Businesses Struggling to Keep Up with Latest Wave of Malware Attacks

Companies have been struggling for years to keep cyber-attacks at bay. Cyberthieves are working faster than ever before to send out their malicious attacks, and it’s become increasingly difficult for companies to keep up.

CNN reports that almost one million malware strains are released every day. In 2014, more than 300 million new types of malicious software were created. In addition to new forms of malware, hackers continue to rely on tried and true bugs because many companies simply haven’t found a fix or haven’t updated their systems to mitigate the threats.

In almost 90% of these cases, the bugs have been around since the early 2000s, and some go back to the late 1990s. The irony here is that companies can protect themselves and create patches for these bugs, but there tends to be a lack of effort and resources when it comes to getting the job done.

Some industries are targeted more than others. After hackers get information from these companies, such as proprietary data, they attempt to sell the information on the black market.

Cyberattacks are spreading quickly, and it takes almost no time after an email is sent for a victim to fall for the scheme. When a hacker is successful at breaking into a certain type of company, such as a bank or insurance firm, they will typically use the same exact method to quickly attack another company in the same industry.

New and improved cyber attacks

While old methods of cyber-attack can still be effective, it is the new scams that users should be nervous about. Here are some examples:

  • Social media scams
    Social media scams work and cybercriminals just love them because the people being scammed do most of the work. Cybercriminals release links, videos or stories that lead to viruses, and people share them with their friends because they are cute, funny or eye-raising. These tend to spread quickly because people feel as if they are safe.
  • Likejacking
    Hackers may also use a practice known as “likejacking” to scam people on social media. In this case, they will use a fake “like” button that tricks people into installing malware. The programs then post updates on the user’s wall or newsfeed to spread the attack.
  • Software update attacks
    Hackers are also focusing on more selective attacks. For example, a hacker may hide malware inside of a software update. When a user downloads and installs the update, the virus is set free.
  • Ransomware
    These attacks, where thieves steal or lock files on a person’s computer and then demand a ransom for access, climbed more than 110% in the last year alone. Once infected, the only way to regain access to the files is to pay a fee, usually between $300 and $500, for a decryption key.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How Water Leak Sensors protect your Home

Ever wonder how a water leak sensor actually works?1S

  • Water comes into contact with the sensor. The sensor makes and electrical contact and send a signal.
  • The sensor transmits a signal to a central station of sorts (kind of like how if extreme heat or a needle comes in contact with your skin, your sensory nerves will send a signal to your brain).
  • Once the signal reaches the “brain” of the water leak sensor, an alarm will sound.
  • A more advanced system includes a phone call from a base monitoring center to alert you to the leak.

Where might water leaks occur?

  • Appliances like the dishwasher and washing machine are among the many sources of potential leaks.
  • Obviously, a hot water heater can leak.
  • A leak can also emanate from the plumbing of a toilet.
  • Roofs leak all the time.
  • Your neighbor in your apartment/condo may spring a leak.

Though a water leak may sound like a minor nuisance, it can actually be very costly if unchecked. A worst case scenario is an untreated leak causing mold to proliferate in the house’s walls and floors. This mold can cause serious health problems. Water leaks could ruin wood and carpet as well.

Placement of Water Sensors

  • High quality water sensors can be placed anywhere you’d like. The device may be only three inches long, depending on make and model.
  • Beneath the dishwasher
  • Floor of the basement
  • Under the bathroom sink
  • Drip pan of the washing machine
  • Drip pan of the water heater

These are just suggestions; review your house for any possible location where there could be a water leak.

Water damage is never to be underestimated. It’s the No. 1 reason for insurance claims. We’ve all heard about basements getting flooded—not from storms but from pipes that burst.

And it goes without saying that sooner or later, an appliance is going to have a puddle of water forming nearby it.

It’s smart to get water leak sensors set up in your house for yet another reason other than prevention of damage: a lower rate on your homeowner’s insurance. See if your insurance will offer you a discount if you have water leak sensors.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How to secure your Apartment

I love that show, “Forensic Files.” Every so often there’s the case of a person who was found murdered in their apartment due to some forced entry. Which brings me to the topic of apartment security.

