howto

  • Cyber Security Incident - Scamming

    scamming

    Introduction

    We have a tradition to start the working day with a cup of coffee and call with our lovely customer or associate. Just after this, I've got informed that there is a potential customer requesting us. It's an amazing start of the day, right?

    The message

    I've opened the message, it was brief and inspiring:

    Hello, I'm Jennifer I wanna know if you can handle website design for a new company and also if you do you accept credit cards? Thanks

    But something was not right. I felt discomfort. So, I've examined this message once again. And discovered, that Jennifer Webb has the e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. Well, who knows, maybe that's her nickname, right?. So, I've decided to google for this e-mail address. Fortunately, about a year ago this case already happened to another web development studio: SearchRank Special thanks to Devid Wallace.

    How does it work?

    Sure, as a vendor you are interested in obtaining a new customer. Credit card payments interface accessible for your business via PayPal, Square, Quickbooks. Why not? Moreover, "customer" is paying in advance, leaving tips and transferring more.

    According to our stats, about 20% of people will gladly and happily accept this proposal. Unfortunately, the level of awareness is too low, to prevent others to be fooled by these scammers, but what we really can do - is to spread this information further. So, at least these, who will google, can read and avoid financial loses.

    The scam is really simple.

    • Somehow they aren't able to wire payment to the vendor, but the vendor can charge their credit card. By the way, maybe this is a real, but stolen credit card.
    • The vendor is charging them and they accept the payment.
    • Now the vendor has to transfer $XXXXX to their designer.
    • Next day the transaction will be declined by the bank.

    What to do?

    Just ignore this. If you have a doubt or want to play with these scammers - check with your Cyber Security Expert what you can and what you shouldn't do. But better - save your time and ignore scammers. Actually, that's exactly what they will do if they'll get that you are just playing with them.

    Be careful!

    Be aware!

    Be safe!

  • Cyber Security Incident - What to do?

    Security Breach

    What to do if you've got breached?

    As every good thriller, this one started from the call. Our local partner called me about his associate insistingly dialing him and texting about a security incident. He mentioned, that he will really appreciate if our security team can handle this request. As the typical unaware victim of the thriller I've said: "Of course!" and answered the call. Indeed, I never mind about helping our local partner and his associate. So, a bright, shiny, and sunny day of business as usual stops right now and the action begins!

    Hacker steals pocket

    The Threat.

    Through more than 10 years we passed through a few hundreds of security incidents. But it was only a second one when the cybersecurity intrusion has been followed by breaking in a customer's premises.
    Yeah, you can see there is nothing fun with this. Imagine that credit card information of several employees has been stolen, website was showing weird images, other people got contacted from accounts, related to this company in Linkedin, Facebook, Twitter, regarding financial help, accounting department laptops got compromised and out of control and finally, someone broke into the security room and perhaps to other premises, switched off surveillance and stolen all records related to this day.

    Even having a good experience with such incidents, that's too much.

    By the moment we've arrived at the customer's office, they've already called the police, called the bank and blocked their credit cards, shut down the office internet. The action involved me and all our cybersecurity team in this action thriller.

    So what was right on this stage and what was missed:

