Sunday, May 24, 2020

Historic Hacker Hi-jinks

Welcome back reader! This will be my final post for my CYBR 650 course work.  Hopefully, I'll be able to keep writing every now and then. Last time, I gave you some information on why hackers hack.  My professor graciously gave me an alternative definition; "technical adeptness and a delight in solving problems and overcoming limits."  This comes from a 1990 article by Eric Raymond, which can be found here, http://www.catb.org/~esr/faqs/hacker-howto.html.

tl:dr

Most of my posts have talked about increasing your personal cybersecurity or general tips on protecting yourself while connected to the Internet.  I've given you the "how," but I haven't focused on the "why" to do the things I've talked about.  This post will talk about the history of cyberattacks, looking at some of the worst attacks in history.

What is a Cyberattack?

A cyberattack is a computer, or network of computers, used to deny, degrade, disrupt, destroy, or manipulate services or data on a target computer or network of computers.  In the military cyber community, these methods are also referred to as D4M.  However, these types of effects equate to similar outcomes in the civilian world as well.  Cyberattacks can have specific targets or be indiscriminate.  They can be designed to steal information or cause physical destruction of systems.

Indiscriminate Attacks

WannaCry ransomware attack - Wikipedia
These attacks don't care who they infect, they infect every system they can get their grubby little hands on.  As time passes, these types of attacks have gotten worse.  One of the most recent attacks was the WannaCry ransomware attack.  WannaCry took advantage of a vulnerability in the Windows Server Message Block (SMB).  Once the SMB vulnerability was exploited, WannaCry encrypted files on the hard drive, making them inaccessible to users, and then demanded a ransom to be paid in BitCoin before decrypting the files.  This attack occurred about 2 years ago, you can read more about it here: https://www.csoonline.com/article/3227906/what-is-wannacry-ransomware-how-does-it-infect-and-who-was-responsible.html.

Targeted Attacks

These types of attacks tend to be a little more "newsworthy" because of the targets, which have included Target (2013), Home Depot (2014), and Sony's PlayStation Network (2011).  Most recently, the World Health Organization (WHO) was breached in March 2020, and WHO staff member credentials were leaked.  You can read more about any of these just by using our friend Google, but info on the WHO attack can be found here: https://www.bbc.com/news/technology-52381356.

Destructive Attacks

The first time I remember reading about a destructive attack was the 2007 cyberattack against Estonia.  This attack targeted government sites, news sites, major banks, Internet service providers, and small businesses.  It essentially shut the Internet in the country down with a distributed denial of service.  More information can be found here: https://www.wired.com/2007/08/ff-estonia/.
Shamoon - Wikipedia
One of the most destructive attacks was the Shamoon virus, in 2012.  The Shamoon virus was designed to wipe infected systems, overwriting the information with garbage data.  The target of the Shamoon virus was workstations within the Saudi Aramco infrastructure; 30-35,000 of them, and it worked.  In only a few hours, all of these workstations were either partially or completely destroyed.  

Think about that for one minute...30,000 computers, all wiped and their hard drives unusable, destroyed.  All of these computers needed replacement hard drives.  Even at $50 per hard drive, the cost is $1.5 million, PLUS the cost to pay people to reinstall all of the software.  What about the time investment?  This was an extremely expensive attack and you can read more about it here: https://money.cnn.com/2015/08/05/technology/aramco-hack/, and here: https://www.zdnet.com/article/shamoons-data-wiping-malware-believed-to-be-the-work-of-iranian-hackers/.

The Future?

Why am I telling you about the past?  Partially because we can learn from it and defend our networks better in the future.  The other reason is directly related to the situation we are in right now, a COVID-19 world.  In a May 14, 2020 article, Stephen McBride predicted the largest cyberattack in history will occur within the next 6 months.  I won't repeat everything he said, but here is the basic break down.  Organizations have had to adjust their infrastructure to allow their workforce to work from home.  These adjustments were done quickly and maybe not in the most secure manner.  Regardless of the quality of security, the attack surface of many organizations has increased exponentially.  You can Mr. McBrides article here: https://www.forbes.com/sites/stephenmcbride1/2020/05/14/why-the-largest-cyberattack-in-history-will-happen-within-six-months/#5aa7c2be577c

Finally, you need to secure your system to protect yourself.  If you work from home, you need to secure your system to protect your organization as well.  

