Category: securitycommunity

Phishing #1 Attack – Includes Email Scams

Have you received an email saying your password has been stolen in broken English?

Subject: "Security Notice. Someone have access to you system"

As you may have noticed, I sent you an email from your account.

This means that I have full access to your acc: On moment of crack (youremail@youremaildomain.com)  password: jfwqu6qoizxahofj0qkw

You say: this is my, but old password!
Or: I will change my password at any time!
Of course! You will be right,
but the fact is that when you change the password, my malicious code every time saved a new one!
I've been watching you for a few months now.
But the fact is that you were infected with malware through an adult site that you visited.
If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence from e-mail and messangers.
Why your antivirus did not detect my malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.
I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.
If you want to prevent this, transfer the amount of $770 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin").
My bitcoin address (BTC Wallet) is: 1MrUDSrZiqD3ijxsBUPt2SukoFy534orP2
After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

—————————————————–

So this trickster extortionist  actually makes several mistakes (besides the spelling errors).

First of all the email says ” As you may have noticed, I sent you an email from your account.”  there is a basic issue with this statement.  All email can be ‘spoofed’ thus making it a form of spam. Spoofed means all text in the ‘From:’ means nothing it can be changed to whatever the spammer wants to make it look like.   (In fact you can change your From field yourself if you choose as an experiment)

So if your email is “youremail@emaildomain.com” then the spammer can make it look that way.

 

The other problem the spammer sextortionist has is they have to make assumptions of a video camera that is on the computer.

What if there is no video camera on the computer? then how can the video sextortion work?

So the scammer makes several assumptions:

  1. you don’t know about From spoofing
  2. ignore misspelling and bad grammar
  3. email owner used porn
  4. email owner has videocam functioning on the computer
  5. at one time there was a password that is included in email
  6. knows enough about bitcoin or can learn how to transfer money into bitcoin

Those are a lot of assumptions, and on top of that the scammer is leaving an electronic trail in Bitcoin or at least how they access bitcoin(we will not go into detail of how this is done). The scammer leaves an electronic trail as to how they access bitcoin to experienced investigators, which is why you should goto bitcoinabuse website and file a report (link below).

One thing people should do is to see how many others this has happened to and to decide what to do from here  Internet Storm Center  also had one of these (i.e. google or startpage.com a portion of the email and see what comes up).

 

What did I do you may ask?  Of course you NEVER pay the extortionist.  But one can also help the Internet denizens to reduce this type of email:  goto Bitcoin Abuse website

Go to the website and File a report by adding the bitcoin address that is included in the email so that law enforcement and other people who track and try to find these spammers can start to do something about it.

Or you can View a report with the bitcoin address to see how many others has this email gone to??  check the FAQ on bitcoinabuse.com

Above image is from Bitcoinabuse FAQ

We at oversitesentry and fixvirus.com help others with a variety  of Internet Security issues.

Update 02/02/2019 (Groundhogs Day)   Sextortion Follow the money part 3 – The Cashout begins!

So the short story is the scammers have accumulated a lot of money in hundreds(434) Bitcoin addresses which slowly started to move the money into a few addresses, as much as $21.5mil  plus $18.5mil .  Then from there the bitcoin addresses will be “mixed” so experts like in the link above will not be able to tell where the money goes (anonymity) using bestmixer.io.

So again please do not pay these scammers if you receive an email like the one included in this blog.

Back To Basics in 2019 – Must Have Cybersecurity Issues

What was different about 2018 that will confound us in 2019?  Is there anything new in 2019 that will cause problems for us?

By ‘us’ I mean businesses trying to keep going with their business lives. I.e. run your business, try to make profits, grow product lines or services.

None of us are in tune with new technologies that can be used to upend  our current world that we live in until it is too late and we have to play catch -up. In 2007 how many people actually went and bought a smartphone before it was obvious everyone was going to get one?

This next picture is of an IBM Quantum computer as written about in Wired UK among others:

If you have not heard your computers and phones are built on an old architecture(from the 50’s and 60’s) The quantum computer is a new architecture much faster the current binary machines.

What can possibly be created with a quantum computer?

  1. Unbreakable encryption for one.
  2. Artificial Intelligence and Machine learning (similar yet different)
  3. Molecular Modeling and other sophisticated modeling
  4. Optimization programs
  5. Financial Modeling
  6. Sophisticated new attacks on hardened targets

My point is not that a new Armageddon is coming, it may be but most important is that new days may bring new challenges, and you have to be ready to take them on.

Most important you must take a little time to review new technologies and techniques to see if these methods can create security headaches for your organization.

Practically though the place where we all will get hit is regulations. As more high profile cyber attacks make inroads in organizations the regulations will make life more difficult(more paperwork).

More paperwork means risk based analysis and scanning / audits of networks and computers.

End result is we need more vigilance even if our computers are in “the cloud”.

In the above AWS youtube video   some common sense:

The first thing any auditor will want to see is your documentation.  What is your documentation? Do you have a security policy? Do your employees read it and sign off on it? I.e. is Cybersecurity at least a little bit important?

We are in the business of Computer Cyber audits to help your business be more secure and thus handle the coming challenges in 2019 wherever they may come (technological or regulatory).

Contact Us to discuss

 

Why Would Someone Want to Attack Me?

We see a lot of headlines in the news, but it stems from the nation states attacking.      Youtube video from Black Hat Asia2018

China attacks specific companies.

Russia also attacks in cyberspace and it culminated when Russia attacked Estonia 2008, also the next year a military physical attack in Georgia with a Cyberspace attack as well.

Snowden disclosed the US attack of Stuxnet into Iranian centrifuges.

