FBI Releases Article on Privacy Risks Associated with Internet-Connected Children’s Toys

National Cyber Awareness System:

Original release date: July 17, 2017

The Federal Bureau of Investigation (FBI) has released an article on the privacy risks associated with Internet-connected children’s toys. FBI warns that Internet-connected toys may contain “sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options” that may put the privacy and safety of children at risk due to the disclosure of personal information. FBI recommends that consumers read user agreement disclosures and privacy practices for information on how a toy’s data may be used.

Users and administrators are encouraged to review the FBI article for more information and refer to the US-CERT Tip Protecting Your Privacy

Urgent :TA17-132A: Indicators Associated With WannaCry Ransomware

Original release date: May 12, 2017 | Last revised: May 13, 2017

Systems Affected

Microsoft Windows operating systems

Overview

According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 different languages.

The latest version of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly over several hours, with initial reports beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting indicates a requested ransom of .1781 bitcoins, roughly $300 U.S.

This Alert is the result of efforts between the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) to highlight known cyber threats. DHS and the FBI continue to pursue related information of threats to federal, state, and local government systems and as such, further releases of technical information may be forthcoming.

Description

Initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through Remote Desktop Protocol (RDP) compromise or through the exploitation of a critical Windows SMB vulnerability. Microsoft released a security update for the MS17-010 vulnerability on March 14, 2017. According to open sources, one possible infection vector is via phishing emails.

Tax Identity Theft Awareness Week

U.S. Department of Homeland Security Seal. United States Computer Emergency Readiness Team US-CERT

 

This is Tax Identity Theft Awareness Week, and many federal agencies are offering consumers information and resources on the topic. US-CERT encourages taxpayers, business owners, and tax preparers to educate themselves on tax identity theft by reading Internal Revenue Service (IRS) publication Taxes.Security.Together. and the US-CERT Tip on Identity Theft. Users can also check out these events on avoiding tax identity theft hosted by the Federal Trade Commission (FTC), IRS, Department of Veterans Affairs, and other agencies.

From: U.S.Cert

Why you should close down your Yahoo account immediately

Close down any Yahoo accounts you have NOW
and check if your email can be spoofed…

Yahoo just announced another hack where a whopping billion accounts were hacked. What a Massive Epic Fail.

At this point, Yahoo has fallen down on security in so many ways I have to recommend that if you have an active Yahoo email account, either direct with Yahoo of via a partner like AT&T, get rid of it.

And in case you have employees who check their Yahoo account on lunch breaks… it’s time to put Yahoo on the block list of your firewall and all filtering software & devices.

Hints And Tips For Yahoo Account Owners

  1. Before you delete the account, get rid of all the folders and only then delete the account and open a gmail account instead.
  2. Check if you have used your Yahoo password in other sites, and change the password and security questions for those accounts. And remember, never reuse your email password (or any other password tied to an account that holds sensitive data about you) at any other site.
  3. If you used a mobile phone number in association with your Yahoo account, and you still use that mobile phone number, then SMS phishing (a.k.a. Smishing) is now a distinct possibility, so be very wary of smishes.

The forensic investigation is still going on, but it is highly likely that the bad guys initially got in through a spear phishing attack with a spoofed ‘From’ address. These types of attacks are hard to spot and employees tend to fall for them.

Can Your Domain Be Spoofed?

Can hackers spoof an email address of your own domain and get away with millions??

Are you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit “CEO Fraud”, penetrating your network is like taking candy from a baby.

Would you like to know if hackers can spoof your domain? Cino can help you find out if this is the case with our free Domain Spoof Test. It’s quick, easy, and often a shocking discovery.

Our tests over the last 2 years show that 82% of servers fail to handle spoofed emails correctly.

Contact us today at 516.932.0317 x309 to initiate a domain spoof test.

 

Cyber Security Part 3: Protecting Yourself

So far in this series we’ve covered important cyber terms and definitions along with common forms of attack. In the final part of our Cyber Security series, we’ll be sharing tips on how to protect yourself from a cyber attack. Some may seem obvious but it’s astounding that so many ignore the small things and open themselves up to attack. Let’s get to it!

Email links: 

Never click on links in an email. If you think the sender is legitimate (i.e. Google or Apple), go directly to their site and log on from there. If the email was valid, you should find whatever was being promoted on their site.

Text message links: 

Like email links, beware of text message links and do not click on any unknown links or answer any strange questions that request any personal information including your username or password.

Passwords: 

Be sure to set secure passwords and DO NOT share them with anyone else. Make them difficult to guess by avoiding the use of personal information, common words and phrases. Instead, use upper and lowercase letters, numbers and special characters. Also, be sure to change your passwords regularly and implement a two-factor authentication so you are notified if someone is accessing your account from a new device.

