Monday, January 23, 2017

Ransomware 101

Holding your PC Hostage 


So here is the deal, ransomware is basically a piece of malware that when activated on a computer locks the user out of their files/data. Typically this is done with encrypting the data so when the ransomware/malware developer reaches out to the user they say something like, “Give me $500 and I will let you have the “key” to access your data”.


Stay with me. Grab some coffee if needed. I know there is a lot of um and huh moments happening if you have no clue what I am talking about.


We all know what viruses and malware is. Ransomware is a form of malware, so the idea is that it’s distributed like typical malware. Ideas of how malware gets on a system noted below.
  • You may have installed something that you shouldn’t have (either unsafe or not from a trusted source).
  • Optional installed software with “reputable” software. AKA toolbars - avoid the toolbars! Please for all that is good and holy - NO toolbars!
  • If you are already infected, it cycles to more and more infections.
  • You don’t have an anti-virus or anti-malware software. The key with this one though is that many people have it, but not a lot of people update it and use it. So you need to do that.


With that, ransomware is received much in the same way and what it does is holds your stuff for ransom. There are a couple different types of ransomeware, but I don't want you to start drooling so we will move on.


Cartoon retrieved from: http://www.informationweek.com/it-life/cartoon-whos-writing-all-that-malware/a/d-id/1317267

Gimme the Cash!
I know! I know! WHAT? Right. So in order to get your goodies back they want you to pay a certain dollar amount and if you don’t pay it by a certain time, they either up the ransom or data goes bye bye.


What is frustrating about this is that it’s completely avoidable for one HUGE reason. BACKUP your data. Then who cares? Let them delete your photos and docs, if you data is backed up, your golden.


I actually had a customer when I was running my own company and this happened. The said part is we had to format her pc and she didn’t back up her data. But to her she was excited that I could fix her computer from the ransomware guys. Which is always an alternative, but still this isn’t fun.
The best methods I have found for data backups is the following.
  1. Buy and use an external drive. Set it as a backup and use the thing. Most of these have software that will do it for you and all you need to do is point to the folders and files you want to backup.
  2. Use something like Google Docs/Google Drive. This is my bread and butter in business and school, And yes there is always a risk, but it’s Google...I mean seriously. They probably have backups of their backups.
  3. Email. Email is probably the most underrated and underused system for keeping backups of important things. I wouldn’t recommend this for everyone and everything, but for the average user that just wants to keep a few docs here and there.


So now you're going to get your anti-malware/anti-virus software updated, ran, fix issues then backup your data..right? Please? K-thanks.


Until then, safe out there!


Here are a couple great references for ransomware:
Cartoon retrieved from: http://www.informationweek.com/it-life/cartoon-whos-writing-all-that-malware/a/d-id/1317267

Week 7 Blog Post - CYBR 650
Posted by at No comments:

Wednesday, January 18, 2017

A hostage, your cell phone, and SS7

A Hostage Claim

My mother pulled me aside this week to tell me a story about a friend’s husband that was scammed over the phone with a fake hostage claim. The call came through the cell phone, was a rude and abrasive guy claiming that he had the guy’s daughter and was going to start cutting off her fingers if the guy didn’t get money to him. Needless to say the poor guy was terrified. And in the end, the scammer required the money wired to him. That’s when the victim had the light bulb moment of “oh crap, this is a scam”.  Here is a great news article that highlights this scam.

I had never heard of this before and it's scary. However, it’s not all that surprising. Growing up I didn’t have cell phones and we barely had an answering machine - no age jokes, mkay? I remember my father hated answering the phone so he would screen the calls through the answering machine. Why did we ever stop? Ok, we don’t have cell phone answering machines, but we do have voicemail and oh, boy do I use it. I have become so adamant that if I don’t have the number in my address book, I don’t answer the call. Too many scams, marking, surveys - aka junk calls. Ewww.  No more.

