Social Malware

Social Media, just about everyone has some a type of social media account. If you ask anyone with a social media account what the most annoying thing about it is, they might tell you one of two things; Getting spam messages from an account whether it is friend or foe, or having fake pages follow and or request you. From December 2014 to December 2016 social media impersonators grew at an exponential rate, growing at a pace of 11 times within in those two years. Fake accounts or impersonated accounts have a negative effect on social media, because it hurts business, other individuals etc. What many people do not realize is that a handful of their followers, or friends on social media are not actual people, rather systems put in place to search your personal information. The same goes for some of the ads that are put on social media. Impostors create ads prompting users to click through to a malicious site. Usually containing phrases like: “YOU WIN CLICK HERE” or “POP THIS BALLOON TO WIN YOUR PRIZE” is another form of malware. Mike Raggo, a computer scientist, who created a website to track impersonators, says he is highly surprised and impressed because social platforms typically require a vetting process for promoted ads. Impersonators can bypass the vetting process by using real brand logos and similar-looking merchandise. Many impersonators employ several techniques: phishing, adware, malware, fraud, counterfeit merchandise, and “follow farming”. Many impersonators set up their accounts long before they attack. What many do is create an account that seems normal, it goes through the process of following any and everybody hoping for follow backs, then the page may go dormant for a while and when it reappears, it is sending spam messages asking you to click on a link to something. A lot of accounts had been set up for some time to build a following. Then they change multiple times, transcending multiple accounts or companies over time. Research shows that there is an interesting challenge for many businesses as they have to figure out and understand how to keep themselves secure. Most organizations are equipped to handle phishing, malicious links, and malware in email, but are they equipped to handle social media?

Hotel Security

Everyone stays at a hotel every so often, whether it’s for business, vacation, or just to get away from a little while. What many people do not realize is that cybersecurity in a hotel, just like in the real world is very important. Even though hotels do not process as many transactions as a retail store might have, but their guests have more at stake. There are 4 core areas hotels focus on when it comes to them developing their cybersecurity:

Installing security as a Cultural norm

Thinking Beyond the credit card

Be smart about responses

Don’t Sleep on inside threats

Installing security as a cultural norm, hotel security must be a standard practice. When it comes to physical properties, many people will either lock their doors, put their possessions in a lox bock, or some hotels can hold guests possessions for safekeeping. Guest often make the mistake that their network is also this secure. As I discussed in a previous blog, open and unsecure wi-fi’s are very dangerous. The case with hotel wi-fi is similar to this. Most hotels have a semi-secure server. There are 3 ways to get the wifi password; there may be a card in your hotel room, you can ask the front desk, or there might not be a password. None of these methods are very unsecure, because anyone can act like they are staying in the hotel just to get the wifi password, or if there is not password, someone can just sit outside and hack away. If the password is in the room who’s to say that someone won’t pass it along to an outside person?

Cybercrime happen, that is the way technology is moving now-a-days. Yet they are not reported as often as they should be. At most hotels, they have advanced cybersecurity professionals who can detect intrusions, asses the extent of the breach and provide details of the compromised material. The best way to avoid a cyberattack at a hotel, if you have to do work over a network, is to not put out as much personal or financial information out over that network. The less you put out, the harder it can be for hackers (if there are any) to hack your system right under your nose.

Zombie Data

Data storage has been taken to a whole new level ever since cloud storage was developed. Cloud storage is especially useful for data that must be shared among multiple users or multiple devices. for all its convenience, the cloud also adds a new complexity to the old security challenge of making sure that deleted data is actually erased. Unless you understand how your cloud provider handles data removal, seemingly deleted files can linger on as “zombie cloud data”, invisible to the user, but still potentially subject to theft or accidental exposure.

Zombie cloud data problem is a variation on a subtle security challenge that is as old as the personal computing era. Deleting a file from local storage removes it from the user’s list of files. Although it seems to be gone, normal deletion does not physically erase the data from a storage device; it merely removes the directory entry, telling the operating system that the disk space is available for reuse. This is why files can be “undeleted,” which is often a lifesaver for people who accidentally deleted their work.

Data storage and deletion in the cloud work in essentially the same way, but with few technical complications and one big institutional difference. The technical complications relate to the way cloud storage providers ensure that files are readily available when needed and safely backed up against mishaps. Both of these considerations mean that cloud data is normally stored redundantly on multiple servers. To ensure removal of the data, all of these stored copies must be erased. These technical considerations can also apply to data stored on-site by an organization.