Sunday, May 17, 2020

Hazerdous Hacker Hacking

Welcome back ready, this is another CYBR 650 post.  This post comes a few weeks after we talked about cloud capabilities.  The two prior posts talked about hackers using the COVID-19 pandemic as a subject for phishing attempts as well as attacking video teleconferencing software.  These posts got me thinking, do you know why hackers hack?

tl:dr

This blog has been all about protecting your computer system from hackers.  But why are we worried about hackers?  Why do hackers hack?

What is a hacker?

Most famous hackers in history - Panda Security Mediacenter
According to dictionary.com, a computer hacker is simply someone that uses computers to gain unauthorized access to data.  That data could be anything from business information or personal documents on your hard drive.  Hackers wear one of three different colored hats, black, white, or grey.  Regardless of the type of hacker, their motivations vary based on the goals of the hack are.

Hacker Types

Hackers wear one of three different colored hats defining the initial motives behind their actions; black, white, or grey.  A black hat hacker is the kind we generally think of when we think of hackers, the bad guys.  Black hat hackers break into networks to steal, manipulate, or destroy data.  Thankfully, a balance exists in white hat hackers.  These hackers are also known as "ethical hackers."  The goal of the white hat hacker is to discover security vulnerabilities to strengthen a network.  In between the black and white hats are grey hat hackers.  These hackers begin with good intentions like white hats, but perform their actions without permission.  Once a vulnerability is found, they report it to the system owner with a demand for compensation.  If they don't get what they ask for, a grey hat hacker may exploit the vulnerability or sell the exploit to black hat hackers.(https://www.appknox.com/blog/why-do-hackers-hack)

Why Hackers Hack

Office Space What Would You Say You Do Here GIFs | Tenor

Even within the different categories, motivations can differ greatly based on the type of hacker.  For the most part, we are going to assume that these motivations are connected to the black hat hacker.

Criminals

Criminals are motivated by financial gain, fame (or infamy), revenge, or increasing their professional portfolio.  The targets of these motivations are numerous and all depend on the goal at the time.  The methods used include theft or denial of service.

Hacktivists

Hacktivists are motivated by an ideology.  Hacktivists feel that they have something to prove in relation to a political or social issue.  The actions they take are designed to persuade the hearts and minds of whomever sees their message.  The methods for hacktivism must be seen to be effective, so they generally include defacement of websites. 

Nation States

Nation states can use hacking to enhance their state of national security or to gain information as a means of control.  Nation states target other nations or dissidents that oppose the official national policy.  Nation states use teams with a variety of abilities categorized in groups called advanced persistent threats, or APTs.  More information of known APTs can be found here: https://attack.mitre.org/groups/

Terrorists

Terrorists use hacking techniques to instill fear in their targets.  To increase their audience, they usually choose high visibility targets.  Similar to hactivists, terrorists can use defacement tactics or destruction of their targets.

Insider Threats

Insider threats have a variety of motivations ranging from monetary gain, revenge, ideology, or stroking their own ego.  The target is usually their employer, but could be an organization that does business with their employer.  Methods can include theft or destruction of data.

Now that you know the different types of hackers and what motivates them, you should have a greater understanding of the potential threat.  This information doesn't necessarily help you to defend against hackers, but it does put you in their minds.  The understanding does help you look at your network differently and hopefully change tactics for defense.

Sunday, April 26, 2020

Crazy Cloud Capability


Welcome back ready, this is another CYBR 650 post.  This post comes just one week after the last one where I talked about stolen account credentials and what you can do to protect your accounts in case your login info is stolen.  This week, I'm going to change it up a little bit and talk about something that is relatively new, the cloud.

tl;dr

Cloud technology has been around for several years, but personal use has not been practical until recently.  I'll talk about a few practical options for personal use, or even family use of cloud solutions and share some of my personal experiences.