Attachments: 

Companies are not in the habit of sending attachments along with their emails, therefore, if you receive any attachments from a retailer, do not open it. When in doubt, call the company to verify whether or not they sent the email. Also, make sure the option to automatically download attachments is off.

Personal Information: 

Under no circumstance should you give out any personal information whether it be over the phone or via email unless you are 100% sure. Many people are hacked because they receive authenticity requests that appear to be from legitimate sources they have accounts with. They then provide their username and passwords giving the hackers access to their information. Instead, contact the company directly to verify the request.

Updates:

Keep all anti-virus software, operating system, browser and any other important software up to date as they usually provide free patches and security updates.

Website URLs:

Pay close attention to the URLs you visit. Malicious users will often slightly change the spelling so it isn’t noticeable to users or use a different domain (i.e. .net instead of .com) to trick users.

Use these tips and begin protecting yourself today! If you’d like to further secure your system or see just how secure it is today, contact us. We can conduct friendly penetration system testing to locate any vulnerabilities and customize a cyber security plan just for you.

Watch our short video below for more information.

Cyber Security Part 2: Forms of Attack

Now that you’ve had a chance to familiarize yourself with essential terms and definitions in Part 1, we’re going to jump right into the most common forms of attack that you need to be aware of.

Distributed Denial-of-Service (DDoS) Attack:

A DDoS attack is when a cyber criminal uses a network of zombie computers to sabotage a specific website or server. The user instructs the zombie computers to contact a specific website or server over and over again, increasing the traffic to the server or website, overloading it causing it to slow down or shut down completely. Your computer could be used in one of these attacks. If an attacker finds security vulnerabilities on your system, they could take control of it and force it to send large amounts of data to a website or spam emails.

Botnets:

Botnets are a large number of software robots (bots) that constitute a group of infected computers (zombie computers) that are remotely controlled by a malicious user to spread malware, send spam emails containing viruses or DDoS attacks.

Hacking: 

A hacking occurs when a malicious user gains unauthorized access to a computer by finding weaknesses in your security and exploiting them to access your information.

Malware: 

Malware is one of the most common tools for hackers to use to infiltrate or damage your system. It is malicious software such as computer viruses, worms, Trojan horses, spyware and adware. Malicious users use it to take control of your computer and all the software you’re running on it, send spam emails from your computer, steal sensitive information, access your files, reformat the hard drive of your computer causing you to lose all your information or scare you with pop-up messages telling you that your computer has a security problem while directing you to contact them for help further exposing your system to threat.

Pharming: 

Pharming is a very common type of online fraud which points you to a malicious and illegitimate website by redirecting the legitimate URL, even if it’s entered correctly. You are convinced that the site is real because it looks almost identical to the legitimate website and if you enter your information, you may unknowingly give it to the malicious user.

Phishing: 

Phishing, also known as spoofing, is often used by malicious users because of its ease of execution and result production with minimum effort. They send you emails, text messages and websites that appear to be from authentic companies in an attempt to steal your personal and/or financial information. When you are asked to validate, update or confirm your account, they are tricking you into giving them your information such as your username and passwords giving them access to your accounts (online bank account, credit card numbers, etc.).

Ransomware:

Ransomware is a type of malware that essentially holds your system hostage. You are denied access to your computer and/or files through either lockscreen ransomware which only shows a picture denying you access or encryption ransomware which encrypts your files also denying you access. Meanwhile, a message is displayed demanding payment in order to grant you access again. It is transferred through phishing emails with malicious attachments or website pop-up advertisements.

Spam: 

Spam entails a mass distribution of unsolicited emails that contain the threats of malware or fraud by including links to websites, special offers or promotions. By clicking on those links, you grant the malicious user access to your computer and files.

Spyware: 

Spyware is installed automatically on your computer when you click on a free download that is not authentic. It will steal your personal and computer information and send it to third parties, attack your computer with viruses or alter the way your computer operates.

Trojan Horses: 

Trojan horses are a malicious software that has the ability to log your keystrokes (online banking sign in, for example), steal your username and passwords, access your computer’s camera, hack into other computers through yours and delete your files. It is a file that is hidden within actual legitimate software and installs itself and runs once downloaded.

Viruses: 

A virus is a malicious program sent via email or download with the purpose of infecting your computer and those of all of your contacts. A virus can take over your web browser, turn off your security settings, show unsolicited ads, send spam emails to your contacts and provide hackers with your personal information and your contacts list information. Once your computer is infected anything you connect to it (i.e. USB drive) or send out has the potential of spreading the virus.

Worms: 

Worms do not only threaten computers, but the internet as well. They exist in the memory of your computer, silently, without causing damage to your computer while sending itself to the computers in your shared network. They then spread to those in your contact list and have the capability of shutting down parts of the internet as well as your internal network.