In recently reported cases, data that an individual thought was deleted years ago resurfaced on major cloud services. The data reappeared after an attempted fix went awry. The provider was seeking to eliminate a bug that prevented full erasure of old files instead, the fix undeleted the files.
Working effectively with a cloud provider to ensure full disposal of cloud data requires more than simply reviewing the provider’s terms of service. Customer and provider must also have a shared understanding of how bugs or other errors can be resolved. With studies showing that organizations also struggle with reliable disposal of disks and other on-site storage media, it is clear that zombie data, in the cloud or otherwise, continues to pose a security challenge that organizations need to address in a comprehensive way. If you like to read more, like and share this article and follow my Facebook page. Enjoy!

Keep Safe while traveling Using Social Media

Whenever you travel with friends or family, we all always tend to let social media know, that we’re 2 days 6 hours and 55 seconds away from leaving. What you are doing is announcing to the world that your home is vacant obviously increases the odds of a break-in, so what happens to your corporate laptop or personal devices containing corporate data that you leave at home? social media posts can also be used to facilitate identity theft and execute social engineering attacks against businesses. There are a few ways to help you, and prevent you from having to worry about personal items being stolen or hacked.

When traveling, the most important thing to do is NEVER share your flight plans. No outside source should know your flight time, who you are flying with, when and where you are flying too etc. Sharing your travel information puts your home and office at increased risk of theft. And if crooks steal personal computing devices you use for work, your company’s IT systems could be exposed as well. Cybercriminals use personal data such as flight information to craft more effective spear phishing scams as well as other social engineering campaigns against you. They can also use this data to fake a kidnapping and demand ransom payments from friends, relatives, and even an employer. That might sound a little far-fetched, but this type of virtual kidnapping has reached epidemic levels in certain areas.

If you want to ask friends for advice about travel sights that you plan to visit, ask them, but do not express that you already have plans to travel to that location. For example ask  recommendations about what to see in New York for a trip sometime in the near future, but do not set a specific dates on when you plan to travel, and to where. This information could also expose you to phishing scams.

Making sure your social media accounts are secure before you go on vacation is also very important. You may be using poor internet connections while away from home (which I do not advise. It would say use your data if possible), so take whatever steps you can before you travel to protect your accounts. If you do use insecure Wi-Fi while on vacation, make sure to take proper precautions.

Finally another major step, is to post pictures AFTER your vacation. It is difficult to do, many people like to post photos on social media while they are away so everyone can see what they are currently doing. Of course, the urge to share these items is strong, but does the world really need to know that your house is empty and available to be burglarized?

The bottom line is that you should always think about what you put on social media before you post it. Furthermore, understand the network from which you are posting. Could the information you are sharing help cyber criminals target you or your work. If you like to read more, like and share this article and follow my Facebook page. Enjoy!

Can AI and Machine Learning Help Fill Cybersecurity Gap?

The truth is that new technologies such as artificial intelligence (AI) and machine learning tend to increase the efficiency and precision of tasks. With humans able to accomplish more work in less time, they are free to explore other domains. This, in turn, leads to a branching of cybersecurity skills in different areas. The cybersecurity field faces the same growing skills gap. Trained human operators are needed for the most difficult tasks, and the advance of AI and machine learning will lead to increased effectiveness.

In the short term, AI cannot truly fill the cybersecurity skills gap. But in the medium to long term, he does think it can help leading organizations fill open positions. Enterprises must develop the right security strategies now to gain the eventual AI and machine learning benefits down the road. the trouble with our short-term situation is that we already have a cybersecurity skills emergency in many businesses and governments, and AI and machine learning are not making a big enough dent. Part of the reason is that the market adoption of these solutions is not yet integrated into the people, process and technology of most public- and private-sector organizations.

Over time, and as more machine learning solutions are released and mature, AI will provide a bigger bang. Nevertheless, Lohrmann thinks we must remember that the well-funded bad guys will also have AI. We will never replace the need for top talent, so Al is just one piece of the puzzle. These technologies have potential when it comes to that first cut at a problem — reducing 500,000 alerts to 500, for example. But at the end of the day, Carbone said, we need a human in the loop for that last step. Humans are the ultimate exception handlers, and while better AI can help reduce the number of exceptions, those that remain will still require the attention of a specialist.