SS7 
But Angel, how does this relate to IT. Here’s the weird part, the cell phone of the victim after the attack didn’t work. Odd right? Not so odd. In fact, it's super easy to hack a cell phone just by using the phone number. WHAT? Scary I know. SS7 - no, not a new James Bond movie, is the culprit. This vulnerability is what allows these easy hacks to actually occur. SS7 is Signaling Systems 7, which connects all cellular networks/providers in the world together. This flaw allows for eavesdropping, fraud and all kinds of bad guy activity to happen.  Here is a great you tube video for more information.

There are a few things to consider with SS7

1. This is more likely to happen in Europe - I am not sure this makes this any better, but OK.
2. SS7 is a known vulnerability - OK, um can we fix it then? Maybe?
3. NSA pretty much can do this eavesdropping thing already - Hi, NSA!
4. There may or may not be limitations on this technology.
5. The news isn't talking about it. - Well, in all fairness it isn't nearly as interesting as the Brangelina divorce...

My Advice

As more scams and marketing callers are calling your cell, please consider the following.
1. If the number looks strange or you don't recognize it, don't answer your phone. I won't answer my phone unless I have the number in my address book.
2. Hesitation. If you answer the phone and something strange or scammy starts, give yourself a point of hesitation and ask, "is this real?" When in doubt, hang up your phone.
3. Research the number calling you. Many sites allow you to see the number calling a safe caller or not.
4. Make sure you have anti-virus and malware software on your phones. Especially anything Windows based, since hacks can happen outside of SS7. Really. We are only scratching the surface here. Research, research, research.
As this gets worse, we need to be cell phoning defensively to protect ourselves.
When in doubt - don't. Don't answer the call, don't respond and hang it up.
Until next time, stay safe out there!
Week 6 Blog Post
Posted by at No comments:

Tuesday, January 10, 2017

A Boy and his...Drone?

A smile and a giggle I write this blog for week 5 in Current Trends in Cybersecurity and the topic is, drum roll...drones. The reason for the smile and slight snort giggle, yes, I admitted it, is that I bought my husband a drone for Christmas. It has been hilarious and quiet comical if I can say. I believe three times now he has, without a word to me, started his truck and took off to chase after his drone because it went MIA. I am surprised it doesn’t have a name yet. Luckily I had him put a label on the thing with the address and phone number of the owner, since this sucker is much like our beloved pets. Except they don't take off buzzing down the street and end up in a cactus...cough, yeah that happened, cough.

Anyways I got slightly carried away. But seriously, I wish I had video.

Besides the ongoings in my house with regards “the drone”, there is an increased popularity of drones and drone presents in not only military, but civilian space. With that I began to wonder about security, specifically cyber security, with these little things. And there is some interesting information out there on this. I mean we are taking current trends in cybersecurity, so this really is top of that spectrum, I think.

Are these the humans we are looking for?
Apparently a large risk here is that a hacker/attacker could fly a drone into a corporate office building area and start to collect data or a drone could be used to attack WiFi and intercept communication data, use bluetooth channels for data collection, etc. the list goes on and on. These possibilities might be endless and frankly, scary. I see Amazon testing drone delivery and hey that seems kinda cool. Maybe for remote locations or something. Even pizza delivery might sound good as a backup plan for short staff store or with employees calling in sick. But to hack organizations...yeah, it was only a matter of time.


While drones are fun and in the right hands can do some cool things, in the wrong hands we have another avenue of cyber warfare. Now not all drones are capable of being used so maliciously, there are also different types of drones. I know this part because the hubby now wants another one that has a GPS home device AND since the “little one” has gone missing three time that GPS sounds like a good idea. However, that could also be dangerous in the wrong hands. What about strapping a bomb to a drone, GPS program it and bye bye birdie.  I mean that seems more like a military drone, but couldn’t a civilian possibly do this? Yikes. So scary and very bad.

Moving Forward
So what do we do? Well cyber security professionals are concerned and realize that most companies and organizations aren’t really prepared for drones. This is something that a corporation needs to realize that they will have to plan for in their threat modeling. Probably not something that would happen a lot right now, but moving forward when drones are even more popular and cheaper, it could be a huge issue. There are a few up and coming 3rd party companies that specialize in getting drones knocked out of the air by using radio waves. Which can be a bonus for corporations that have this concern. I imagine with drone growth we will also see a growth in vendors offering drone protection services as well.