1HNew Apartment

  • Don’t delay in doing a walk-through of the entire premises, including the laundry room (where a crime can occur after a creep spots a vulnerable-looking woman enter the unlocked room).
  • Take note of any portals through which a burglar could make entry. This includes trees and trellises that lead to a window.
  • Take note of where the lit and dark areas are.

Doors and Windows

  • I can’t begin to tell you how many episodes of “Forensic Files” deal with an intruder getting in through an unlocked door or window—and this includes during the day when the victim was home. Keep them locked!
  • However, we all know that intruders will use force to break through a locked door or window (though if you’re home, you’ll have time to call 911 and perhaps make an escape through the back of the apartment—a plan you should already have in place since Day 1. If you’re on the second floor, have a foldable ladder always ready to make your escape.). Sounds crazy, but it’s good for fire escape too.
  • Hopefully your landlord will permit you to replace what’s probably a cheaply built door strike-plate with a strong one with two-inch screws, as this will make it very difficult to kick open. Press your landlord to allow deadbolts on all the doors, even if you must pay for them.
  • Make sure the window locks are very difficult to get past, even if you must pay for revisions. Landlords typically won’t do things like this; if the lock merely “works,” that’s usually good enough for them. This includes sliding glass doors.
  • Put Charley bars or anti-slide devices in the tracks of sliding doors.
  • No matter how mesmerizing the night crickets or ruffling leaves are, you must never go to sleep when the windows are unlocked.

Miscellaneous

  • Make sure no valuables are visible through your windows.
  • A landlord won’t pay for a security system. Hang on every doorknob a sensor (available online and fits in your palm) that, when the door is opened, emits a loud beep.
  • Install your own home security system. They are relatively inexpensive and some can be moved to another apartment.
  • Use timed lighting devices to make it appear you’re home when you’re out.
  • Every time you leave your apartment to get mail, empty rubbish or go to the laundry room, lock your door!

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Should You make the Investment in Alarm Monitoring?

Imagine the effectiveness of the following sign at your front door when a would-be intruder reads it:

WARNING: This house is protected by a remote monitoring service; if you break in while the homeowner is away, he’ll be instantly alerted and the police will be automatically dispatched. And if you break in while he’s home, well heck, you’re still screwed.

2WWhat exactly is a remote monitoring service?

  • It’s always ready for an intruder, 24/7, every single day.
  • A comprehensive service will also detect smoke, water heater problems and other issues like a carbon monoxide leak.
  • You will have a “safe” word that only you (and other trusted people) know.
  • If the alarm is tripped and the monitoring service can’t get the safe word from whomever answers the phone, or there is no answer, police will be on their way.
  • An advanced system will also allow you to remotely revise settings on your customer account.
  • Another feature of a high tech system is that it allows you to set silent alarms, so that the “intruder” won’t know they tripped the sensor, but you will get an alert to your phone indicating this. This feature is great for people who suspect a family member is snooping around where they shouldn’t.

The Technology

  • Joe Thug kicks down your back door (you kept putting off getting a top-flight strike plate).
  • The alarm is triggered.
  • This alerts the monitoring center.
  • They call you.
  • But you can’t answer because you’re not there.
  • The intruder answers, intending to convince the company that it was a false alarm. Instead he’s asked for the secret word. Startled, he hangs up and flees.
  • The police are dispatched.
  • After the dispatch, your secondary phone numbers are called (family, friends, etc.).
  • This same technology has a panic button for fire, police and EMT. Once pressed, help is on the way.

So should you make this investment? How worth it is your home, family and peace of mind? Invaluable.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Scareware Scam almost snags Victim

Cybercriminals know that the best way to get their claws on the next victim is to appeal to their emotions, not logic.

4DThere’s lots of scary things in life, and one is learning that your computer has been infected with a virus. If this happens, you’re now vulnerable to spending money on getting rid of the malware. The tactic of scaring users is called scareware.

