Security Briefing 11.7.16
Every day, every week there is always something new coming into play in the realm of Cyber Security. In today’s world this is the hottest topic in the IT industry, mostly because everything we do these days involves some computer based equipment, and cyber criminals are plentiful, attempting to take advantage of anyone and everything. Even within the medical industry- hackers are targeting patients with cardiac implants, which is a potentially life-threatening attack.
E-mail breaches are not limited to the United States. A Ukraine-based group is playing with fire; they claimed responsibility for stealing 2,000 emails from Putin advisor. Historically, Russia handles things a bit differently than the U.S. does, so this could be an interesting one to follow.
Some groups, like Apple, are willing to give white-hat hackers (the good guys) some cash if they help uncover potential security flaws. This is a great plan- most of the time. Recently though, an 18-year-old from Arizona was arrested after iOS the exploit he was trying to find hammered local 911 service. He knew it was wrong, but there was little he could do about it after the exploit was public.
In modern times, one can buy almost anything ‘as a service,’ meaning that you pay a fee for something to happen, be it physical or virtual. It comes as no surprise that some criminals are looking to capitalize on this, selling what has been coined as ‘Scamming as a Service.’ It is exactly what you think it is—people are selling their services to scam others. Let’s hope this one doesn’t gain too much traction.
A fake ‘Security Essentials’ download is making the rounds on the internet as of late. This ‘branded by Microsoft’ software will give you the dreaded blue-screen-of-death with a catch – there’s a phone number at the bottom to call. Spoiler alert, Microsoft will never give you a phone number to call.
Did you know that 15% of all routers use weak passwords and 20% have open telnet ports? This is a large reason for the massive internet outage two weeks ago; ‘Internet of Things’ devices were compromised and used in distributed denial of service (DDoS) attacks.
Have you heard about hackers exploiting St. Jude’s cardiac implant devices? This article, along with evidence from the well-known cyber security firm Bishop Fox discusses how cyber criminals are targeting these individuals, allowing for the possibility of the devices to stop functioning at potentially fatal times.
A recent trend in hacking is taking hackers away from systems and toward social engineering. It is significantly easier to compromise a person than it is a secured system. Targeted phishing attempts are on the rise. The BEST way you can combat this is to not open email attachments from people you do not know and have secure passwords that only you know. Another good security tip is if you use a service that has the ability for 2-factor authentication (where you have a password to login, but then your cell phone receives a text message/phone call with a code to verify it is actually you), turn that on.