Wi-Fi:

We’ve all been told about the importance of having a strong Wi-Fi password. Here’s why. If a hacker manages to infiltrate your Wi-Fi, they are able to access all of the information you send that isn’t encrypted, they can access your computer and your personal information.

Our next blog will offer information and tips to help you avoid becoming a victim to any of these attacks. In the meantime, here’s a short video on how you can begin to protect yourself today.

Cyber Security Part 1: Terms & Definitions

Many of us are familiar with common cyber security terms such as “hacking” or “malware” but there is so much more out there that we don’t know. In the first of our 3-part cyber security series, we’ll take you through some common cyber security terms and their definitions to help build the foundation for the next part of our series.

Access Control:

Controlling who has access to a computer or online service and the information it stores.

Asset:

Something of value to a person, business or organization.

Authentication:

The process to verify that someone is who they claim to be when they try to access a computer or online service.

Backing up:

To make a copy of data stored on a computer or server to lessen the potential impact of failure or loss.

Broadband:

High-speed data transmission system where the communications circuit is shared between multiple users.

Business Continuity Management:

Preparing for and maintaining continued business operations following disruption or crisis.

Certification:

Declaration that specified requirements have been met.

Cloud computing:

Delivery of storage or computing services from remote servers online (via the internet).

Common Test:

A structure and series of requirements defined by the International Organization for Standardization, that are being incorporated in all management system International Standards as they are revised.

Data Server:

A computer or program that provides other computers with access to shared files over a network.

DMZ:

Segment of a network where servers accessed by less trusted users are isolated. The name is derived from the term “demilitarized zone.”

Encryption:

The transformation of data to hide its information content.

Ethernet:

Communications architecture for wired local area networks based upon IEEE 802.3 standards.

Firewall:

Hardware or software designed to prevent unauthorized access to a computer or network from another computer or network.

Gap Analysis:

The comparison of actual performance against expected or required performance.

Hacker:

Someone who violates computer security for malicious reasons, kudos or personal gain.

Hard Disk:

The permanent storage medium within a computer used to store programs and data.

Identification:

The process of recognizing a particular user of a computer or online service.

Infrastructure-As-A-Service (IAAS):

Provision of computing infrastructure (such as server or storage capacity) as a remotely provided service accessed online (via the internet).

Inspection Certificate:

A declaration issued by an interested party that specified requirements have been met.

Internet Service Provider (ISP):

Company that provides access to the internet and related services.

Intrusion Detection System (IDS): 

Program or device used to detect that an attacker is or has attempted unauthorized access to computer resources.

Intrusion Prevention System (IPS):

Intrusion detection system that also blocks unauthorized access when detected.

Keyboard Logger: 

A virus or physical device that logs keystrokes to secretly capture private information such as passwords or credit card details.

Local Area Network (LAN):

Communications network linking multiple computers within a defined location such as an office building.

Macro Virus: 

Malware (malicious software) that uses the macro capabilities of common applications such as spreadsheets and word processors to infect data.

Malware:

Software intended to infiltrate and damage or disable computers. Shortened form of malicious software.

Network Firewall:

Device that controls traffic to and from a network.

Password: 

A secret series of characters used to authenticate a person’s identity.

Personal Firewall:

Software running on a PC that controls network traffic to and from that computer.

Phishing:

Method used by criminals to try to obtain financial or other confidential information (including user names and passwords) from internet users, usually by sending an email that looks as though it has been sent by a legitimate organization (often a bank)> The email usually contains a link to a fake website that looks authentic.

Proxy Server: 

Server that acts as an intermediary between users and other servers, validating user requests.

Restore:

The recovery of data following computer failure or loss.

Risk Assessment: 

The process of identifying, analyzing and evaluating risk.

Screen Scraper:

A virus or physical device that logs information sent to a visual display to capture private or personal information.

Security Perimeter:

A well-defined boundary within which security controls are enforced.

Spyware:

Malware that passes information about a computer user’s activities to an external party.

Threat:

Something that could cause harm to a system or organization.

Two-Factor Authentication: 

Obtaining evidence of identity by two independent means, such as knowing a password and successfully completing a smartcard transaction.

Virtual Private Network (VPN):

Link(s) between computers or local area networks across different locations using a wide area network that cannot access or be accessed by other users of the wide area network.

Virus: 

Malware that is loaded onto a computer and then run without the user’s knowledge or knowledge of its full effects.

Vulnerability:

A flaw or weakness that can be used to attack a system or organization.

Wide Area Network (WAN):

Communications network linking computers or local area networks across different locations.

Wi-Fi:

Wireless local area network based upon IEEE 802.11 standards.