What is the Cloud?
In the simplest terms, in the most convenient definitions, the cloud is a computer that belongs to someone else.  Systems providing cloud servers are generally owned by organizations like Google, Amazon, or Microsoft, and provide services to other organizations or individuals. 

Personally, I use cloud services from both Google and Microsoft.  Below is a handy-dandy table for showing the services I regularly use from each provider:
Google
Microsoft
E-mail (Gmail, personal)
E-mail (Outlook, education)
File storage (Drive)
File storage (OneDrive)
Calendar
Collaboration (Teams)
Lists (Google Keep)


Many people have had a free e-mail account from someone like Yahoo, Hotmail, or Gmail for years.  I remember when I started using Gmail, the storage was something like 500 megabytes.  But it continually kept growing.  Now, my Google account has 15 gigabytes of free storage spread across every G-Suite application.  Here's where it gets great...I get an e-mail with an attachment sent to my Gmail account.  I see that it is something I want to hang onto, but I need to make sure I know where it is and that it doesn't get buried in my e-mail account.  Conveniently, there is an icon on the attachment allowing me to save it to my Google Drive.  I leave my house to meet up with a coworker for lunch.  I think they might find the attachment I just saved useful, so I use the Drive app on my smartphone to show them.  They enjoy it, so I send it over to them using Gmail, or even the Hangouts (Google's instant messenger, also cloud) channel we have for just such an occasion.

Moving to Microsoft

While my primary e-mail is still my Gmail account provided by Google, I really don't use my Drive storage like I used to.  The main reason for this is my use of Microsoft 365, formerly Office 365.  Just in case you're unaware, Office 365 is a cloud-based productivity suite.  You've used Office products, right?  Imagine that, but now it's cloud based.  I remember when Office was very expensive, and I relied on my student discount to get the latest version.  Now, Microsoft 365 is a subscription service.  For about a $100 a year, I have full access to Office products, some of which I wouldn't normally because of different versions of Office (Home, Pro, etc.).  Not only do I have access to all the productivity software I need, I also have 1 terabyte of cloud storage at my disposal.  This is the best part...my 100 bucks allows me to share these same benefits with 5 people in my family!  See more about it here: https://www.microsoft.com/en-us/microsoft-365/explore-microsoft-365-for-home

Is it safe?

That answer is simple...it depends.  Keeping your cloud accounts safe is the same as keeping any other account safe.  I talked last week about multi-factor authentication.  Within OneDrive, there is an area called Personal Vault.  The Personal Vault is designed with added security, either stronger authentication or a second method to verify your identity (multi-factor).  The added layer of security is for more sensitive files, plus the secondary authentication is a way to make sure those files are only accessed by me.

In order to keep your files safe, Microsoft encrypts your data while it resides on the server.  Additionally, transportation security protocols are used while you access your data.  This keeps it secure both when in use and when you're not actively using it.  Here is some additional reading about how your information is protected: https://support.office.com/en-us/article/how-onedrive-safeguards-your-data-in-the-cloud-23c6ea94-3608-48d7-8bf0-80e142edd1e1

Other providers...

I have only told you about 2 cloud providers for personal use, Google and Microsoft.  Others include Dropbox, Apple iCloud, and Bitcasa.  One I would like to tell you about for sure is Amazon.  If you are an Amazon Prime subscriber, you get unlimited photo storage.  That is a pretty fantastic benefit along with everything else Prime provides.  Read more here: https://www.amazon.com/Amazon-Photos/b?ie=UTF8&node=13234696011


Sunday, April 19, 2020

ZOOM! Slow Down, Your Info was Stolen

Welcome back readers!  It has been about a month, but it is time for another CYBR 650 course post.  Just to recap, last month I gave you some information about those jerks capitalizing on the COVID-19 pandemic by sending Coronavirus spam and phishing messages and setting up bogus websites, all trying to steal your information.  That leads us to the related, but not new topic of stolen account credentials.

tl;dr

Social distancing has changed the way we do business and interact with our friends and family.  Software designed to help bring us closer together while far apart is a bigger target than ever.  How can you keep your account secure, even if it is part of a breach?  A strong, complex password is the first step to keeping your account safe.

