April 27, 2020

https://www.infosecurity-magazine.com/news/brits-up-for-reporting-phishing/

I chose this article because it is documenting a defense mechanism that is being used to combat the rise in malicious sites and email. Though this has only been developed in the United Kingdom, int could easily be implemented elsewhere.

SERS was co-developed with the City of London Police in order to take down malicious sites. It also brings support to UK policing by providing live-time analysis of reports as a way of identifying new patterns in online offending. In its first day alone, they received a shocking 5,151 reports of suspicious emails thus resulting in 83 scams promptly being ended. “The immediate take-up of our new national reporting service shows that the UK is united in its defense against callous attempts to trick people online,” said NCSC Chief Executive Officer. The recent malicious attacks had been a result of the outbreak of COVID-19. This can be seen in almost every country in the world. This past month, the service has removed more than 2,000 online scams that were related to the coronavirus. This would include 471 fake online shops selling items allegedly related to the virus. NCSC makes it easy for scam site as well as their emails to be detected. Sites that are found to be phishing scams are removed immediately. 

What can be learned here is that great steps are being taken in Europe in order to ensure the safety and security of their citizens. I think this should try to be implemented here in the use because we are seeing the same spikes in scams.

April 29, 2020

https://cio.economictimes.indiatimes.com/news/digital-security/automation-at-facebook-making-cybersecurity-staff-redundant-report/75445495

I chose this article because Facebook has faced a lot of scandal in recent years due to the mishandling of user data. They have seen numerous breaches that have left millions vulnerable. However, they are attempting to win back their trust by adding more forms protection.

Facebook has reportedly shaken up its cybersecurity team by investing into an automation to identify and address cyber breaches on its various platforms. This has resulted in the displacement of more than 24 people; with the numbers growing each day. After the Cambridge Analytica scandal, Mark Zuckerberg said Facebook would double its security staff by adding contractors, especially within the file of security engineers. He wanted to double the workers from 10,000 to 20,000 employees. According to a report in The New York Times as well as a number of employees, the social networking giant “has dissolved and dispersed its security group over the last two years”. They have been replaced with a system that sends out automatic alerts for cyber breaches. This switch can found at their offices in London, Seattle and Menlo Park. He ensures that this has been done in order to strengthen the areas within the organization that need the most attention. Due to the growing fake news and misinformation era of media, Facebook has also launched a bug bounty program. This system rewards cybersecurity experts for finding and reporting third-party apps that have been accessing Facebook user data inappropriately.

What can be learn from this is that Facebook is trying its best to regain the trust of its users. It is also trying to amp up its ways of protection to stop anyone breaches of user data. Though it has displaced some of its workers, in a way it is making the inside stronger. This way it is kind of fool proof.

April 23, 2020

https://triblive.com/local/regional/social-media-games-can-open-the-door-to-cyber-crime/

I chose this article due to the increased amount of social media usage as a way to stay connected at home in the wake of the pandemic. I will say, as a said note, it has gotten increasingly difficult to find articles that do not reference the state of the world right now but, I digress. The FBI is warning that the social media games so people may be engaging in online could be benefiting identity thieves.

According to the article, there has been a trend on Facebook to post your high school graduation pictures as a gesture of support for the Class of 2020. Those who are sharing these images with their ‘friends’ may also, unknowingly, be sharing the name of their school, the year they graduated and their high school mascot; all of this can be gathers just from one high school graduation picture. Due to these all being common security retrieval questions for password-protected online accounts, hackers can use this newfound information to reset security questions and gain access to those accounts. They go to mention that while a lot of these trends are in good fun and a great way to stay connected with friends, you should watch out if it involves posting your first car, the name of your first pet, the street you grew up on or tagging your mother that could reveal her maiden name. This becomes a harboring ground for cybercriminals to possible hack your account, take the information, and sell it on the dark web.

What can be taken away from this is to be careful what you post while staying connected at home. It is a great time to share stories of high school along with your pictures to help reminisce, however do not post too much information. Maybe stray away from telling any details that you know align with any security codes. Though this is not the first thing to come to your mind, pay attention for right now.

April 20, 2020

https://www.zdnet.com/article/ai-is-changing-everything-about-cybersecurity-for-better-and-for-worse-heres-what-you-need-to-know/

Artificial intelligence is a growing industry that has a lot of promise. I chose this article because it highlights how AI is play a key role in cybersecurity. It can use security tools for the purpose of analyzing data from millions of cyber incidents. It also has the capabilities to use these same tools as a way of identifying potential threats. So, if an employee account begins to act strangely by clicking on phishing links, it would detect the malware. However, as stated in many of my posts, cyber criminals think of everything. They can easily use and exploit these same tools in order to get their way.