The advance of AI and machine learning will continue to improve cycles in the cybersecurity domain. However, we should not forget the critical training key personnel must continue to pursue to effectively leverage these capabilities to their greatest extent. It is essential for future cybersecurity workers to quickly learn these crucial skills for the industry’s future jobs. If you like to read more, like and share this article and follow my Facebook page. Enjoy!

Cybersecurity Attacks

When it comes to the thought of potential cyberattacks, the motto says is: “Be prepared.” In other words, make sure you’re always in a state of readiness. This is especially true when you’re talking about installing multi-component security solutions.

It’s no longer enough to simply harden an organization’s network infrastructure. Now companies must also consider hardening all of the smart devices and other IoT (Internet of Things) technology that connect to the network and are used to maximize the value of the security solution. It’s important to safeguard these ancillary devices because today’s hackers are turning their attention from the well-protected “big fish” and going after many of these secondary, more vulnerable systems and components as a way to breach the network and gain access to a company’s valuable digital assets.

So how should an organization protect its network, systems and devices from potential cyberattacks? While no one can fully mitigate cyberattacks (there are new ones everyday), there are some basic steps that everyone from the manufacturer, to the integrator, to the user can take to provide a level of protection for themselves and their network.

The best defense is a good offense. Partner with manufacturers who proactively post CVEs (Common Vulnerabilities and Exposures) on their websites and regularly issue software and firmware updates that eliminate outdated code which may be susceptible to attacks. You also want manufacturers who are always keeping a vigilant eye out for new forms of malware, dedicating resources to learning how these are used to exploit devices vulnerabilities, and immediately taking steps to test and verify that their devices are not affected. Cyberattacks are a constantly evolving phenomenon. So you need to make sure that your cybersecurity measures keep pace. It’s an ongoing battle, make sure you are in the best position to fight it.

The Big Issue With Smartphones

The digital revolution is changing the way we stay informed, purchase items, interact with others, educate ourselves, and much more. As the number of our connected “things” grows exponentially, the number of apps and related functions continue to grow rapidly as well. And at the center of it all is the smartphone, which is becoming the all-powerful universal remote to life. Take an ordinary family, for example. the kids want to play games, access social media, and take 101 selfies. Meanwhile, you and/or your wife is checking out the Fitbit (smartwatch) app and sending “cheers” or “taunts” depending on who walked more steps yesterday.

As you might have guessed, there is a long list of security challenges to be aware of, besides the Apple vs. FBI backdoor issue that that was in the news late last year. A few issues on the list include mobile malware attacks, spyware, network spoofing and denial of service.

But the biggest challenge, and the issue that I think far too many people don’t take seriously enough, is listed as No. 1 on this list: Lost and stolen devices. In my view, this issue dwarfs the others and continues to require more attention even after recent technology advances to help. In 2014 that 4.5 million smartphones were lost or stolen in the U.S. in 2013, up from 2.8 million in 2012. This information comes shortly after top phone manufacturers and wireless carriers announced their commitment to begin including basic anti-theft tools on all smartphones made after July 2015 for sale in the U.S. These tools will enable users to remotely lock their devices as well as remotely erase any data on the phones.

While more recent studies have shown that smartphone thefts are on the decline as kill switch usage grows, the numbers are still huge. Kill switch is an idea that enables the actual owner of the phone to erase all data on the phone and basically render it useless to another person. This has proven to show a decline in stolen or “lost” phones. However this is not the best method, at least not for iPhone it is not.

In 2015, apple implemented an update to all iPhone and iPad users where if a phone is stolen, you can no longer erase all the data off the phone. In order to erase the data off the phone you have to put in the users iCloud account information, both user name and password. There has been a huge decrease in stolen phones since that time because if a phone was stolen, there was nothing the theft can do with it. This has been the best method for iPhones to prevent stolen phones. I believe other phone providers have since picked up on this method and have implemented a similar technique.

Technology and security leaders need to be clearly training our employees on the good, the bad and the ugly with smartphones. But we can’t just beat staff over the head and yell: “Don’t lose your smartphone!”. Lots of people leave smartphones in rental cars, buses, taxi cabs and trams. We need more creative ways to make content “sticky” and help people be on guard against behaviors that can lead to difficult security issues. If you like to read more, like and share this article and follow my Facebook page. Thank you and Enjoy!