Just another thing that organizations and even us civilians need to consider when technology changes and advances.

Until next time, stay safe out there...oh, and don’t fly your drone and drive. Bad idea
Week 5 Blog Post
Posted by at No comments:

Wednesday, January 4, 2017

Let's Talk Warfare

Hello and Happy New Year! I hope that you had an amazing holiday. I had a break from school which was nice and a cold, not so nice, lol. The dang thing is still lingering! Seriously, ugh.

I kind of struggled on what topic I wanted to write this week and I guess we aren’t lacking in subject matter in 2017, but I am thinking we should discuss something before this year began since its very critical to our current world affairs. This blog post might not be as light as my previous ones and you will soon see why.


Information Warfare vs. Cyber Warfare


I brought up that Information Warfare and Cyber Warfare are different. This was a couple weeks back and I think we need to talk about this now. There is a reason for this. One is Russia. Our Russian friends have a pretty extreme Information and Cyber Warfare policy. Basically Russia’s policy has declared that a nuclear response is an acceptable reaction for Cyber or Information Warfare. Yeah, I did a double take when I read this in my last class.

While each country governs their policies different that each other on Information and Cyber Warfare, it's still surprising to see that word nuclear floating around in doctrine that most wouldn’t think would be a justifiable reaction. However, I have to give them kudos, they are definitely providing a strong response and a gutsy one too. While each country is taking these types of crimes seriously, let’s look at what the difference is.

Information Warfare is Information based. Think Newspeak or Media Manipulation. Information Warfare isn’t based on hacks or attacks. That is where Cyber Warfare sits. While both are combinable, you can have one without the other.


The Approach & Fake News


One reason I bring this up is the media is going nuts about Trump’s election and possible voting tampering from Russia. Hmmmm? I mean maybe, but considering Russia’s stance on these types of “attacks”, I am not so sure. I don’t know, I wasn’t there, but I can say they take this stuff rather seriously. While Russia takes nuclear approach with some psychological play in there. Seems they like mind games/control as well.
China and the US take different approaches. And while China has a similar approach to the US, their take is more of a dominance approach. Dominate the information and the technology. While the US is more reactive in our approach.

Besides the whole Trump election thing, another consideration is that of “Fake News”. Kinda sounds like Information Warfare to me. What is real, what is fake, what is ____. This is problem for a couple of reasons.

  1. Why can’t we be provided information and discern if it's valid or not?
  2. Who decides what is to be shared?
  3. Why are they controlling it?

So above I posted something about Media Manipulation aka Information Warfare. I kind of have to question the legitimacy of blocking “fake news” since someone has to decide what is fake and whoever that is, what is their goal? Are they playing the world in Information Warfare? Sounds like a play for Information dominance to me.


Food for thought


While I could go on and on there is one really import piece of this that people I don’t think understand. Cyber Warfare and Information Warfare are different and because most people don’t know and they fail to realize that Information Warfare is far more present and happening around us than Cyber Warfare. This is HUGE because we as people are either unaware of manipulation or not taking the time to research issues and what's actually happening.

Cyber Warfare is scary and it does happen. However Information Warfare is already happening and most people don’t even know it.

Until next time, stay safe out there and research! The true is out there, you have to look though. AND incase you wanted to know about Russia, China and US policies there is some great references below.