    • Call cybersecurity consultants. CORRECT. Indeed, you need to have experts to get the situation under control without any delay.
    • Call the police. CORRECT only if somebody broke into your premises. The police can potentially react on cybersecurity threat and perhaps, in future, they will do this as a part of their day-to-day duties, but now - they can start an investigation only if your privacy has been violated, life or health is in danger, something has been stolen.
    • Call the bank and block the cards. CORRECT. In fact, even if no-one made an attempt to use your credit cards after the security incident - it's a very good idea to mitigate the future risks and change your credit cards information. For sure, the future will be less insulting to you.
    • Shut down the office internet. Not quite correct. From one point of view, it's overreacting. From another, if the malicious software is already in your office - it still can spread through your computers and other devices connected to the intranet. Nevertheless, compromised computers should be turned off for sure. Their hard-drives should be removed for further investigation. They may have evidence regarding this intrusion.
    • Gather all your employees. Inform them about the threat. According to statistics about 25% of confirmed cybersecurity incidents happened with the assistance from inside. In our case, if there was an intruder, who'd hit the surveillance room (which was in the basement, there were no people inside, an intruder had a key) - the probability of the "mole" assistance is ~99%.
    • Record any and all evidence of the intrusion.Hackers will wipe out all signs of their presence as soon as they can. They only thing they are afraid of is exposure. Make a photo, screenshot, video, save the log file in another place. Anything with timestamps will help the investigation and will be included in forensics.
    • Mirror log files, surveillance data, and key business information in another place. You already know that Hackers don't like exposure. If they will note that they can't hide their presence and/or it's very complicated - perhaps they even won't try to breach your infrastructure. Well, sure, if they are smart enough.
    • Inform all and everyone that your social networks and/or e-mail accounts got compromised. Block these accounts or Change passwords to automatically generated strong passwords ASAP. As soon your associates and relatives will be informed - they won't do mistakes and less impact to your environment will be.
    • Inform your customers/business associates about such a force-major incident ASAP. For sure, the business will be paralyzed for a while. Some deliveries will miss the date. Some important calls and meetings will be missed. It's better to let businesses linked to you know about this than wonder about your reliability. They also can eventually know about this, so your silence can be associated as an attempt to hide the impact to their business.
    • Point the address to the website out from the compromised one. This is not only the bad PR for the company if the website got compromised - it potentially can be used by intruders for their own objectives. So, just cut this threat out until the further investigation.

    To be continued

  • Massive Cyber Attack: First things to do

    massive cybersecurity attack

    DO

    DON'T

    • Keep calm. You've got them!
    • Start panicking
    • Shut your PC/Laptop/Phone network off OR switch off the hacked device. 

    You should store as much evidence as possible. The best way for this is to shut it down and let the professional specialist to the job. 

    • Actively struggle with hackers over your mouse and keyboard.

    Every second of struggle-out is giving hackers a chance to wipe all the evidence out.

    IMPORTANT: Before the reporting make sure that you really (I mean REALLY) sure that you are under attack.

    Agency is getting hundreds of thousands of requests a year. The major portion of them is actually not related to cybercrime.

    • Call the police (despite our high respect for them)

    Police are working over the specific location, also called Jurisdiction.
    The local police are responsible for the city.
    Sheriff's office is responsible for the county.
    Highway Patrol is doing their job through the state.
    Cyberworld in the majority of cases is world-wide. That's definitely fallen out of the Police responsibilities. At least for now.

    • Backup everything to the external device 

    You should store as much evidence as possible.
    The crucial part of the evidence is stored on a hacking device. Ask the related specialists to store the image of your hard-drive or backup of your phone to external storage.

    For All Apple Devices - Contact and Visit the nearby Apple's Genius Bar

    For All Windows and Android Devices - Check the closest computer store with Customer Support. For instance, Best Buy has Geeks team available for that.

    • Wipe it all out

    This is exactly what hackers need.
    They will really appreciate if you destroy with your own hands.

    • Stop using the hacked device. Switch it off completely. Take the new one.

    Ideally, the hacked device is evidence of someone's illegal activity. It should be stored and given at a certain moment to a law enforcement agency. However, you need a mobile phone and computer to communicate with your friends, family colleagues.

    If you can - you should buy something new.

    If you can't buy a new one - you should re-install all the compromised devices from scratch. However, first things first - backup all evidence to the external hard-drive.

    If you need to do something immediately - use the nearest library, there must be computer stations available for everybody.

    • Keep using your hacked device

    More time you are using your hacked device - more chances you are giving to hackers to get your personal information: ids, social security, credit cards, photos, videos, documents, and all your friends and family contact information. This way, the attack can go on, spreading through the people you trust and value more than others.

    • Inform everyone about accident ASAP

     

    Inform everyone that hackers are operating your devices. It will save a lot of time, nerves and money for everyone.

    Moreover, there can be people who can volunteer and help you with this problem. Nobody knows the real power of their network unless they try it, right?