This is a ‘right’ of the nation state attackers using their knowledge of Zero Days and encrypted keys.    Where the nation states say it is their right to attack other nation states, because “no one will know” as it is not a physical attack.

Except this culminated in a Russian attack on power infrastructure attack where Estonia lost power for several days.

The side effect of Stuxnet was that other hackers(criminal etc) figured out how the attack was done, then investigated this possibility and eventually was able to create a new attack with malware for ransomware.

So what does this mean? It means that attackers  will eventually figure out the defensive flaws that one normally cannot see or notice.

the actual methods of inserting programs are varied, sometimes the user allows the software to run with spearphishing or just clicking on the wrong site on the Internet.

Above picture is from “Decentralized malware youtube video“.

 

The trust the private sector has in their computers between customer and company is not in the thoughts of nation-states attacking each other.

A side effect of nation states attacking each other is the need for better defenses for all, since we are all on the Internet. Once the knowledge of attacks comes out of the shadows the criminal hackers take a little bit of time and develop the attacks also.

So you may not look like you have anything to attack, but if you are on the Internet you will be attacked.

 

The only thing you can do is to create a defense that can handle even sophisticated attacks.

Contact us to discuss this phenomenon.

 

 

In a Russian Conflict: Cybersecurity another Dimension of Attack

(((4/19 update below)))

In that cybersecurity is another Dimension of attack  (versus Dimensions: Land, Air, Sea, and Space) how would we be affected by this dimension?

In Land one sees their foe most of the time, and if the enemy wants to take your stuff they have to physically take it.  (Or they try and send munitions instead via Artillery with limited range).

In Air one can take troops up and over your land and enemy land forces to drop them and take stuff. Munitions are able to  drop from remote areas, but one has to send missiles and airplanes where radar can see them.

In Sea one can move around with ships or submarines to drop people to take stuff. The munitions are sent via devices as well which are physical.

Space is also a dimension which although in a unique area, is also a physical dimension with physical munitions.

In Cyber how do you know if the enemy is not already in your  systems.  There is no need for enemy soldiers to leave their homes or their barracks, they can attack your infrastructure without moving. Control of your computers can be done automatically and it can look like a third party attacked.  Cyber has an electronic dimension so the fact that it is not as physical “or real” has made understanding this dimension more difficult for some.

So what does this mean? It means if you understand how to navigate a command line or can read custom code you can understand this phenomenon (Cyberwar) in ways a non speaker is not capable:

Maybe this analogy will help:

You know in Physics there is Height, width, and length?

What about the fourth dimension(and not time) :

It is hard for us 3D people to think 4D.  So that seems to be the same for people who do not live in Cyber, they just DO NOT get the details!!!   It does not matter how much I try to explain the details, 4D is too much of a leap for some.

 

So I think Cyber is just too difficult or maybe a better word is ‘strange‘ of a concept for many people.

 

****UPDATED 4/19 12pm Central******

An interesting story about Russia attacking US and UK routers…

https://mashable.com/2018/04/17/russian-router-warning-us-uk/#slGg.DbuWsqF

Remember my post on 3/13/18?  http://oversitesentry.com/replace-your-wi-fi-router-if-2yr-old/

some good quotes from the mashable article:

‘These “cyber actors” are identifying vulnerable devices to break into, where they can extract device configurations, harvest login details, and control the traffic that goes through the router.’

 

A quick review from my post  — you can’t patch older than 2 years routers, as they are not being patched by manufacturers.

********************************

The compliance departments are reverse engineering the effects of a breach and Cyber understanding.   It is too difficult to decipher code, so we say don’t perform CC processing without encryption.  We don’t say what the encryption is and how it should be sent. There are many more pitfalls for a manager without technical knowledge.

If Hackers can steal data of your prized customers with a thermometer, then what else can they do?

So what to do? Create Cyber audits to review the IT world in your entity. Otherwise you will see headlines that you will not like.

Contact Us to discuss

 

 

Risk Management Should Be: Known Threats Evaluated – Find Unknown Threats

It is a known fact that Risk management looks in the known facts department.  As we try to evaluate what issue to focus on.

Nowhere is this Security as last point of order more evident than in the Cryptocurrency markets being created with ICO’s (Initial Coin Offerings).

You would think that when setting up an ICO which is based on a Cryptological currency the security of the venture would not be an afterthought. But it apparently was several times as stated in ZDNet article  Cryptocurrency Catastrophes of 2017.

wallet addresses were changed on websites and million$ were stolen in the form of ethereum coins.

I am not interested in the Cryptocurrency market, but am interested in human psychology and efforts. In this new field it apparently does not dawn on many CEO’s of these new entities that security should be a central tenet in their business model. Especially since their venture is completely digital, i.e. constructed in a computer.

We as humans have a hard time with focusing on security. As it is hard enough to create an ICO and a cryptocurrency so when it is time to develop the website to sell  or manage cryptocurrencies the security is an afterhought?

Why are we always behind?

  1. July – Coindash ICO $7.4mil stolen
  2. Veritaseum’s ICO $8mil stolen
  3. Parity  wallet  $30mil stolen
  4. November: Tether $30.9 mil stolen
  5. User found vulnerability and exploited it thus freezing $160 mil in funds.

There were a bunch of scams as well, but those I am not interested in. So $76mil were stolen and $160mil frozen due to a lack of preparedness and misunderstanding of Cybersecurity.

Why is it we always focus on cybersecurity after something happens? After an issue occurs, thus making it known.

 

The problem we have in Cybersecurity is to focus a little bit of our time and effort before known issues come into being.

Contact Me to discuss this in detail as we can forge a path forward in this new digital age.