Why Would Someone Want to Attack Me?

We see a lot of headlines in the news, but it stems from the nation states attacking.      Youtube video from Black Hat Asia2018

China attacks specific companies.

Russia also attacks in cyberspace and it culminated when Russia attacked Estonia 2008, also the next year a military physical attack in Georgia with a Cyberspace attack as well.

Snowden disclosed the US attack of Stuxnet into Iranian centrifuges.

This is a ‘right’ of the nation state attackers using their knowledge of Zero Days and encrypted keys.    Where the nation states say it is their right to attack other nation states, because “no one will know” as it is not a physical attack.

Except this culminated in a Russian attack on power infrastructure attack where Estonia lost power for several days.

The side effect of Stuxnet was that other hackers(criminal etc) figured out how the attack was done, then investigated this possibility and eventually was able to create a new attack with malware for ransomware.

So what does this mean? It means that attackers  will eventually figure out the defensive flaws that one normally cannot see or notice.

the actual methods of inserting programs are varied, sometimes the user allows the software to run with spearphishing or just clicking on the wrong site on the Internet.

Above picture is from “Decentralized malware youtube video“.

 

The trust the private sector has in their computers between customer and company is not in the thoughts of nation-states attacking each other.

A side effect of nation states attacking each other is the need for better defenses for all, since we are all on the Internet. Once the knowledge of attacks comes out of the shadows the criminal hackers take a little bit of time and develop the attacks also.

So you may not look like you have anything to attack, but if you are on the Internet you will be attacked.

 

The only thing you can do is to create a defense that can handle even sophisticated attacks.

Contact us to discuss this phenomenon.

 

 

As Technology Changes Faster “Remember The Basics”

I like Jonas Bjerg’s YouTube video of “How Abundance Will Change The World”

Elon Musk  predicts 100 Gigafactories in the world(of which he will build 4)

Peter Diamandis  and Elon were at the World Government Summit 2017.

Cost per Genome is going down and has gone down exponentially.

Quick review of video: ‘So robots will take over, the world will have abundance and people will lose meaning (having lost their jobs)’.

So what will happen to friction of all this? When have you known people to actively agree 100% with how technology has gone along?  As usual there is no thought to security.

What about crime?

I know, I am in Cybersecurity field, and to me it is simple to see, when “some” people lose their jobs to robots, they may become hackers and either create new crime syndicates, or work for an already successful syndicate.

Maybe I want to make more money than from the Universal Basic Income that some are proposing once many of the drivers and doctors are out of a job. How will I make more money? by figuring out a way to get a piece of the cyber slice$ that is around “in abundance”

Then we have a Dark Reading post ‘Back to Basics’ Might be your best Security weapon

Here Lee Waskevich’ commentary points out what I have said for many blogposts: We must focus on the basics first then we can point out the more advanced issues.

So let’s train our employees to find the scams in our mailbox (email and mail)  SCMagazine points out a survey that found 32% of Britons would become a money mule for criminals.  The issue is that unemployed people talk themselves into many things, especially if they have no previous arrest records.

In this Blog we know that people do illegal things and companies and people must defend themselves appropriately. Even as technologies become increasingly complex with more robotics and electrification of everything. (I always wonder why we focus on Cybersecurity AFTER a breach has occurred).

Let’s put 10% of our efforts into Cybersecurity and then we will be better off. Contact Us to review your Cybersecurity profile.

Ok, that’s good, but what about the Crypto Currency craze? There will and are thefts here – Hot for Security has a story on how $400k was stolen in BlackWallet application using DNS, and as you can see right now 1/16/2018  13:30 the site is down.

So what does that mean? If you are involved with money and even crypto currencies you better be testing your environment for cyber attacks.

How Do We As Consumers Get companies More Secure?

Every week there are more hacking incidences.

There is a serious problem – a significant number of people and companies are not doing what is necessary to prevent Cyberattacks. This is also a moral weakness, and is a function of misunderstanding Cybersecurity and human nature.

The problem we have is that everyone needs to be better at cybersecurity. So it is a colossal misunderstanding of the nature of Cybersecurity.  This is compounded by Hollywood’s portrayal of hackers and hacking events.

Kevin Mitnick was an early  hacker (before 2000) and got caught – convicted, now he is a consultant.

Hollywood makes hacking mysterious and easy for certain people, but this is a fantasy world. And of course there is no explanation as to how one can defend against hackers.

In my mind (as an ethical hacker and computer professional of 20 years) this state of Cybersecurity affairs will not get better until a paradigm shift.

It would be nice if everyone understood at least the basics, as I have many posts on this topic.

Let’s try and push the companies to do the right thing.

Why are Companies not protecting their computers the way they should?  Misunderstanding and psychology, but what can we do to change their minds?

(from an old post an infograph by Small Business trends)

As a small company if you do not do what it takes, then you may go out of business if you literally lose your data tomorrow. The reason for this is that backups are not what they seem.

Apparently the knowledge of potential failure in the future(due to bad decisions) is not enough for 22% or more ( in some surveys) of companies. This is a huge number and will keep the criminal hackers fed forever. So how can we change that?

All Cyber-consumers should demand Cybersecurity done right from all companies we do business with.  And since it is 2017(almost 2018) and we depend on computers and what the convenience does for us, we should all be interested in making sure only what we want to get done gets done.

So we have to ‘help’ the companies which we depend on to keep operating – like restaurants, banks, hotels, and many other seemingly innocent companies (let’s not discuss government and Equifax), as we are talking about all small businesses, the accountants, the lawyers, the plumbers, HVAC, everyone large and small. All except the public companies, as they _have_ to have somebody taking care of business. It is only the companies that do not “have” to do that don’t in sufficient numbers

What if you could “know” that at least a minimum of processes were done to at least prevent a catastrophe if something does happen? What is that worth to you?

Would you do business with someone if at any moment they can have a catastrophic event and then go out of business?

Sure it should be where we do not have to think about this Cybersecurity thing and thus it “Ought” not to cost anything, but it we do not live in fantasyland like Hollywood.  Do you know why it costs? Because ransomware has changed the game. It used to be when hackers were  just annoying, like spam. But now criminal hackers are making serious money and thus they will continue to do it until we stop them cold. As I have mentioned in the past this is an uphill struggle though since human nature is to ignore the problem and  this has been proven in the fact that 25% of people do not patch their computers.

So let’s repeat: If one does not patch your computer, your computer(or device) becomes vulnerable to malicious software, then it has a higher and higher chance of getting hacked every month it does not get patched.

So eventually it is a beacon for bad software to come in, and very soon (like a year or 2) ransomware will  test your cybersecurity defenses. This problem will get worse until we can peer pressure everyone into  getting Cybersecurity audits from CISA certified professionals.  Like us.

Contact us to help you get up to snuff, or to get a neighbor company up to snuff.

We are going to have an Oversitesentry seal of approval so that everyone that is doing the basics can at least sleep a bit better about their future.