Monday, January 23, 2017

Ransomware 101

Holding your PC Hostage 


So here is the deal, ransomware is basically a piece of malware that when activated on a computer locks the user out of their files/data. Typically this is done with encrypting the data so when the ransomware/malware developer reaches out to the user they say something like, “Give me $500 and I will let you have the “key” to access your data”.


Stay with me. Grab some coffee if needed. I know there is a lot of um and huh moments happening if you have no clue what I am talking about.


We all know what viruses and malware is. Ransomware is a form of malware, so the idea is that it’s distributed like typical malware. Ideas of how malware gets on a system noted below.
  • You may have installed something that you shouldn’t have (either unsafe or not from a trusted source).
  • Optional installed software with “reputable” software. AKA toolbars - avoid the toolbars! Please for all that is good and holy - NO toolbars!
  • If you are already infected, it cycles to more and more infections.
  • You don’t have an anti-virus or anti-malware software. The key with this one though is that many people have it, but not a lot of people update it and use it. So you need to do that.


With that, ransomware is received much in the same way and what it does is holds your stuff for ransom. There are a couple different types of ransomeware, but I don't want you to start drooling so we will move on.


Cartoon retrieved from: http://www.informationweek.com/it-life/cartoon-whos-writing-all-that-malware/a/d-id/1317267

Gimme the Cash!
I know! I know! WHAT? Right. So in order to get your goodies back they want you to pay a certain dollar amount and if you don’t pay it by a certain time, they either up the ransom or data goes bye bye.


What is frustrating about this is that it’s completely avoidable for one HUGE reason. BACKUP your data. Then who cares? Let them delete your photos and docs, if you data is backed up, your golden.


I actually had a customer when I was running my own company and this happened. The said part is we had to format her pc and she didn’t back up her data. But to her she was excited that I could fix her computer from the ransomware guys. Which is always an alternative, but still this isn’t fun.
The best methods I have found for data backups is the following.
  1. Buy and use an external drive. Set it as a backup and use the thing. Most of these have software that will do it for you and all you need to do is point to the folders and files you want to backup.
  2. Use something like Google Docs/Google Drive. This is my bread and butter in business and school, And yes there is always a risk, but it’s Google...I mean seriously. They probably have backups of their backups.
  3. Email. Email is probably the most underrated and underused system for keeping backups of important things. I wouldn’t recommend this for everyone and everything, but for the average user that just wants to keep a few docs here and there.


So now you're going to get your anti-malware/anti-virus software updated, ran, fix issues then backup your data..right? Please? K-thanks.


Until then, safe out there!


Here are a couple great references for ransomware:
Cartoon retrieved from: http://www.informationweek.com/it-life/cartoon-whos-writing-all-that-malware/a/d-id/1317267

Week 7 Blog Post - CYBR 650
Posted by at No comments:

Wednesday, January 18, 2017

A hostage, your cell phone, and SS7

A Hostage Claim

My mother pulled me aside this week to tell me a story about a friend’s husband that was scammed over the phone with a fake hostage claim. The call came through the cell phone, was a rude and abrasive guy claiming that he had the guy’s daughter and was going to start cutting off her fingers if the guy didn’t get money to him. Needless to say the poor guy was terrified. And in the end, the scammer required the money wired to him. That’s when the victim had the light bulb moment of “oh crap, this is a scam”.  Here is a great news article that highlights this scam.

I had never heard of this before and it's scary. However, it’s not all that surprising. Growing up I didn’t have cell phones and we barely had an answering machine - no age jokes, mkay? I remember my father hated answering the phone so he would screen the calls through the answering machine. Why did we ever stop? Ok, we don’t have cell phone answering machines, but we do have voicemail and oh, boy do I use it. I have become so adamant that if I don’t have the number in my address book, I don’t answer the call. Too many scams, marking, surveys - aka junk calls. Ewww.  No more.

SS7 
But Angel, how does this relate to IT. Here’s the weird part, the cell phone of the victim after the attack didn’t work. Odd right? Not so odd. In fact, it's super easy to hack a cell phone just by using the phone number. WHAT? Scary I know. SS7 - no, not a new James Bond movie, is the culprit. This vulnerability is what allows these easy hacks to actually occur. SS7 is Signaling Systems 7, which connects all cellular networks/providers in the world together. This flaw allows for eavesdropping, fraud and all kinds of bad guy activity to happen.  Here is a great you tube video for more information.