Working and Being with Family While Socially Distanced

If you are anything like me lately, you have been working from home and rely on collaboration and video conferencing software to interact with coworkers, friends, and family.  In this time of social distancing, we use software to “feel” close to those we need to interact with.  The video conferencing software provider Zoom recently suffered a breach where more than half a million account credentials were stolen.  On April 13, Forbes reported credentials for more than 530,000 Zoom accounts were being sold on an underground hacking forum.  These 530,000 accounts were purchased by Cyble, a group of cyber risk assessment experts.  The thing I find most shocking about their purchase is that they did it for next to nothing.  Basically, the account information was being sold for extremely cheap, less than a penny each or, in some cases, given away for free.  These accounts were stolen and then sold for less than $5,000.

Part of the problem with these credentials is the same with any other time an account has been stolen, people tend to reuse the same passwords for multiple accounts.  I won’t preach about the importance of creating a strong, complex password…I’ve already done that and you can read all about it here: http://cyberschopp.blogspot.com/2016/03/pesky-passwords.html.  Take a read, and then start changing your password 😊


Ensuring you have a strong password is a critical way to keep your accounts safe.  One other thing you should do is to check if the e-mail addressed used to register for accounts has been flagged as a stolen account.  The site haveibeenpwned.com can help you check that.  Checking my e-mail address, the site tells me that I have accounts on 11 breached sites.  Fortunately, I already knew this an changed the passwords associated with those breaches.  Some of the breaches my e-mail has been affected by are the 2013 Adobe breach, Collection #1 in 2019, and Lord of the Rings Online (don’t judge me).

Password Manager

One recommendation I did not give in 2016 when I jumped on my password soapbox is the use of a password manager.  A password manager keeps track of login information, including username and passwords, for sites and services you have accounts for.  Google Chrome has this built in, as well as the nicety of suggesting a complex password when creating a new account or changing your password on an existing account.  The advantage of this is the creation of an incredibly complex password that will make your account very secure.  The disadvantage of this is that the password is usually so complex and does not make sense, so remembering it would be next to impossible.  This is okay as long as you have access to your password manager, or are willing to change it often when you need to access the account from a different system.

Multi-factor Authentication

Another option for securing accounts is to use multi-factor authentication.  You are probably already using this to some extent but let me creak it down for you.  You login to your bank account with your username and password.  Your bank website then prompts you to select either your e-mail or phone to receive a message with a one-time PIN to get into your account.  Since you have your phone right next to you, you select text message and wait for a moment.  Sure enough, you just got a text with a number you need to enter into the bank website.  Once you do, you no have access to all your monies!  That is multi-factor, using information from two or more devices to access one site.

Hopefully this hasn’t left you feeling hopeless.  The first step after finding out your information has been stolen is to change your password.  You should also really consider if you actually need that account.  If not, change the password to something complex and meaningless that you’ll never use again, then disable or delete the account.  This ensures that if the account information is stolen later, the credentials cannot be used on another site.

Be safe out there!


REFERENCES:
https://www.cyble.io/
https://www.forbes.com/sites/leemathews/2020/04/13/500000-hacked-zoom-accounts-given-away-for-free-on-the-dark-web/#7ef72e6758c5
https://haveibeenpwned.com/

Sunday, March 22, 2020

Your Computer has a (Corona) Virus

Welcome back everyone!  It has been quite some time since I last posted, I hope you have all been well!  I am now in a new Bellevue Univeristy course (CYBR 650) which requires posts

tl:dr
First, let me say that the title of this post is not intended to be a joke.  With everything going on in the world related to the COVID-19 pandemic, we all need to be cautious and make decisions that are in the best interest of ourselves and our families, and to do so without harming others (I'm looking at you toilet paper hoarders).