References
Heickero, R. (2010). Russia̢۪s Information Warfare Capabilities. Current and Emerging Trends Cyber Operations. Retrieved from http://www.foi.se/ReportFiles/foir_2970.pdf
Lewis, J. (2005, December). Computer Espionage, Titan Rain and China. Retrieved from https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/media/csis/pubs/051214_china_titan_rain.pdf
Krekel, B. (2009, October 9). Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation. Retrieved from https://www2.gwu.edu/~nsarchiv/NSAEBB/NSAEBB424/docs/Cyber-030.pdf

Thomas, T. (2004, February). COMPARING US, RUSSIAN, AND CHINESE INFORMATION OPERATIONS CONCEPTS. Retrieved from http://www.dodccrp.org/events/2004_CCRTS/CD/papers/064.pdf
Week 4 CIS 650 Blog Post
Posted by at No comments:

Tuesday, December 13, 2016

My MAC, your iPhone, and a vulnerability issue


A long time ago in a valley far away... When I was 8 years old our first computer was a Macintosh. My mother fondly nicknamed it Mac-Baby. She would travel with it to accounting jobs. For lack of a better way to explain it - because my old brain doesn’t remember the model/type, it was an all-in one, with the huge floppy drive and square CRT monitor. I used to play chess on it among other black & white graphic type “video games”.

Now fast forward to 2016 and I ditched the Windows machines, bye Felicia...and I now have 2 Macs. I love the stability of it. The lack of viruses and issues that make it appealing to me, so here we sit. And yes, I know it can still get viruses..I am not delusional.

Recently though there has been a issue with Apple’s calendar feature. What? I know. Looks like someone took note of a system vulnerability and had its way with it. Spammers unit! Ugh. It was black Friday a few weeks ago and myself and hubby both noticed these crazy alarm/alert notifications coming through. On my computer and his phone. We both looked at each other confused and then decided to Google it. And there you have it. Apparently Apple is trying to fix this none sense asap, which is good. But the reason I am touching on this now is because in my current course work we are threat modeling and part of that comes with noting system vulnerabilities.

What broke and what do we do with it


As I am in the thick of building a threat model, which by the way is even harder than it sounds when you feel overwhelmed by two graduate level course and your risk management course was months past and you can’t remember things...just throwing that out there, lol. However, I do know that a key component is identifying threats and vulnerabilities. With that being said...what the heck Apple! You missed one. Anyways..to my points.

  1. Something like this issue should have been caught during whatever process is used for system development testing. Test before release. Say it with me, test before release. Not afterwards. This is how many famous viruses/worms get out and about.
  2. If that was done properly, it would have been repaired or a non-issue.
  3. If it wasn’t caught here, it should have been at least on a radar of some sort in a threat modeling process cycle...maybe? I mean I think so, but I also don’t work for Apple. AND I am in no way bashing them..but this is a really good example in vulnerability assessments.
  4. If it was determined and found, was it considered a part of the risk appetite for the organization or not? My basic question would have been, who dropped this ball?


What to do

So what happens when we miss these? Clearly processes need to be more reformed if things like this are being missed. I mean I know accidents happen, but there is process in place to avoid stuff like this. If it was caught, but it wasn’t determined to be a consider a threat...yikes! I mean it could have been worse for sure! It’s more annoying than anything for the users/customers, but it’s not necessary either.

Threats and vulnerabilities need to always be defined and cataloged in some way shape or form, these processes then help use this to determine next steps and preventive measures. Although even when we try our best, things will still be missed. I realize this and it is OK. I just hope all of these are learning experiences and allow for organizational growth. Plus, I hope no one got fired.

For now, I am going to go work on my threat modeling process some more..maybe I will share that with you all at some point? Either way until next time, stay safe out there!

Week 3 Assignment - CYBR 650

Posted by at No comments:

Tuesday, December 6, 2016

Credible news sources 101




Just gonna lay this on the table - Wikipedia does not count. I just want to throw this out there to anyone reading who might be a young adult heading to college..Wikipedia is not a credible news source for any type of research paper or believable content.

What it actually can be used for is looking up something and getting an idea what it might be about. However, that is all it should be used for. Do not go to college and use Wikipedia as a legit reference or source. Your professor will most like have flames shoot from their eyeballs.

BUT but but….


OK why isn’t it credible...because other random people in the world can edit it. AND it is never checked or reviewed for accuracy. So if some random person wanted to write content on brain aneurysms, but he/she is a craps dealer in Las Vegas...with no educational background in that field of study...You see where this is going right? Just avoid it, mkay?