Though AI and machine learning is great for uncovering new malware due to its ability to draw upon information about any form of malware that’s been detected, there is also a tipping point. Due to the software being coded to spot shifts, the AI-based network-monitoring tool can also be used to track what users do on a daily basis; this in turn builds up a picture of their typical behavior. So, the author points out that hypothetically, “cyber criminals could develop self-learning automated malware, ransomware, social engineering or phishing attacks.” They go to mention that though they may not have access to the deep wells of technology that cybersecurity companies have, they do have the capability to find a code that can provide cyber criminals with access to these resources. They already be starting because just last year it was reported that criminals used AI generated audio to impersonate a CEO’s voice in order to trick employees into transferring over €220,000, or $243,000, to them.

What can be learned from this article is that there are new technologies being developed in order combat cyber criminals however, it is disappointing that they may have found a way to one step ahead yet again.

https://www.dailymail.co.uk/sciencetech/article-8221407/Netflix-users-targeted-cybercriminals-COVID-outbreak.html

April 16, 2020

With everyone staying home I thought this would be an interesting topic. The go to websites most people have been visiting lately are YouTube, Hulu, Netflix and maybe Disney Plus. But, Netflix has definitely seen a rise in viewers especially with Tiger King. So it makes sense that scammers are using the name of this giant in order to steal the money of innocent people in the wake of these stay at home orders.

According to the article, “fake Netflix sites are created by criminals who are looking to steal money from viewers hoping to access Netflix content by entering their billing information.” They achieve this by promising 4k video at a shockingly low price. This reels some people in because in certain countries the video quality has gone down in order to compensate the amount of people on the site. The scammers have also made it seem as though Netflix is lowering their prices as a way to make them “update” their credentials. The number of fake Netflix sites has risen by forty percent in the past month. As I said in last weeks post, almost two million dollars has been lost to coronavirus-related fraud across England, Wales and Northern Ireland alone. I wonder how many people are being affected by this throughout the world.

What can be learned from this is to be aware of what you are clicking. Since there are so many fake Netflix sites popping up, make sure the one you are clicking is actually Netflix. I also think it would be smart not to do Netflix party because it isn’t actually through Netflix so, it could easily be hacked to steal information.

https://www.nextgov.com/ideas/2020/04/intersection-cyber-crime-and-coronavirus-stimulus-perfect-storm-fraud/164552/

April 13, 2020

I chose this topic due to the coronavirus relic stimulus check that many Americans were granted this week. According to the article, this may become a breeding ground for cyberattacks. The authors believe that hackers may try to perform many acts of data breaching in order to steal a persons identity. They then go to warn the multitude of ways they may go about getting this valuable information.

There has been a spike in phishing emails in the wake of these recent events. Malware authors have been “purporting to be from governing bodies, such as the Centers for Disease Control and Prevention, the World Health Organization and others, these emails can look and feel very real, making them more successful.” So, if the victim sees that such creditable sources are emailing them regarding the pandemic they sadly feel inclined to believe it is real. The scammers use the responding email in order to receive their bank information or to install software in order to steal it themselves. They are doing this make even more money by selling the information on the dark web. The article also believes that normal people may turn to doing this as a way to make money because there are how to guides out on the internet at the moment; which is terrible and they should be taken down.

What can be taken away from this article is to be careful when responding to emails. Don’t give up your personal information and if you did not email or sign up for email alerts about a topic, do not reply. People are preying on fear so be careful.

April 9, 2020

https://nypost.com/2020/04/08/teen-arrested-after-zoom-bombing-high-school-classes/

Zoom has become the new classroom and boardroom in the past weeks and what has also come with this is a string of new ‘hackers’. I chose this article in light of the transition many people are making across America in order to continue business as usual. there phrase Zoom bombing has been used in the media a lot lately. This is when an unwanted guest joins a video call with an intention to disrupt and harass. Which doesn’t seem that serious to be considered a crime however, a teen in Connecticut was arrested and charged with committing fifth-degree computer crime, fifth-degree conspiracy to commit a computer crime and breach of peace.