There are a few things to consider with SS7

1. This is more likely to happen in Europe - I am not sure this makes this any better, but OK.
2. SS7 is a known vulnerability - OK, um can we fix it then? Maybe?
3. NSA pretty much can do this eavesdropping thing already - Hi, NSA!
4. There may or may not be limitations on this technology.
5. The news isn't talking about it. - Well, in all fairness it isn't nearly as interesting as the Brangelina divorce...

My Advice

As more scams and marketing callers are calling your cell, please consider the following.
1. If the number looks strange or you don't recognize it, don't answer your phone. I won't answer my phone unless I have the number in my address book.
2. Hesitation. If you answer the phone and something strange or scammy starts, give yourself a point of hesitation and ask, "is this real?" When in doubt, hang up your phone.
3. Research the number calling you. Many sites allow you to see the number calling a safe caller or not.
4. Make sure you have anti-virus and malware software on your phones. Especially anything Windows based, since hacks can happen outside of SS7. Really. We are only scratching the surface here. Research, research, research.
As this gets worse, we need to be cell phoning defensively to protect ourselves.
When in doubt - don't. Don't answer the call, don't respond and hang it up.
Until next time, stay safe out there!
Week 6 Blog Post
Posted by at No comments:

Tuesday, January 10, 2017

A Boy and his...Drone?

A smile and a giggle I write this blog for week 5 in Current Trends in Cybersecurity and the topic is, drum roll...drones. The reason for the smile and slight snort giggle, yes, I admitted it, is that I bought my husband a drone for Christmas. It has been hilarious and quiet comical if I can say. I believe three times now he has, without a word to me, started his truck and took off to chase after his drone because it went MIA. I am surprised it doesn’t have a name yet. Luckily I had him put a label on the thing with the address and phone number of the owner, since this sucker is much like our beloved pets. Except they don't take off buzzing down the street and end up in a cactus...cough, yeah that happened, cough.

Anyways I got slightly carried away. But seriously, I wish I had video.

Besides the ongoings in my house with regards “the drone”, there is an increased popularity of drones and drone presents in not only military, but civilian space. With that I began to wonder about security, specifically cyber security, with these little things. And there is some interesting information out there on this. I mean we are taking current trends in cybersecurity, so this really is top of that spectrum, I think.

Are these the humans we are looking for?
Apparently a large risk here is that a hacker/attacker could fly a drone into a corporate office building area and start to collect data or a drone could be used to attack WiFi and intercept communication data, use bluetooth channels for data collection, etc. the list goes on and on. These possibilities might be endless and frankly, scary. I see Amazon testing drone delivery and hey that seems kinda cool. Maybe for remote locations or something. Even pizza delivery might sound good as a backup plan for short staff store or with employees calling in sick. But to hack organizations...yeah, it was only a matter of time.


While drones are fun and in the right hands can do some cool things, in the wrong hands we have another avenue of cyber warfare. Now not all drones are capable of being used so maliciously, there are also different types of drones. I know this part because the hubby now wants another one that has a GPS home device AND since the “little one” has gone missing three time that GPS sounds like a good idea. However, that could also be dangerous in the wrong hands. What about strapping a bomb to a drone, GPS program it and bye bye birdie.  I mean that seems more like a military drone, but couldn’t a civilian possibly do this? Yikes. So scary and very bad.

Moving Forward
So what do we do? Well cyber security professionals are concerned and realize that most companies and organizations aren’t really prepared for drones. This is something that a corporation needs to realize that they will have to plan for in their threat modeling. Probably not something that would happen a lot right now, but moving forward when drones are even more popular and cheaper, it could be a huge issue. There are a few up and coming 3rd party companies that specialize in getting drones knocked out of the air by using radio waves. Which can be a bonus for corporations that have this concern. I imagine with drone growth we will also see a growth in vendors offering drone protection services as well.

Just another thing that organizations and even us civilians need to consider when technology changes and advances.