  • A pop up tells you “Warning! Your Computer Has Been Infected with Malware!”
  • The pop-up can be triggered by visiting an infected website or by making a bad click.
  • The pop-up can’t be closed out, or if it can, another appears.
  • Additional information in the pop-up lures you into clicking a link inside it, such as buy some downloadable security software that will destroy the virus.
  • Once the alleged security software is downloaded/installed, it crashes your computer—even if you already have a legitimate security software program in place.
  • You’re screwed at this point. (Hope you had all your data backed up before this happened!)

Here’s another way the scam can unfold, from someone who wrote to me:

I was notified by a notice supposedly from Windows Security that my PC has been attacked.  They claim that all my PC ID numbers were stolen and that Russia had got about 8-12 other IDs.  They took control of my computer and said they scanned it to find this out. They claimed the only way that I could clear this problem was to have them clear it for $199.99 and security for 1year (sic) for $149.99.  They said the only way to accomplish this was by check.  They said it couldn’t be done by credit card because them (sic) numbers would be stolen too.  I refused to go along with that plan and closed them out.  

P.S. I checked my account and it is paid thru 6/2016.  How do I know if I get a notice from Windows that it is legit? 

All windows notifications come via Windows Update. That “pop-up” emanates via your notifications area on your taskbar and NOT a popup via your browser. What a mess.

Protect Yourself

  • Use security software only from a name-brand company.
  • Keep it updated.
  • See a pop-up? Close it out. Never click inside it—which you can’t do if you close it out immediately.
  • Exit the site you think triggered it.
  • Play it safe and run a scan using your legitimate security software.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Bitdefender’s BOX: All-in-one Cybersecurity from one App

Gee, if your home is connected to lots of different devices, doesn’t it make sense that your cybersecurity integrates all your connected devices? Meet the Bitdefender BOX, a network bulletproofing hardware cybersecurity tool for the home that embraces smart home protection focusing on the Internet of Things with remote device management offering next generation privacy protection.

boxBOX description:

  • One complete security solution for connected homes
  • Sets up to a router
  • Is controlled by the user’s mobile device and hence, can be controlled anywhere
  • Everything is protected: not just your computer, but all of your connected devices, like your baby monitor, TV, thermostat, garage door opener and house alarm system. You name it; it’s protected from hackers.
  • BOX works with an annual subscription much like most cyber security “security as a service” technologies.

Features:

  • Easy Setup. Just plug and play.
  • Advanced Threat Protection. In and outside your home network. You’re safe on the go as well!
  • Management and Control. All available in one app, at your fingertips, anywhere you are.

So, protection from hackers means that you can have peace of mind knowing that BOX is warding off attempts at ID theft, fraudulent activities, cyber snooping and other threats.

All you need to do is connect BOX to your router via one of its ethernet ports. Then get the BOX application going. Its user friendly and you just follow its easy instruction: all of a few minutes’ worth. BOX then goes to work to intercept cyber threats at the network level. And all from just one app.

So yes, you need a smartphone (Android or iOS) to take advantage of BOX. If you’ve been on the fence about getting a mobile device, move out of your cave, junk your Pinto, cut your mullet, and get the BOX.

Think of how great it would be to be alerted of network events through this does-it-all application that you can control no matter where you’re located. This means you can control all of your connected devices.

One of BOX’s features is the Private Line. This protects your Internet browsing experience, including making you anonymous. Other features:

  • Protection against hacking attempts including lures to malicious sites.
  • Protection against viruses, malware including downloads, phishing, etc.
  • Protection against anyone wanting to pry open your files and see what’s in them or steal them.
  • Protection occurs even when you’re using public Wi-Fi, such as at a hotel, airport or coffee house!

Who needs BOX?

Everyone who has connected devices at home and uses the Internet. This is like asking, who needs a lock on their home’s door? Anyone who lives in a home.