Looking for current information on Coronavirus has become a part of our lives, and hackers know this and are trying their best to take advantage of this international emergency.  Different actors are performing a variety of attack vectors from phishing to entire malicious domains.

The increase of coronavirus related phishing has increased drastically recently.  These messages are similar to other phishing attempts in that they are used to try and get your personal information, account numbers, social security number, and even account login credentials.  Additionally, some messages are laced with ransomware.  The ransomware (or other software) appears to be something useful.  Instead, this software is there to encrypt your hard drive and keep all of your information away from you until you pay the hacker their ransom to unlock the system.  Another piece of software parades itself as a Coronavirus map, tracking the pandemic.  This software also contains malware that focuses on stealing your passwords.

More workers are also being directed to telework in order to increase social distancing, which increases the attack surface for hackers to hit.  Rather than an organization controlling information in and out of their networks, their employees are now working on their home networks.  Most likely, these home networks do not have the same level of protection as their work environment.  Unsuspecting users working from home, in an attempt to make their connections more secure, may find themselves with a VPN (Virtual Private Network) that is nothing more than malware written by someone with evil intentions.

Individuals are not the only targets of malicious actors taking advantage of this horrible situation.  Hackers successfully attacked the US Department of Health and Human Services just one week ago (15 Mar 20).  The thought is that the attackers are attempting to slow down the agencies response and spread misinformation to the public.  After successfully breaching the system, the attackers spread a false message of a government plan to implement a nationwide lockdown.

Now that I have properly scared you more than COVID-19 already has, what can you do to protect your digital life?  In my previous posts, I have made recommendations for things such as regularly patching your systems, removing unnecessary software, and using a complex password.  While these things will help you protect your system, you may want to think about the following:

  • Don’t open e-mails from unknown senders
    • While James Veitch shows how much fun it can be to toy with spam senders, some messages can activate malware simply by opening the message.  Better to leave them be and just delete them.
  • Ask your tech support what they recommend for a VPN
    • Some organizations have a VPN you can connect to already, but it most likely has limited bandwidth and number of users.  If they recommend using a VPN, ask which one.  Some VPN providers offer a free service with limited data, but others offer pay services.  For example, I used Windscribe while travelling abroad last year to keep my Internet connection secure.  It was a limited data use, but it did the trick to keep me safe while checking on personal business, like banking data.  See the link below to checkout Windscribe.
    • I can’t recommend any other VPNs because I have not personally used them, but others out there are NordVPN, ExpressVPN, and CyberGhost.  See the TechRadar list below!
  • Don’t give info out to someone over the phone
    • This is probably common knowledge, especially if you are reading this blog, but malicious actors still call people trying to get their info.  Why?  BECAUSE IT WORKS!  Just like phishing, people still give their info to callers.  Stop.  Seriously, just stop it.
  • Be wary of sites you get information from about COVID-19 (or anything for that matter)
    • Domain registrations with a coronavirus theme are 50% more likely to be malicious in nature.  This means you have a pretty good chance of going to a site for info and then having something bad happen.  Be careful, don’t trust corona-virus-info.biz (which I just made up…if you are the owner of corona-virus-biz and are a legitimate business, contact me and I’ll make something else up).

Stay safe out there! See you next time.

Schopp

REFERENCES:
https://fortune.com/2020/03/18/hackers-coronavirus-cybersecurity/
https://www.consumer.ftc.gov/blog/2020/03/ftc-coronavirus-scams-part-2
https://www.infosecurity-magazine.com/news/us-health-department-hacked/
https://www.marketwatch.com/story/hackers-are-using-coronavirus-concerns-to-trick-you-cybersecurity-pros-warn-2020-03-12
https://windscribe.com/
https://www.techradar.com/vpn/best-vpn

James Veitch, More Adventures in Replying to Spam - https://www.youtube.com/watch?v=C4Uc-cztsJo