Until next time, stay safe out there...oh, and don’t fly your drone and drive. Bad idea
Week 5 Blog Post
Posted by at No comments:

Wednesday, January 4, 2017

Let's Talk Warfare

Hello and Happy New Year! I hope that you had an amazing holiday. I had a break from school which was nice and a cold, not so nice, lol. The dang thing is still lingering! Seriously, ugh.

I kind of struggled on what topic I wanted to write this week and I guess we aren’t lacking in subject matter in 2017, but I am thinking we should discuss something before this year began since its very critical to our current world affairs. This blog post might not be as light as my previous ones and you will soon see why.


Information Warfare vs. Cyber Warfare


I brought up that Information Warfare and Cyber Warfare are different. This was a couple weeks back and I think we need to talk about this now. There is a reason for this. One is Russia. Our Russian friends have a pretty extreme Information and Cyber Warfare policy. Basically Russia’s policy has declared that a nuclear response is an acceptable reaction for Cyber or Information Warfare. Yeah, I did a double take when I read this in my last class.

While each country governs their policies different that each other on Information and Cyber Warfare, it's still surprising to see that word nuclear floating around in doctrine that most wouldn’t think would be a justifiable reaction. However, I have to give them kudos, they are definitely providing a strong response and a gutsy one too. While each country is taking these types of crimes seriously, let’s look at what the difference is.

Information Warfare is Information based. Think Newspeak or Media Manipulation. Information Warfare isn’t based on hacks or attacks. That is where Cyber Warfare sits. While both are combinable, you can have one without the other.


The Approach & Fake News


One reason I bring this up is the media is going nuts about Trump’s election and possible voting tampering from Russia. Hmmmm? I mean maybe, but considering Russia’s stance on these types of “attacks”, I am not so sure. I don’t know, I wasn’t there, but I can say they take this stuff rather seriously. While Russia takes nuclear approach with some psychological play in there. Seems they like mind games/control as well.
China and the US take different approaches. And while China has a similar approach to the US, their take is more of a dominance approach. Dominate the information and the technology. While the US is more reactive in our approach.

Besides the whole Trump election thing, another consideration is that of “Fake News”. Kinda sounds like Information Warfare to me. What is real, what is fake, what is ____. This is problem for a couple of reasons.

  1. Why can’t we be provided information and discern if it's valid or not?
  2. Who decides what is to be shared?
  3. Why are they controlling it?

So above I posted something about Media Manipulation aka Information Warfare. I kind of have to question the legitimacy of blocking “fake news” since someone has to decide what is fake and whoever that is, what is their goal? Are they playing the world in Information Warfare? Sounds like a play for Information dominance to me.


Food for thought


While I could go on and on there is one really import piece of this that people I don’t think understand. Cyber Warfare and Information Warfare are different and because most people don’t know and they fail to realize that Information Warfare is far more present and happening around us than Cyber Warfare. This is HUGE because we as people are either unaware of manipulation or not taking the time to research issues and what's actually happening.

Cyber Warfare is scary and it does happen. However Information Warfare is already happening and most people don’t even know it.

Until next time, stay safe out there and research! The true is out there, you have to look though. AND incase you wanted to know about Russia, China and US policies there is some great references below.


References
Heickero, R. (2010). RussiaĆ¢€™s Information Warfare Capabilities. Current and Emerging Trends Cyber Operations. Retrieved from http://www.foi.se/ReportFiles/foir_2970.pdf
Lewis, J. (2005, December). Computer Espionage, Titan Rain and China. Retrieved from https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/media/csis/pubs/051214_china_titan_rain.pdf
Krekel, B. (2009, October 9). Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation. Retrieved from https://www2.gwu.edu/~nsarchiv/NSAEBB/NSAEBB424/docs/Cyber-030.pdf

Thomas, T. (2004, February). COMPARING US, RUSSIAN, AND CHINESE INFORMATION OPERATIONS CONCEPTS. Retrieved from http://www.dodccrp.org/events/2004_CCRTS/CD/papers/064.pdf
Week 4 CIS 650 Blog Post
Posted by at No comments:
Subscribe to: Posts (Atom)