Think about a home and home security as an example. If you’re going to have a lock, it should be a good lock, right? But the lock is only effective if you actually lock it. You also need to lock up your windows and consider a home security system. These are all “layers of protection. Well, the BOX is multiple layers of protection for protecting your online experience as well as computer files.

BOX is designed for non-techy users, so if you’re one of those people who is “not good with computers,” you’ll still find BOX’s setup and navigation quite friendly. It also helps set up password-protected Wi-Fi network does for you and you can even let guests use a secured Wi-Fi network. This post is brought to you by Bitdefender BOX.

Can the cloud be trusted?

Most people have heard of storing information in “the cloud,” but do you know what this means, and if it is even safe?

4HA cloud is basically a network of servers that offer different functions. Some of these servers allow you to store data while others provide various services. The cloud is made of millions of servers across the globe and most are owned by private or public corporations. Many of those corporations are diligent about security, and you are likely using the cloud whether you know it or not.

Most customers using cloud services have faith that their information will remain safe. But there are some precautions you need to take. Here are some questions to ask any cloud service provider before relying on them to store your business data:

  • How often do you clean out dormant accounts?
  • What type of authentication is used?
  • Who can access and see my data?
  • Where is the data physically kept?
  • What level of encryption is in place?
  • How is the data backed up?
  • What’s in place for physical security?
  • Are private keys shared between others if data encryption is being used?

Keeping your company data safe

Over time, a company surely will accumulate data that seems irrelevant, but you shouldn’t be so quick to dispose of this data, especially if it is sensitive. This might include data such as customer or client information, employee information, product information or even old employee records.

The truth is, you just never know when you may or may not need this information, so it is best that you keep it. Digital data should be backed up in the cloud. If it’s paper, convert it to digital and store it offsite. Here are some things to remember when doing this:

  • All data, even if old or irrelevant, should be backed up.
  • Data retention policies should always include an “expiration date” for when this data is no longer useful to you.
  • Companies that want to delete old data should understand that deleting files and emptying the recycle bin, or reformatting a drive may not enough to get files off of your computer. Hackers may still be able to access this data.

If you actually want to remove all of the data on a disk, literally break or smash it. To truly delete a file, you must physically destroy the hard drive.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.

My EMV for a Week Challenge is DONE!

This week I worked with Gemalto, as part of Gemalto’s #ChipAwayAtFraud campaign. I was tasked with using my “chip” card when making a bunch of every day purchases like getting coffee and shopping. Gemalto, one of the world’s leaders in digital security, wanted a real-world take on the EMV card experience, which includes the security benefits EMV cards presents. You know EMV; it’s the “chip” credit card that, by now, you should have.

1CHere’s what I learned:

A significant portion of the retailers I frequented didn’t have the chip terminals in place. The ones that did afforded more security and a seamless transaction. At this point in EMVs rollout, the biggest issue, or frustration, I think, is its lack of deployment. For instance, you may have to redo a transaction when a chip card is inserted opposed to swipe and then to be told by the cashier “We don’t accept chip cards yet, please swipe”. The opposite happens too, but less frequently.

Otherwise, chip cards are a no brainer. The “learning curve” for EMV or Chip is learned in the first transaction. Once done, you’ll be able to do it every time, and there are no delays or issues with the transaction.

Overall, we are collectively more secure because of EMV/Chip technology. Over time, there will be 100% adoption of this method as magnetic striped cards are phased out along with magnetic striped “swipe” point of sale terminals. For now, and really, forever, a consumer’s first line of defense is to pay close attention to their card statements.

I always recommend signing up for your bank or card company’s mobile app and receiving alerts and notifications with each transaction. This way you’ll be able to dispute fraudulent charges in real-time, if needed.

Meanwhile, your chip cards are here to stay. Embrace the technology, as its primary purpose is security and convenience. As more and more retailers get up to speed, we will see fewer and fewer news reports of huge credit card data breaches because of EMVs full scale deployment.

