying Facebook in order to have the groups removed.
A spokesperson told The Verge that “[Facebook] know[s] [it] needs to be more vigilant and [they’re] investing heavily to fight this type of activity.”