Identity Theft

Identity theft has risen to be a major area of concern in the United States, with reports of hackers recently hacking and leaking federal employee’s email accounts with in the recent years, those of which are supposed to be some of the most secure accounts in the world. Identity theft is the leading consumer complaint to the Federal Trade Commission (FTC). The FTC reports that 9 million identities are stolen in the United States every year. Having your identity stolen is tragic, however, it isn’t the worst of the crime; it’s what the criminal does with the information that’s damaging, credit card fraud, mortgage and utilities scams; and emptied bank accounts etc.

Online identity theft if s growing problem, primarily because scammers are excelling in tricking people into giving over their information.There is a tactic called phishing and pharming scams, which means thieves will create and use fake email accounts, websites, phone numbers etc to impersonate legitimate organizations. By doing so, hackers ask for secure passwords, and personal information. This opens the front door for hackers to come in and plant their trap right in front of you. Hackers then create malware to infiltrate your computer and install keystroke loggers to steal data or capture account names and passwords as you type them into your computer.

There are ways to protect you identity/information. A way that is becoming very popular today is making passwords that is a sentence(s) long. Yes, it does becoming difficult for you to remember, but there are methods that will help you remember them, and email can be sent, or a text can be sent with the password itself, or a hint as to what the password could be. When doing a financial business transaction online, only use secure websites with URLs that begin with “https:” or that are authenticated by companies like VeriSign or the Norton Secured Seal. Never send personal information such as Social Security numbers or credit card numbers via email, instant messages and across social networks. Not even in a private message. Don’t store any sensitive information about yourself or your bank accounts on your computer, and watch out for shoulder surfers. Shoulder surfers are people who may sit near you and creep/watch over your shoulder at the information you type into certain sites. They can then copy down your keystrokes and have you information.

With that being said, there are ways to combat identity theft. Closely monitor your bank accounts, credit reports and any other financial accounts you may have. If the financial companies you do business with offer activity alerts, sign up for them. And if you receive an alert or your financial institution reports unusual account activity, respond as soon as possible. Pay attention to your regular utility bills and bank statements. If you suddenly stop receiving bills, this can be a red flag a criminal could be using your information to have these to his or her advantage.

If someone has stolen your identity, quickly take steps to minimize the damage. Close financial accounts that may be compromised. Cancel your driver’s license or ID cards you may have lost. Put a fraud alert on your credit report and track your report closely for the next few years. Identity theft has become a fact of life. To avoid becoming a victim, protect your personal information using some of these tips, monitor your accounts and credit report closely, and respond immediately to any signs your identity is being misused.

What is Cybersecurity?

With all of my recent posts on different types of cybersecurity attacks, and how important it is in society today, I think it is time to give a better understanding of “What is cyber security?”. Cybersecurity is the idea of technologies, processes, networks and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In computer context, security includes both cybersecurity and physical security.

Many people ask why is cyber security so important? Year after year, the world spends billions of dollars for for cyber security continues to grow. Organizations are starting to understand that malware is a publicly available commodity that makes it easy for anyone to become a cyber attacker, and even more companies offer security solutions that do little to defend against attacks. Cyber security protects the data and integrity of computing assets belonging to or connecting to an organization’s network. Its purpose is to defend those assets against all threat actors throughout the entire lifecycle of a cyber attack.

To ensure cybersecurity it requires coordinated efforts throughout an information system. Elements of cybersecurity include:

Application security
Information security
Network security
Disaster recovery / business continuity planning
Operational security
End-user education

The most difficult challenge in cyber security is the ever-evolving nature of security risks themselves. Traditionally, organizations and the government have focused most of their cyber security resources on perimeter security to protect only their most crucial system components and defend against known treats. Today, this approach is insufficient, as the threats advance and change more quickly than organizations can keep up with. As a result, advisory organizations promote more proactive and adaptive approaches to cyber security.

An ever-evolving field, cyber security best practices must evolve to accommodate the increasingly sophisticated attacks carried out by attackers. Combining sound cyber security measures with an educated and security-minded employee base provides the best defense against cyber criminals attempting to gain access to your company’s sensitive data. While it may seem like a daunting task, start small and focus on your most sensitive data, scaling your efforts as your cyber program matures.

Skip to toolbar