How to figure out Crime Statistics in a Town

If you want to get an idea of how safe or crime-ridden a town may be, do some casual observing including at night:2H

  • Are women walking or jogging alone at night?
  • Are people hanging out in the evening having a good time?
  • Are children mysteriously absent on a sunny weekend afternoon?
  • Are there a lot of “for sale” signs among the houses?
  • Do many houses have security signs in their yards?
  • Are there any other tell-tale signs that the town is safe—or seedy? Like many taverns and only one recreation center?

Before moving to a particular town, you should also chat with its residents. Maybe you shouldn’t reveal you’re thinking of moving there, as they may tell you things you want to hear. Pretend you’re a resident and strike up a conversation at the local diner or some place like that, a comment that would lure someone into giving information about the safety—or danger—of the town.

But of course, you can just be more upfront and honest and flat-out ask about the crime rate, safety, etc. Ask if it’s safe for children to walk to and from school by themselves (I don’t mean six-year-olds, of course).

Ask if there’s a neighborhood watch and why it was established. Inquire about safety measures the townsfolk are taking.

Safety also means the condition of roads and sidewalks, not just for motor vehicles but bicyclists and pedestrians. Are roads in good condition? Are intersections well lit? Are stop signs easily visible?

If your move is long-distance and you can’t in-person visit the town:

  • It’s time for some googling. Type in “city of (name of town)” to view its website and various stats such as “crime rate.”
  • Also visit the town’s police department’s website. See if it has a Facebook page. A lot of local buzz is reported on a police department’s Facebook page.
  • Read the town’s major online newspaper to see what’s usually cooking.
  • Find out what the town’s news station is and visit its site.
  • Are the sites laden with crime stories? Over time, have there been a lot of sexual assaults or home robberies?
  • Any continuous complaints about the schools?

For more comprehensive research, visit the following:

  • MyLocalCrime.com
  • FamilyWatchdog.us
  • CrimeReports.com
  • Neighborhoodscout.com
  • City-data.com

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Why Are Cyber Hucksters so successful?

Often, hucksters prey on the consumer’s desperation, which is why it’s no surprise that the No. 1 rip-off (at least between 2011 and 2012)) was bogus products promising weight loss.

6DVICE (vice.com) interviewed psychologist Maria Konnikova about how cyber cons are so successful—even with the most ridiculous sounding bait (Nigerian prince, anyone?).

The bait becomes more attractive when the target is receiving an influx of cyber attention. Sad to say, this trips up a person’s rationale, making them susceptible to the huckster’s plan.

Konnikova is quoted as stating, “Few things throw us off our game as much as so-called cognitive load: how taxed our mental capacities are at any given moment.” She explains that people are vulnerable when the con artist hits them up with their scheme while the victim is distracted with Twitter, texting, etc. In short, it’s cognitive overload.

Konnikova is the author of the book, “The Confidence Game: Why We Fall For It, Every Time.” In the book, she mentions that victims such as the U.S. Navy were too humiliated to prosecute the crooks who conned them. She tells vice.com: “Because admitting it [getting rooked] would mean admitting you’re a sap.”

And in this day of rapidly evolving cyber technology, the huckster’s job is becoming easier, what with all sorts of pathways he can snag a victim, such as dating sites and pop-up ads warning your computer has been infected. But something else is on the crook’s side: the false sense of security that all this techy mumbo jumbo gives the common user—who hence lets down their guard.

And despite all the parodies and mockeries surrounding the so-called Nigerian prince scam (aka 419 scam), it’s still out there in full force and effect. Look how technology has made it swell. And it will continue evolving as long as people want something for nothing. Why else would the Powerball swell to over 1.3 billon. “The basic contours of the story won’t change,” Konnikova tells vice.com.

Another factor is that some people equate online with credibility: “It’s online so it must be legitimate,” is the mindset. According to this mindset, the Loch Ness Monster must really exist, since there are many stories about it online. Despite how irrational this mindset is, scammers know that many people think this way and will design their ploys to look even more legitimate (with creative layouts, slogans, links, etc.).

Though it takes skill to be a successful huckster, they can’t get the job done without the victim being “vulnerablized” by cognitive overload.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.