    • Tell anyone about the attack

    Don't tell anyone about the attack, so they'll be surprised when hackers will start sending them messages from you asking for financial support. 

    They will be even more surprised when they'll open a link sent from your device and will get compromised or Identity theft.

    •  Get control over your online accounts

    ATTENTION! Make sure that you are accessing your online accounts from the safe environment. Don't use hacked devices to change your passwords - this action will have no sense, moreover, it will grant intruders with your new passwords, so you will just waste a time.

    Using new devices - change all the passwords starting from the most critical iCloud, Gmail, Dropbox, etc.

    • Leave your online accounts for hackers

    That's definitely what has a special value for hackers. Online accounts, especially iCloud, Google, Gmail, Outlook, Yahoo tall of them and any of them is a gold mine of personal information, confidential information, identity, passwords, keys. Through it, they can dig down to get access to other accounts, for instance to the bank account.
    In many cases, black-hats are ransoming people with their private pictures. It happens not only for celebrities.

    •   Keep everything safely stored

    It's just common sense. No-one will store their money on the open space, right? There are banks for this, right?

    Keep keys and passwords in a specific system like iCloud Keychain (we recommend it for iOS, MacOS Users) or one of these solutions reviewed by CNET.

    Gmail, Yahoo - great services for e-mail storing. By the way, they are providing the history of IP addresses, which accessed every specific account. [HINT: we've got a good portion of blackhats screwed there]

    However, unfortunately, there is no such thing as an encrypted mailbox, yet.

    So, let's switch to safe storages. Actually, we are normally recommending the local SAN storage. Simply speaking if you heard about Apple TimeCapsule - that's SAN. There is an overview of SAN solutions from PCMag.

    Finally, there is a wide variety of Cloud storages. You can read about the best for this year reviewed by PCMag here.

    Finally, to keep all this safe you have to change all these passwords. HINT: start with a keychain or other analogues. It will save your time to save all these new passwords.

    •  Think that hackers need only money from you

    If no one is asking for money, then the objective wasn't about ransoming attacked person.
    Perhaps, someone already paid for it, because there are no hackers willing to risk spending 30 next years in prison just due to curiosity "what's stored in pictures on this laptop?"

    In some cases, they are aiming documents, contractual relationships or just get your systems down, so you won't be able to do something.

    Be cyber-careful!

    Be info-aware!

    Be safe!

  • Social Engineering: Exploiting Fears

    Social Engineering

    Social Engineering

    According to Wiki #SocialEngineering is the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.

    How it works?

    Imagine that something weird is happening to someone's website. What will you do? In fact, the real answer does not matter, because now you know that it happens.

    Now imagine that your associate or friend has got his website hacked. How do you feel now? With an 80% probability, you'll be sorry. But what's matter - since this very moment you'll be sure that it can happen to you too.

    Finally, something weird is going on with your website or computer.

    THAT'S THE STARTING POINT

    If you know something about it and definitely confident with it - good for you, so you can calmly investigate, understand and fix it.

    If not - you'll decide to google for security protection tools, actually, like you did last time with antivirus software [which in fact is really useless without other cybersecurity tools] last year. For some time you'll feel quite confident and protected until things will turn to even weirder. So, what's up?

    THE CON

    In many cases the spyware, rootkits and trojan horses are quite hard to market, right? Like my marketing friend said once "Do you know what is the difference between a rat and a squirrel? No? Squirrel has better marketing". It works definitely the same way with spyware, rootkits, and trojan horses. They are never marketed as "a rat". They are always aggressively promoted as "a squirrel". Moreover, the FREE squirrel. These people think "Why have I pay for the subscription or the product from a well-known source if there is one FREE?!"

    The con is inside. Nobody will agree that he is not smart. Everybody thinks that he is smarter than others. You should know this feeling, right? So, what "smart" people do? Exactly, they are doing smart things and downloading free. Because Free is Cheaper.

    THIS POINT IS THE LAST ONE TO TURN AWAY FROM IMMINENT PROBLEMS

×
×