Category: Security

As I’ve mentioned before, ransomware is becoming the preferred attack today and you can see the renewed effort to fight it in the IST Ransomware Taskforce.

For home users, some good backup plans and other preventive practices should include:

Continue reading “Ransomware Disaster Recovery”

Wired did a rundown of the first 6 months of major hacks:
https://www.wired.com/story/worst-hacks-breaches-2022

This part sounds concerning. For whom and for what reason was this attack carried out?
“This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” state attorney general Rob Bonta said in a statement. “The California Department of Justice is entrusted to protect Californians and their data. We acknowledge the stress this may cause those individuals whose information was exposed. I am deeply disturbed and angered.”

When we talk about security controls we are talking about technical and operational steps and settings for preventing or minimizing attacks. The Center for Internet Security has listed 18 controls as critical. With them you can minimize the risk of data breaches and exfiltration, IP and ID theft, corporate espionage, privacy loss, and denial of service attacks, among other cybersecurity threats. Continue reading “CIS Security Controls Explained”

2021 was witness to a number of major cyberattacks: SolarWinds, Microsoft Exchange, Quanta, Colonial Pipeline, Kaseya, and Log4j. These attacks proved that food companies, utilities, supply chains and software providers could all be compromised. Cybercrime is up 600% since the pandemic began: Continue reading “Pandemic Blues: the Clock is Ticking and the Hackers are Calling.”

A local bank sent out a newsletter about how relying on caller ID is no longer possible. Scammers can spoof phone numbers. 

Also, watch out for callers impersonating a bank, credit card or other financial account representative. Don’t provide any PII or financial account information over the phone. Hang up and call your institution directly. Do not click any email links or texts if you don’t know if they are from who they say they are.

Watch out for scammers saying fraud has occurred and phone calls, texts, links or emails that try to get you to provide real information about your accounts. Don’t perform any sending or transferring of money by phone, text or email. Banks will never get you to transfer money to yourself.

• Who are you sending money to?
• Who are you talking to or emailing?
• Avoid giving out PII or account details.
• When in doubt, hang up and call your bank directly.
• Avoid urgent requests for money or supposed account problems.

You may not want to address cybersecurity, thinking it can’t happen to you. But it can. You hear the stories about the big companies hit with a cyberattack, but thousands of attacks are happening right now. Sixty seven percent of SMBs with fewer than 1,000 employees have experienced a cyberattack; fifty-eight percent have been hit with a data breach. An attack will affect everything you do–and more than likely (60% of SMBs) lead to bankruptcy within a year.

Everything you’ve worked for and love.

Finances are the thing that you as a business owner are, rightly, concerned about. Even if your company does not end up bankrupt, your business could be saddled with immense costs, possible fines and lawsuits over a data breach. Day-to-day operations that could be disrupted:  employee daily workflows, customer service, and regulation and compliance requirements.

Your plans for the future could also be threatened. You saw a vision for the future, attracting new customers, generating new business and creating a well-known brand. Your reputation could be damaged.

Part of the growth threatened is improvements in employee communication, performance, motivation and cyber savvy, and you can’t attract new, diverse talent to a company with a bad rep.

Over 92% of cyberattacks start with email. It may have been a careless employee who put your business at risk, clicking a phishing link or being scammed by email. That’s means you know how to stop most attacks: cyber education for your employees.

You need to prepare. Fight for what you love and built.

On the dark web you can buy call center services and bot armies that are amazing in scope (“hundreds of millions of dollars in assets. ..The group’s extraordinary profitability allows its leaders to invest in illicit research and development initiatives,’ the researchers say. ‘Wizard Spider is fully capable of hiring specialist talent, building new digital infrastructure, and purchasing access to advanced exploits.'”).  https://www.zdnet.com/article/wizard-spider-hacking-group-hires-cold-callers-to-scare-ransomware-victims-into-paying-up

It is impressive. Wizard Spider also leverages BEC.

As a system admin you need to be on the lookout for people who make these. “[T]here were 1,862 data breaches in 2021 — a 68% increase over breaches in 2020. And, new year-over-year results indicate a fast start to data breaches in 2022, as more than 90% of data breaches are cyberattack-related.”
https://www.securitymagazine.com/articles/97518-the-20-most-common-passwords-leaked-on-the-dark-web

Took some time with 300 accounts being compromised and getting personal information through them.  Used social engineering and hit client Trezor. Here a corporate policy that recommends exactly what they are hit with.

Took some planning:

“The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app,” the crypto wallet company wrote in a blogpost.”

As usual, some irony dripping off this one when compared to the recommendations on their site help:

“You received an unexpected email from Mailchimp staff or service teams. This may include forgot username emails or password reset emails you didn’t request…For an extra layer of security, we encourage you to set up two-factor authentication with SMS or a two-factor authentication app”

https://mailchimp.com/help/i-think-my-account-has-been-compromised/

Saw these recommendations for cyber today. Organizations should be vigilant for the evergreen practices: employee training about phishing and social engineering, give only the permissions needed to users, and scan for vulns and lock down ports you don’t use. But it adds, clean up old accounts (a practice for admins) and resist trying out new security measures.

Four key cybersecurity practices during geopolitical upheaval | Malwarebytes Labs

CISA has also put out some recommendations: Shields Up | CISA

So now these crooks are using a new ransomware called LokiLock, that wipes your device. This has already happened in Ukraine and “The US government fears destructive malware could target organizations in the West in retribution for sanctions against Russia.”
‘Everyone loses’: This new ransomware threatens to wipe Windows PCs if its victims don’t pay up | ZDNet

How can you negotiate when they destroy your machine in the process? It’s clearly like NotPetya, where Ukrainian systems were attacked by Russian actors. That’s what is currently

A colleague said that he prefers the U.S. having separate agencies in lieu of a centralized authority. He’s right about centralized authority in general, but I think we need a single federal agency in this case–in the name of readiness for a war perhaps coming soon to your local water company.