So then, what is a good credible source. The obvious answer is published peer reviewed articles that you will typically find in a library. But Angel, not everyone has access to those fancy online libraries like you do. Correct! However, you can go to your local library and read a book. Kids..seriously you have no idea what a card catalog is do you...ugh that struggle was real.

Without a library, there is also the option of using online search engine. Such as, Google or Yahoo as a starting point. Personally, I use much of the following sites for IT based news. These are legit (aka credible) and generally they don’t contradict each other. These are my "go-to" for IT/Technology based news and information.


Other news sites such as, New York Times, Time, Forbes, or Wall Street Journal.


Credible Sources - How and Why


Evidence. That is really the key factor in determining if a source is credible. Do you remember in math class, I hated math too so for me to use this example is very important, when the teacher would tell you to check your work? You would work a problem backwards and this would let you see if the answer you got actually worked with the problem presented? Same idea. Fact checking, subject matter experts, published articles that are reviewed for accuracy by other subject matter experts - this is the stuff that goes into credible sources. Not craps dealers writing about brain aneurysms. Or me writing about gardening, I have no clue.

What if…



So what happens if these credible sources provide conflicting information. Well the world will still go round and round, but we need to do our due diligence to research further and make an educated conclusion. Ooh, that might be dangerous. But remember that math problem backwards thing? Do that again. Check. Check. Check. This is the only way this will work successfully is if you research and check.

Until then, stay safe out there, use your head, check your "facts", and all will be well.

Imagine above taken from https://pleasureinlearning.files.wordpress.com/2012/12/laffoon2.gif?w=640

Week 2 Assignment - CYBR 650
Posted by at No comments:

Wednesday, November 30, 2016

I'm baaaaaack!

So it's been awhile. Yes, it has. Where did I go? Well, school and more school with a start of my own little business that I work from home. So I went and got more busy, hahaha.

As I am closing out my degree, for my new readers, its a Master of Science degree in Cybersecurity. Yeah - whoa momma! Its funny when I tell people that they look at me weird. Not sure why. Is it a girl thing? Hahahaha. Felicity Smoak is my hero! Just saying.

But then there is the, "what did I get myself into", that I ask myself weekly. Truthfully, it has been the most challenging yet rewarding experience. I have learned more than I thought possible. With that being said, I am in my last two course right now. This course CYBR 650 is all about current trends in cybersecurity, so why not blog it! And rightfully so.

Annnnd then there is a question of why should you read my blog. Well, why shouldn't you? I am super fun...probably not entirely relevant, but I am! And funny. At least in my own world. But really its more about bringing attention to certain issues AND hopefully that will inspire critical thinking on your part.

See, while the world goes round, there is many problems we face and things we experience as our technology progresses. Things that need fresh eyes and new minds to conquer. That maybe a 16 year old person that sits down to read my blog on issues with cybersecurity decides that he/she is going to want to understand more and MAYBE be the next Steve Jobs or Bill Gates in a new age with new issues. Who knows really. But then anything is possible right?

So why me and not read someone more fancy on the Internet? Hey - real person here too! I got ideas, questions and issues that need some attention too! Joking aside, I also have experience. I been working in IT for 16 years. OK. Enough with the old person jokes. No, I didn't grow up with a smart phone or the Internet..thank goodness. But I have ran IT Helpdesk, built gaming systems, been a technical trainer and writer, done many IT audits, operations analyst, A/V equipment, built over a million dollar IT budgets, yada yada. Most of this was done in academia, but then there was a few years in the corporate world. So its nice to have a bit of both from where I am standing. That's why me. Why you need to read my blog. I have much in the way of perspective ;)

So standby, read my blog when it posts, think about things critically, and then...discuss. All topics should be related or about cybersecurity in some way. I also like to talk about cyber warfare and information warfare. And yes, those are different. They are not the same...maybe we should talk about that one day..hmmm.

Until then, stay safe out there..


Posted by at No comments:
Subscribe to: Posts (Atom)