Worm:

Malware that replicates itself so it can spread to infiltrate other computers.

 

Join us next week for Part 2 of our series where we delve into the popular and vicious forms of attack used by hackers today.

Check out our short video below and learn about the Cino Cyber Safeguard Advantage and how you can protect yourself today!

 

Oracle’s Data Breach May Explain Spate of Retail Hacks

via Fortune.com

Oracle has suffered a data breach within its retail unit.

The cloud giant discovered malicious software on systems running its network of MICROS payment terminals, the company confirmed in an email to Fortune. In addition to affecting hundreds o the company’s computers, the breach affects an online support portal that allows Oracle to remotely address customers’ issues concerning their cash register-connected terminals, Brian Krebs, an independent cybersecurity journalist, first reported on his site Krebs on Security on Monday on Monday, citing people briefed on the matter.

The malware planted on Oracle’s systems enabled attackers to steal customers’ login credentials, Krebs noted. In response, Oracle said it is forcing users of the service to change their account passwords, adding that the beach does not affect its other corporate networks, cloud services and systems.

Read full story.

Every day, the news reports on new cyber attacks. A cyber breach has become so commonplace that terms like “phishing, hacking, malware and ransomware,” have become part of our vernacular. Despite knowledge of cyber breaches, their frequency and that any company, no matter how big or how small, can become a victim, most companies are not prepared to fend off an attack from an amateur hacker, let alone a sophisticated one.

In fact, according to the 2015 Global Cybersecurity Status Report  by ISACA International, only 38 percent of global organizations claim they are prepared to handle a sophisticated cyber attack. That same year, over 169 million personal records were exposed in 781 publicized breaches across the financial, business, education, government and healthcare sectors according to the ITRC Data Breach Reports.

These breaches not only tarnish the reputation of the companies entrusted with the data, it costs them more, A LOT more, which can sometimes include the company itself. The average cost per each lost or stolen record containing confidential and sensitive data is between $154 and $363 per record and climbing making the average cost of a data breach in the U.S $7.24 million per incident. In addition, more victims are taking legal actions against these companies making the cost of the breach skyrocket.

With so much to lose, most companies don’t have any protection in place.  81 percent of data breach victims surveyed in the 2015 Trustwave Global Security Report said they had neither a system nor a managed security service in place to ensure they could self-detect data breaches, relying instead on notification from an external party despite the fact that self-detected breaches take just 14.5 days to contain from their intrusion date, whereas breaches detected by an external party take an average of 154 days to contain.

We have seen first-hand, how devastating an attack can be for a company and have been called in to help companies pick up the pieces and secure their data after an attack has taken its toll.

Because of this, we have developed a comprehensive cyber security program, the Cino Cyber Safeguard Advantage. With this program, we conduct penetration tests and vulnerability assessments to find the weak spots in your system and then create a customized cyber security program based on your company’s needs. In addition, we will educate your staff with cyber security best practices to increase your security and keep your company and data safer!

To find out more about how to protect yourself, click here or call us at 516.932.0317 x309 today.

Hackers Breach Democratic National Committee Due to Ignored Warnings

The recent leak of emails on the eve of the Democratic National Convention has left the party reeling and scrambling to control the damage. Representative Debbie Wasserman Schultz, chairwoman of the DNC, will be resigning at the end of this week’s convention. The leaked emails showed that party officials, who are expected to remain neutral during presidential nominations, attempted to undermine the campaign of Senator Bernie Sanders while favoring that of Hillary Clinton.

The Federal Bureau of Investigation is investigating the attack which, according law enforcement and security experts, may be linked to the Russian government. Russian officials deny their involvement but there is another question looming: Could this breach have been prevented? Answer: yes.

The DNC hired computer security consultants last fall to examine their networks. After a two-month review, the consultants concluded that the computer networks were susceptible to to attack. They were given many recommendations and security advice – which they ignored. In doing so, this allowed the hackers access for nearly a year.

Read more.

This story about the DNC and their inaction leading to a breach is a story that plays around the country every single day. Companies with inadequate or no cyber security program in place are most at risk.  However, they are not the only ones at great risk. Many companies, like the DNC, have a plan in place but do not act, perhaps out of a lack of education or because they simply think a breach couldn’t happen to them.

We have seen this happen for years and have developed a solution to combat this threat. The Cino Cyber Safeguard Advantage program is a comprehensive security program designed to protect your company from breaches like these. We begin with penetration testing in which we attempt to gain access to a system in order to expose its vulnerabilities. We then assess the results and customize a cyber security program based on your needs to protect your system. In addition, we train your staff and teach them good practices that will help them prevent inadvertently exposing the company to threats, which is why a vast number of breaches occur.

Learn more about the Cino Cyber Safeguard Advantage program.