To further explain, the teen would enter the online classes and intentionally interrupt them with “obscene language and gestures”. So the school is now forced to use Google Meet in order to have a more secure space to continue teaching their students. Zoom is stated saying, ” it takes the security of meetings seriously and encourages users to report any incidents directly to Zoom.” However, they also have been downplaying the issues arising by calling the ‘hackers’ party crashers. I will say I have seen Tik Toks of people purposely entering Zooms for a joke but its all in good fun. But, when they are using these platforms to “make threats, interject racist, anti-gay or anti-Semitic messages, or show pornographic images”, they need to be charged like the teen in Connecticut.

What can be taken away from this is to use a password on your Zoom meetings. This will ensure that those attending the meeting are actually suppose to be there. “The company suggested that people hosting large, public meetings confirm that they are the only ones who can share their screen and use features like mute controls.” This is a great suggestion however, they should update their systems to ensure that these things don’t happen.

April 7, 2020

https://www.forbes.com/sites/daveywinder/2020/03/19/coronavirus-pandemic-self-preservation-not-altruism-behind-no-more-healthcare-cyber-attacks-during-covid-19-crisis-promise/#3cc1884b252b

I chose this article because I was stunned that some cybercrime groups are publicly stating that they will not target healthcare organizations throughout the duration of the pandemic. For weeks there have been websites, links, and articles thats only purpose was to play on fear as well as the need for information in order to “spread malware and defraud victims.” So why would groups that are known for relinquishing ransomware suddenly turn a new leaf and should those in healthcare take their word seriously.

Before I overview the important details in the article, I would like to input my opinion. I believe that healthcare organizations should take this truce with a grain of salt and have their security systems on high alert because this seems a little too odd. As stated, the government has already seen COVID-19 infection distribution maps laced with malware appearing across the web. In response, Lawrence Abrams contacted tased several cybercrime organizations with the simple question of: ‘will you continue to target health and medical organizations during the COVID-19 pandemic?’ The DoppelPaymer cybercrime group “has said that if a medical or healthcare organization does get hit by mistake, then it will provide a free decrypter code. “If we do it by mistake, we’ll decrypt for free”. The same can be same for the group Maze. However, they did not say they will not attack pharmaceutical companies.

https://www.bankinfosecurity.com/fbi-cybercrime-gang-mailing-badusb-devices-to-targets-a-14029

I chose this article because the whole situation is quite odd. A group is mailing they victims a USB along with a teddy bear as well as a supposed $50 gift card to Best Buy. The letter attached to the items once stated, “You can spend it on any product from the list of items presented on a USB stick.” What shocks me is that people actually take these strange items into their home and even worse proceed to insert the USB into their computer. I personally would throw everything in the trash and possibly keep the gift cars however, I would still be very hesitant on doing that. But, what happened to the individuals who actually took the ‘gift’ into their home?

According to the article, the USB is actually a BadUSB. It gives the attacker the ability to bypass endpoint anti-virus tools and gain remote access to any system. This specific device that was ‘generously gifted’ was a malicious USB keyboard preloaded with keystrokes thats ultimate go was to download malware onto the victims computer. “The FBI says the domains or IP addresses that the device pings then push a copy of Griffon malware back to the device, which has been previously attached to phishing emails sent by FIN7. Potentially, the infected system can also give attackers a stepping stone to the rest of a corporate network.” There has yet to be a solution to this issue but hopefully it comes soon.

What can be learned from this incident is…DONT TAKE WEIRD ITEMS INTO YOUR HOME. And if for some reason you choose to do so, do not put the USB int your computer.

https://www.itpro.co.uk/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year

April 2, 2020

I chose this article because of the shocking number of Britons who have fell victim to cyber crime just in the past year. 16.5 million brits were prey for online criminals and what is even worse is that the number is expect to rise due to COVID-19. In total, there was a financial loss of 1.4 billion euros. So, it is comes as no shock that NortronLifeLock decided to evaluate the scope of cybercrime found within the UK. The company also took note of their attitudes in regard to their cyber safety and privacy as well. “It found that seventy-nine percent of UK consumers believe they do not have any control over how their personal information is collected and used by companies, while nearly two-thirds or sixty-four percent find it impossible to protect their online privacy.”

It is great to note that many of those affected are willing to put more effort into protecting their personal information. I also think this is the biggest lesson that can be learned from this awful situation. As the awareness of data privacy issues grows, it has the effect of pushing people in the logical direction to protect themselves. The article notes that some individuals feel like they don’t know how to go about “safeguarding” their information, but with the proper research it is possible. If they really want to save themselves the hardship of undoing everything the criminal managed to hack into, they should take the time to educate themselves on the precautions they can take.